NTLMv1 and NTLMv2

I have an application that uses only NTLMv1 for LDAP and AD integration, is there a way to make sure that our domain controller is using NTLMv1?  

I also need to configure settings on my server so I can find out if this is the problem but I am not sure how.  This is what the software vendor sent me.. - you need to configure the server / active directory to Audit one of the following errors: Login Errors / NTLM errors / Domain or AD errors.

Thanks,
Michael
mwebb_sdmcAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

TheCleanerCommented:
You can set your domain controllers in the GPMC for the Default domain controller policy.

The setting is:

Computer Config >> Windows Settings >> Security Settings >> Security Options >> Network Security:  LAN Manager authentication level

You can set it to something like - Accept LM and NTLM - use NTLMv2 when negotiated

See here as well:  http://support.microsoft.com/kb/823659  (look at item #10 about that setting...it's got a lot of information)
0
TheCleanerCommented:
Oh...also for the "auditing", in that same Security Options GP area, the audit policy should have auditing for success/failure for logon events.  That would tell you if they are failing to logon due to NTLM.
0
mwebb_sdmcAuthor Commented:
Is this gpmc different from the default domain controller security settings?  I changed it in there?

Thanks,
Michael
0
TheCleanerCommented:
the GPMC is the Group Policy Management Console.  Easier to administer and get around in.

You can download it here:  http://www.microsoft.com/downloads/details.aspx?FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&DisplayLang=en

Then you change the "Default domain controller policy"

(and yes, it's the same as what you saw in the default domain controller security settings)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.