asked on
Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server
Running dcdiag /v gives me the following warning
A warning event occurred. EventID: 0x00001796
Time Generated: 09/17/2018 18:28:17
Event String:
Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server.
NTLM is a weaker authentication mechanism. Please check:
Which applications are using NTLM authentication?
Are there configuration issues preventing the use of stronger authentication such as Kerberos authentication?
If NTLM must be supported, is Extended Protection configured?
Details on how to complete these checks can be found at http://go.microsoft.com/fwlink/?LinkId=225699.
https://groups.google.com/forum/#!topic/microsoft.public.windows.server.active_directory/ISLY7NnqV-Y
Thanks for posting here!
There is a policy for this stuff.
Computer Configuration
-Windows Settings
--Security Settings
---Local Policies
----Security Options
Network security:LAN Manager authentication level
You may choose to "Send NTLMv2 response only\refuse LM & NTLM"
If you want to apply this to a domain, configure it at the default domain
controller policy.
Or you may configure it to your whole domain as well.
The Kerberos is the default mode and cannot be disabled and thus no need to
configure to allow it.
Hope it helps.
Have a great day!
Best Regards,
Jeff Qiu
Microsoft Online Partner Support
MCSE 2k/2k3, MCSA 2k/2k3, MCDBA
Get Secure! - www.microsoft.com/security
Windows Server 2016 Network security:LAN Manager authentication level setting is not exactly in the same location as described but the setting is undefined.
Jeff says Kerberos is default so I assume Network security:LAN Manager authentication level as undefined means I am running Keberos.
Can I ignore this warning?
A warning event occurred. EventID: 0x00001796
Time Generated: 09/17/2018 18:28:17
Event String:
Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server.
NTLM is a weaker authentication mechanism. Please check:
Which applications are using NTLM authentication?
Are there configuration issues preventing the use of stronger authentication such as Kerberos authentication?
If NTLM must be supported, is Extended Protection configured?
Details on how to complete these checks can be found at http://go.microsoft.com/fwlink/?LinkId=225699.
https://groups.google.com/forum/#!topic/microsoft.public.windows.server.active_directory/ISLY7NnqV-Y
Thanks for posting here!
There is a policy for this stuff.
Computer Configuration
-Windows Settings
--Security Settings
---Local Policies
----Security Options
Network security:LAN Manager authentication level
You may choose to "Send NTLMv2 response only\refuse LM & NTLM"
If you want to apply this to a domain, configure it at the default domain
controller policy.
Or you may configure it to your whole domain as well.
The Kerberos is the default mode and cannot be disabled and thus no need to
configure to allow it.
Hope it helps.
Have a great day!
Best Regards,
Jeff Qiu
Microsoft Online Partner Support
MCSE 2k/2k3, MCSA 2k/2k3, MCDBA
Get Secure! - www.microsoft.com/security
Windows Server 2016 Network security:LAN Manager authentication level setting is not exactly in the same location as described but the setting is undefined.
Jeff says Kerberos is default so I assume Network security:LAN Manager authentication level as undefined means I am running Keberos.
Can I ignore this warning?
NetworkingWindows OSWindows 10AzureWindows Server 2016
Last Comment
techcodr