cancel
Showing results for 
Search instead for 
Did you mean: 
Troja
Level 14

Customizing NTLM Negotiation adequate to Microsoft Group Policies

Today i have a problem when NTLM Settings are set in a wrong way at a customer. The settings are done by Microsoft Group Policy. With some settings MWG is not able to authenticate clients using NTLM.

Note: Kerberos is not possible

Client: NTLM is set by group policies to use NTLM Negotiation (Send LM & NTLM - use NTLMv2 session security if negotiated)

Domain Controler: NTLM is set by group policies to use NTLMv2 only (Send NTLMv2 response only. Refuse LM & NTLM)

I know this settings is done wrong by the customer so NTLM cannot work.

A workaround could be to setup MWG to negotiate NTLMv2 with the client and only using NTLMv2 with the domain controler.

Has anyone an idea if this can be done on MWG??

Cheers,

Thorsten

0 Kudos
1 Reply
amart
Level 9

Re: Customizing NTLM Negotiation adequate to Microsoft Group Policies

It's not possible by MS design. Server cannot instruct client to use specific NTLM version. In your case client is configured to use NTLMv1 when DC accepts NTLMv2 only. NTLMv1 message cannot be transcoded to NTLMv2 message by MWG.

0 Kudos