Today i have a problem when NTLM Settings are set in a wrong way at a customer. The settings are done by Microsoft Group Policy. With some settings MWG is not able to authenticate clients using NTLM.
Note: Kerberos is not possible
Client: NTLM is set by group policies to use NTLM Negotiation (Send LM & NTLM - use NTLMv2 session security if negotiated)
Domain Controler: NTLM is set by group policies to use NTLMv2 only (Send NTLMv2 response only. Refuse LM & NTLM)
I know this settings is done wrong by the customer so NTLM cannot work.
A workaround could be to setup MWG to negotiate NTLMv2 with the client and only using NTLMv2 with the domain controler.
Has anyone an idea if this can be done on MWG??
It's not possible by MS design. Server cannot instruct client to use specific NTLM version. In your case client is configured to use NTLMv1 when DC accepts NTLMv2 only. NTLMv1 message cannot be transcoded to NTLMv2 message by MWG.