Jump to content
Microsoft Windows Bulletin Board

Event 6038 Microsoft Server has detected that NTLM authenication is presently between clients and this server.


Recommended Posts

Guest techcoor
Posted

Did try turning on the NTLM auditing in Domain Controller GPO.

 

Network security: Restrict NTLM: Audit Incoming NTLM Traffic Enabling auditing for all accounts.

 

Network security: Restrict NTLM: Audit NTLM authentication in this domain Enable all

 

Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers Audit all

 

Event viewer, Application and Services, Microsoft, Windows, NTLM shows NTLM client or NTLM Server blocked audit.

 

NTLM server blocked audit: Audit Incoming NTLM Traffic that would be blocked

Audit NTLM authentication requests to this server that would be blocked if the security policy Network Security: Restrict NTLM: Incoming NTLM Traffic is set to Deny all accounts or Deny all domain accounts.

 

But the Restrict NTLM: Incoming NTLM Traffic is set to Deny all accounts or Deny all domain accounts. is Not Defined.

 

NTLM client blocked audit: Audit outgoing NTLM authentication traffic that would be blocked.

 

If you want only the target server ldap/Server to accept NTLM authentication requests from this computer, set the security policy Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers to Deny all, and then set the security policy Network Security: Restrict NTLM: Add remote server exceptions and list the target server ldap/Server as an exception to use NTLM authentication.

 

But Restrict NTLM: Outgoing NTLM traffic to remote servers is set to Audit all

 

Continue reading...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...