Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Juan_
Collaborator
Jump to solution

IA - Enabling NTLMv2

Hi there,

 

According to sk91462 and Admin guides, the procedure to enable NTLMv2 is:

"Enable NTLMv2 negotiations for AD Query by using the adlogconfig command line interface: *Note in Cloud Mgmt environments this will need to be ran internally on the Mgmt server CLI.  

  1. Enable Identity Awareness without using the Wizard and install policy.
  2. When configuring AD Query, type: adlogconfig a.
  3. When configuring Identity Logging (Identity Awareness for Log Server) type: adlogconfig l.
  4. Choose the Use NTLMv2 option.
  5. Save and exit.
  6. Install policy on the Security Gateway."

 

Now, we have tried it and the gateway appears to still be using NTLMv1, checked on packet capture.

With the DCs already using ONLY ntlmv2, we are getting bad credentials as described in the SK.

 

We've seen that in the gateway if you run 'adlogconfig a', Use NTLMv2 is not checked.

Should we check it on gateways as well even though is not mentioned on SKs and admin guide?

Has anyone tried this before?

Tag from previous discussion:

@Royi_Priov@checkandmate 

 

Thanks
Juan

0 Kudos
1 Solution

Accepted Solutions
Juan_
Collaborator

Enabling NTLMv2 with 'adlogconfig a' on gateways restored communication with the DCs.

 

View solution in original post

0 Kudos
1 Reply
Juan_
Collaborator

Enabling NTLMv2 with 'adlogconfig a' on gateways restored communication with the DCs.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events