none
Event 6038, LSA (LsaSrv)

    Question

  • Should we be concerned about this warning message?

    Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server.

    NTLM is a weaker authentication mechanism. Please check:

          Which applications are using NTLM authentication?

          Are there configuration issues preventing the use of stronger authentication such as Kerberos authentication?

          If NTLM must be supported, is Extended Protection configured?

    Details on how to complete these checks can be found at http://go.microsoft.com/fwlink/?LinkId=225699.

    I'm seeing it on both of the Essentials servers I've setup, one was a migration, the other was a clean install.

    Sunday, January 13, 2013 3:06 PM

Answers

  • NTLM is a deprecated authentication protocol; in situations where Kerberos is an option for everything, it's the preferred protocol these days. That said, there are situations where NTLM is required, and core Essentials functionality implements at least one of those (could be more, I'm not certain).

    So long story short, you should not be extremely concerned. (Mildly concerned, perhaps, but in the sense that your exposure is greater than it absolutely has to be if everyone does everything perfectly.)


    I'm not on the WHS team, I just post a lot. :)

    Sunday, January 13, 2013 3:44 PM

All replies

  • NTLM is a deprecated authentication protocol; in situations where Kerberos is an option for everything, it's the preferred protocol these days. That said, there are situations where NTLM is required, and core Essentials functionality implements at least one of those (could be more, I'm not certain).

    So long story short, you should not be extremely concerned. (Mildly concerned, perhaps, but in the sense that your exposure is greater than it absolutely has to be if everyone does everything perfectly.)


    I'm not on the WHS team, I just post a lot. :)

    Sunday, January 13, 2013 3:44 PM
  • Is there any update on which functions of Essentials that require NTLM? I am using the Remote Access and would like it as secure as possible.

    Thanks.

    Wednesday, June 26, 2013 2:08 AM