none
MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 package

    Question

  • In Event Viewer the 4624 events are showing

    Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

    What authentication is being used. It is not Kerberos, I believe. Not NTLM?

    How do I determine it?

    Thursday, March 9, 2017 12:21 AM

All replies

  • Hi

     For 4624 you may look to this; https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4624

    Then to find the source you should configure "Advanced Security Audit Policy";

    Advanced Security Audit Policy Settings

    https://technet.microsoft.com/en-us/library/dn319056%28v=ws.11%29.aspx?f=255&MSPPError=-2147217396


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Thursday, March 9, 2017 7:07 AM
  • Hi Burak,

    Thank you for your answer. However this link says nothing about
    "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0". I know how to interpret NTLM and Kerberos in this filed, but not
    "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0".

    And I do know the source of the packets as I initiate them myself. I just need to determine what authentication the application uses.

    Thursday, March 9, 2017 10:56 PM
  • Maybe this one helps.

    https://msdn.microsoft.com/en-us/library/aa378753.aspx?f=255&MSPPError=-2147217396

     

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Thursday, March 9, 2017 11:06 PM
  • I've seen this article before. It does not speak about authentication mechanisms and how secure they are.
    Friday, March 10, 2017 12:00 AM
  • I'd try them over here.

    https://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=wcf

     

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Friday, March 10, 2017 12:17 AM
  • Check these also;

    https://technet.microsoft.com/en-us/library/jj865682(v=ws.10).aspx

    https://blogs.technet.microsoft.com/askpfeplat/2013/12/15/domain-and-dc-migrations-how-to-monitor-ldap-kerberos-and-ntlm-traffic-to-your-domain-controllers/


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Friday, March 10, 2017 7:36 AM