we are trying to edit the policy on our DC to completely stop NTLMv1
Code: Select all
Refuse LM & NTLMi started Auditing our Log-on as per this documenthttps://learn.microsoft.com/en-us/troub ... ler-ntlmv1
I have found Anonymous login repeated for VEEAM server , which according to MS , this can be ignored , also in the same link i included above.
I looked at Some of the VEEAM logs and i found the below entries alot
Code: Select all
[13.12.2024 09:54:30.296] <71> Info (3) [SNetworkAddressResolver] Resolved ['rtm-vishared.infra.local', '10.141.24.12'] by NTLM strategy IP addresses and host names. IPAddressKind: [IPv4]. Result: ['10.64.24.48'].
[SNetworkAddressResolver] Resolved ['dcasvr99.hosting.local', '10.141.1.15'] by NTLM strategy IP addresses and host names. IPAddressKind: [IPv4]. Result: ['10.232.1.15'].
[13.12.2024 10:14:30.494] <71> Info (3) [SNetworkAddressResolver] Resolved ['rtm-vishared.infra.local', '10.64.24.48'] by NTLM strategy IP addresses and host names. IPAddressKind: [IPv4]. Result: ['10.64.24.48'].
[SNetworkAddressResolver] Resolved ['xam-hv04.infra.local', '10.64.24.44'] by NTLM strategy IP addresses and host names. IPAddressKind: [IPv4]. Result: ['10.64.24.44'].
[13.12.2024 10:56:43.381] <14> Info (3) [SNetworkAddressResolver] Host not joined to domain. Using NTLM only strategy.
[13.12.2024 10:56:43.400] <14> Info (3) [SNetworkAddressResolver] Resolved ['ALB-VEEAM', '10.141.1.40'] by NTLM strategy IP addresses and host names. IPAddressKind: [IPv4]. Result: ['10.141.1.40'].
[13.12.2024 11:48:37.407] <55> Info (3) [SNetworkAddressResolver] Resolved ['alb-cattools.hosting.local', '10.141.1.120'] by NTLM strategy IP addresses and host names. IPAddressKind: [IPv4]. Result: ['10.141.1.120'].Note that i am using VEEAM v12 which supposedly uses Kerberos. and i am using FQDN with all managed servers /backup proxies ..etc
I would appreciate any help