05-13-2020 08:41 AM
Our deployment has the Active Directory Profiling Configuration enabled, and it appears to be working, I see the AD-* attributes for profiled nodes, but Active Directory is logging some interesting "errors" from our ISE node:
05/12/2020 03:58:05 PM LogName=Microsoft-Windows-NTLM/Operational SourceName=Microsoft-Windows-Security-Netlogon EventCode=8004 EventType=4 Type=Information ComputerName=ad-server.domain.name User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=Auditing NTLM OpCode=Info RecordNumber=139156223 Keywords=None Message=Domain Controller Blocked Audit: Audit NTLM authentication to this domain controller. Secure Channel name: ISE-SERVER User name: workstatoin@domain.name Domain name: domain.name Workstation name: \\ISE-SERVER Secure Channel type: 2 Audit NTLM authentication requests within the domain domain.name that would be blocked if the security policy Network Security: Restrict NTLM: NTLM authentication in this domain is set to any of the Deny options. If you want to allow NTLM authentication requests in the domain domain.name, set the security policy Network Security: Restrict NTLM: NTLM authentication in this domain to Disabled. If you want to allow NTLM authentication requests to specific servers in the domain domain.name, set the security policy Network Security: Restrict NTLM: NTLM authentication in this domain to Deny for domain servers or Deny domain accounts to domain servers, and then set the security policy Network Security: Restrict NTLM: Add server exceptions in this domain to define a list of servers in the domain domain.name to which clients are allowed to use NTLM authentication.
Is there some configuration on the domain controllers I am missing? I verified the ISE-SERVER is joined to the domain, can fetch groups/users, auth is working as expected
Solved! Go to Solution.
05-13-2020 08:51 AM
05-13-2020 08:51 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide