Event banner
Event details
32 Comments
Cliff_FisherMicrosoft
Strong Name Mapping documentation: KB5014754: Certificate-based authentication changes on Windows domain controllers - Microsoft Support
- Cliff_Fisher
Password Entropy on XKCD: http://xkcd.com/936
- Cliff_Fisher
AD Administration Links:
DCLocator Demo: http://aka.ms/ADTTDCLocatorDemo
Locating AD Domain Controllers on Microsoft Learn: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/dc-locator?tabs=dns-based-discovery Cliff_FisherI would love to fully deprecate NTLM but I found that once NTLM is fully disabled, I can't RDP to or from servers that are not domain-joined, if I also have Network Level Authentication (NLA) turned on. It gives some error about CredSSP Oracle patch, despite the machines having the latest patches installed. The error displayed says nothing about NTLM, Kerberos or NLA, so the error message is incorrect. The issue likely occurs due to not being able to use Kerberos if the client or server machine isn't domain-joined but I can't find any public Microsoft documentation describing this. Can you please point me to any documentation describing the above issue or provide a workaround and/or fix the improper error message when using RDP in the above scenario?
- Cliff_Fisher
Thanks Michael - I think you are probably right, but I will connect with the team supporting authentication & see if they can comment here.
Cliff_Fisher Heather_Poulsen
I opened a support case on this issue and was open for over 6 months now without much progress. They say they have internal documentation describing this issue but they are refusing to make it public and are not providing a reason. I would greatly appreciate it if you could assist here and to fix the error message and fully document and explain the issue.
- Cliff_Fisher
Hi everyone! Looking forward to your questions and feedback on Active Directory & the session!
- Heather_Poulsen
Community Manager
Welcome to Securing Active Directory and Windows Server Summit 2025! Have a question? Post it here in the Comments so we can help. Let’s make this an active Q&A!
If you prefer, you can also watch it on LinkedIn: Securing Active Directory | LinkedIn
All of today's sessions will be available on demand immediately after airing. You'll see auto-generated captions during our live broadcasts, and we will update those with human-generated captions by the end of the week. Q&A will be live during the sessions, and we'll leave it open through the end of the week.
