Jul 27 2021 05:55 AM
Hi there,
We are using Outlook Anywhere and following are the settings :
ExternalClientAuthenticationMethod : Ntlm
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
There was a Security Alert raised , recently couple of days back stating that NTLM should be disabled on the DC's as it has been attacked.
Below is the alert:
KB5005413: Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS)
In order to check for this I enabled NTLM AUDITING on my DC's and can see the events related to my client computers connecting to CAS servers and also other servers. I am checking the logs under the below :
Microsoft-Windows-NTLM/Operational
1..
Domain Controller Blocked Audit: Audit NTLM authentication to this domain controller.
Secure Channel name: XXXXXX
User name: XXXXX
Domain name: XXXXXx
Workstation name: XXXXX
Secure Channel type: 2
2.
Secure Channel name: CAS01
User name: userid
Domain name: xxxxxxx
Workstation name: PC
Secure Channel type: 2
I am not sure what should I do, so if I disable NTLM on the DC's, is it going to cause any problem for Outlook Connectivity and the Email flow.
Waiting for your suggestions.