Overview
- Enabling NTLMSSP on Windows Servers requires to uncomment the following line:
event.readers.usentlmssp=true
in the agentless.prop file of Windows Retriever as indicated below:
# MISCELLANEOUS OPTION SETTINGS
>#------------------------------------------
# Windows2008r2 requires the use of NTLMSSP, to enable ntlmssp support uncomment the following line
#------------------------------------------
#event.readers.usentlmssp=true
#event.readers.usentlmssp=true
- This article answers the query: Will removing the comment indicated above have an impact on log collection from NTLM V1 or NTLM V2 Windows Servers?
- Note: NTLMSSP (NT LAN Manager (NTLM) Security Support Provider) is a binary messaging protocol used by the Microsoft Security Support Provider Interface (SSPI) to facilitate NTLM challenge-response authentication and to negotiate integrity and confidentiality options.
Environment
Sensage AP all versions
Requirement
Access to Sensage AP Cluster Environment
Information
- Uncommenting the
event.readers.usentlmssp=true
on Windows Retriever agentless.prop file setting allows NTLMSSP authentication in addition to the standard ones.
- Regular NTLMv1 and NTLMv2 authentication will not be affected by enabling this option, so it is safe to enable it on all servers.
-
Important Note: If you are unsure about securely performing the steps mentioned in this article, always make a backup before making any changes or reach out to support for more help.
Confirmation
Follow these steps to confirm:
- Uncomment
event.readers.usentlmssp=true
in the file agentless.prop. - Restart Log Collector.
- Validate all old, and new Windows Retrievers are working as expected.
Comments
0 comments
Please sign in to leave a comment.