-1

NTLM Authentication Failing once Domain Controller was upgraded to Windows Server 2016. Application server is running Server 2012 R2. We have one domain controller left on 2012, NTLM works fine on that controller. When I switch to one of the 2016 servers, it fails. It seems that this may be the issue:

https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls (thanks to RichM for identifying this back in 2019).

What I would like to know is this: if I upgrade my application server to Windows Server 2016, will that fix my issue as well or will I have the same issues as with a an app server on 2012 R2?

Improve this question
2
  • inplace Upgrade of a dc is always a bad idea. I had so often trouble with it. just install clean and add is as a second one to the domain transfer all roles and after that you demote the old one.
    – djdomi
    May 1 at 17:23
  • We don't know what your issue is.
    – Greg Askew
    May 1 at 18:31

1 Answer 1

Reset to default
1

It's pretty hard to answer accurately to your question as we do not have a complete insight of your network.

This being said, since you are having problems with NTLM, it sounds like a good opportunity to jump over Kerberos, unless you need NTLM for backwards compatibility.

If you absolutely need NTLM to work, I suggest you do some troubleshooting and find the root cause. Here are some tips that come to mind :

  • Validate that your apps are compatible with Windows Server 2016.
  • Review group policies.
  • Analyze logs.

Cheers!

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .