Kerbroes or NTLM RRS feed

  • Question

  • hi,

    I have configured both NTLM and Kerberos.

    I have SQL server and Web server on one machine and Client (browser) is connecting to web server from different machine.

    How do I know whether windows is using Kerberos or NTML authnetication? are there any tools or diagnsotics which tells that:

    My request to server is using Kerberos or NTLM?

    Thursday, December 1, 2011 10:52 AM

All replies

  • The event log has that information. I can't remember the details but it say something like "authentication package: kerberos" in the logon event.
    Dominick Baier | thinktecture | http://www.leastprivilege.com
    Thursday, December 1, 2011 5:51 PM
  • Look for Event ID 528/540. It will have the logon details, e.g.:

    Logon Type: 3
    Logon Process: NtLmSsp
    Authentication Package: NTLM

    Logon Types are described here:


    Thursday, December 1, 2011 8:06 PM
  • The easiest and best way to tell is to use Wireshark.  Dissect the initial packets.  Very simple to do and it'll tell you.  You might just want to disable NTLM authentication if you can.  There are documents on how and when to disable NTLM auth.  If you can, you should.
    Friday, December 9, 2011 9:18 PM