Elastic Windows Event Explorer


Publisher - LsaSrv

Event ID 6038

Message:

Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server.
 
NTLM is a weaker authentication mechanism. Please check:
 
      Which applications are using NTLM authentication?
      Are there configuration issues preventing the use of stronger authentication such as Kerberos authentication?
      If NTLM must be supported, is Extended Protection configured?
 
Details on how to complete these checks can be found at http://go.microsoft.com/fwlink/?LinkId=225699.

Event Data:

No parameters.

Observed Windows Versions:

Version: 0

Fingerprint: U3RPAECUGRTS4