Skip to content

Configure NTLMv2 without LDAP

Use these settings to configure Windows Authentication - NTMLv2 without using LDAP authorization.

Note

If instead you want to use LDAP, click CANCEL. Click Use LDAP to restrict access to sessions, click +ADD and proceed with Use LDAP to restrict access to Window Authentication - NTLMv2 sessions.

  1. Enter the settings to ADD or EDIT an NTLMv2 server for Single Sign-on through Windows Authentication:

    a. Choose and enter either

    • Domain Controller DNS name or IP address: IP address or DNS name of the Active Directory Domain Controller.

      NetBIOS hostname of domain controller: The first 15 characters of the domain controller’s host name, for example, myComputer.

      — or —

    • DNS domain

    b. NetBIOS domain name: The first 15 characters of the left-most label in the DNS domain name.

    Example: For the DNS domain name mydomain.mycompany.com, enter the NetBIOS domain value mydomain.

    Hint

    To obtain the NetBIOS name for a domain on Windows Server 2000 or higher:

    1. Open the Active Directory Domains and Trusts snap-in (domain.msc).

    2. In the console tree, right-click the domain and select Properties.

    3. The Domain name (pre-Windows 2000) field displays the NetBIOS name.

    On Windows Server 2008 or higher, you can also use the Active Directory module for Windows PowerShell to find the NetBIOS name of a domain in Active Directory Domain Services.

    On Windows Server 2008 only, if the Active Directory module is not available, you may need to install it first, using this PowerShell command:

    import-module activedirectory

    Example: To find the NetBIOS name of the domain called mydomain.com:

    Get-ADDomain -Identity mydomain.com | findstr /I NetBIOSName

    c. Computer account (for servicing): A computer account in the Active Directory domain.

    A computer account is different than a user account. The computer account should not be associated with an actual physical or virtual computer.

    To specify the Computer account for servicing:

    A computer account's syntax is the pre-Windows 2000 computer name, followed by a $ sign, followed by the @ symbol, and then the DNS domain name. (The term NetBIOS is called pre-Windows 2000 in some Windows utilities.)

    Syntax: <Computer name (pre-Windows 2000)>$@<DNS domain name>

    For example, if the Computer name is ReflServiceAccount, the pre-Windows 2000 Computer name is REFLSERVICEACCO and the computer account is: REFLSERVICEACCO$@mydomain.com

    d. Computer account password

    If the password of the computer account is not already known, it must be explicitly reset in Active Directory. You can reset a computer account’s password using a simple VBScript, or the ADSI Edit tool.

  2. Click TEST CONNECTION.

    This action checks the NTLMv2 connection to be sure the server is listening and is in fact a domain controller. The test attempts to authenticate to the server using the IP address or alias for the domain controller, the NetBIOS hostname, computer account, and password.

    Note

    The Domain is not tested and could still be a cause for error later in the authentication process.

    If the result is Success, click OK.

    If TEST CONNECTION fails, check the logs and resolve the issue before continuing.

  3. To add another server, see Adding Another Server for Windows Authentication NTLMv2.