Pillar Axiom: Windows 2008 DC Changes to Support NTLM Requests from the Axiom NAS

Asset ID:	1-72-1389870.1
Update Date:	2012-08-27
Keywords:

Solution Type Problem Resolution Sure

Solution 1389870.1 : Pillar Axiom: Windows 2008 DC Changes to Support NTLM Requests from the Axiom NAS

Applies to:

Pillar Axiom 600 Storage System - Version Not Applicable to Not Applicable [Release N/A]
Pillar Axiom 500 Storage System - Version Not Applicable and later
Pillar Axiom 300 Storage System - Version Not Applicable and later
Information in this document applies to any platform.

Symptoms

Windows 2008 DC changes to support NTLM requests from the Axiom NAS CIFS server.

Changes

As of AxiomONE Storage Manager release 3.3.x and below, NTLM v2 is unsupported. Support for this has been added in AxiomONE Storage Manager 4.2.x and above.

Cause

As a result, customers who are running Windows 2008 domain controllers will find that NTLM requests will fail.

Solution

The workaround for this issue is as follows:

1) Disable NTLMv2:

For your Windows 2008 DC, please open "Domain Security Policy" in Administrative Tools of Start menu. Click on Security Settings > "Local Policies" > "Security Options". Scroll down to "Network Security: LAN Manager authentication level" and open it, right click and select properties. By default the Windows 2008 sets the policy to "NTLMv2 responses only". Change this to "send LM and NTLM - use NTLMv2 session security if negotiated".

(2) Disable Strong Session Key:

For your Windows 2008 DC, please open "Domain Security Policy" in Administrative Tools of Start menu. Click on Security Settings > "Local Policies" > "Security Options". Scroll down to "Domain member: Require strong (Windows 2000 or later) session key" and open it, right click and select properties. By default the Windows 2008 sets the policy to "Enabled". Change this to "Disabled".

Attachments

This solution has no attachment