WMI NTLM Connection

Hi,

I'm afraid that it will not be possible to configure an exception list nor to change the WMI NTLM authentication to Kerberos, sorry. You can consider to switch the monitoring protocol to i.e. SNMP if this better suits your needs, changing the WMI requests will not be possible.

Best regards, Felix

Dear Felix,

I need to configure an exception list to get NTLM working only in my domain as the external webserver will have a domain name in our domain. So my only chance is to configure exceptions for every monitored server, which is not so smooth, as i need to add every new server to the next list in my GPO settings (it is a manual list, no AD Groups are valid).

Thanks for the fast feedback. Thread can be closed.

Regards PS

Can we force PRTG to use Kerberos only, and completely disable LM and NTLM?

Hello Chris,

As mentioned above, this is not possible, sorry.

Best regards, Felix

Hi, has anything happened in this regard? We will probably have to get rid of PRTG because our security team's requirement to disable NTLM.

Hello,

I'm afraid to tell you that the statements above are still valid. NTLM is used by PRTG for WMI and HTTP sensors. If NTLM v1 is deactivated, our WMI and HTTP sensors should continue to work with NTLM v2. This does not require any additional adjustments in PRTG. However, if NTLMv2 is also disabled, those sensors will no longer work (they won't switch to Kerberos).

As alternative many of the WMI sensors can be replaced with SNMP-based alternatives.

We are aware of this issue and understand your concern, however currently I'm afraid there are no plans yet to switch to Kerberos. There's already an official feature request for this. Please vote for it if you are interested, as this will help us to prioritize it internally: https://helpdesk.paessler.com/en/support/solutions/articles/89790