This might help you to understand how August Patch works
Event ID's 5829-31 Not Visible in Domain Controller logs after August 2020 Patches
Hello, we have applied the August 2020 patches on our Domain Controllers but do not see any logs with Event ID 5829-5831 since the updates. There is at least one Server 2003 machine (i.e. out of support OS) on our domain which I assume is still using insecure Netlogon but I can't confirm this as I don't see it reflected anywhere in the logs.
My suspicion was that we might have to enable and configure the included GPO: "Domain controller: Allow vulnerable Netlogon secure channel connections", but I don't want to enable it and then "allow" vulnerable connections just to test this.
We also have non-Windows devices on our domain and I'm sure some of them are using insecure Netlogon connections to the DC's. Does anyone know how I can get the results I need in event viewer? I would like to be ready for the enforcement phase in February.
We are checking in to see if the provided information was helpful. If the reply is helpful, we would appreciate you to accept it as answer.
Please let us know if you would like further assistance. Thanks.
Sign in to comment