Windows Server 2016, Active directory authentication protocol

Question

Hello.

I am not sure about the protocol used when accessing to the server using AD through RDP.

In my recognition, the protocol used when accessing through RDP is NTLM. But, I found an article stating when using AD, the protocol is Kerberos.

Would this be that, the access to the server uses NTLM and authentication uses Kerberos?

Also, I learned the protocol of RDP is NTLM, but by forbittening the protocol, RDP's protocol will be changed to Kerberos.

In this case, is the Kerberos 5?

I appreciate for answer.

Please help me out.

Thank you.

Answer 1

For Windows Server 2016, is it correct recognition that the protocol used is Kerberos 5, when using Active Directory's sign in?

Yes, it is.
The Windows Server operating systems implement the Kerberos version 5 authentication protocol and extensions for public key authentication, transporting authorization data, and delegation. https://learn.microsoft.com/en-us/windows-server/security/kerberos/kerberos-authentication-overview

--please don't forget to close up the thread here by marking answer if the reply is helpful--

Answer 2

Kerberos would be the default and preferred. Something here could help.

https://learn.microsoft.com/en-us/windows-server/security/kerberos/kerberos-authentication-overview

--please don't forget to close up the thread here by marking answer if the reply is helpful--

Answer 3

Hi, Takahiko Itou - san

This is Chaboon.

My understanding is that RDP logon uses Kerberos authentication. However, NTLM authentication will only be performed if you use an IP address instead of a hostname.

If you use the host name but RDP logon results in NTLM authentication, the SPN is not registered correctly in the computer account.

You can find "TERMSRV/<Hostname>" and "TERMSRV/<FQDN>" registered in the servicePrincipalName attribute included in that computer account. If not, register it using the setspn command.