Windows Server 2016, Active directory authentication protocol

Takahiko Itou(伊藤貴彦) 40 Reputation points
2023-09-13T02:43:13.4166667+00:00

Hello.

I am not sure about the protocol used when accessing to the server using AD through RDP.

In my recognition, the protocol used when accessing through RDP is NTLM. But, I found an article stating when using AD, the protocol is Kerberos.

Would this be that, the access to the server uses NTLM and authentication uses Kerberos?

Also, I learned the protocol of RDP is NTLM, but by forbittening the protocol, RDP's protocol will be changed to Kerberos.

In this case, is the Kerberos 5?

I appreciate for answer.

Please help me out.

Thank you.

Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,553 questions
0 comments No comments
{count} votes

Accepted answer
  1. Anonymous
    2023-09-14T13:47:01.86+00:00

    For Windows Server 2016, is it correct recognition that the protocol used is Kerberos 5, when using Active Directory's sign in?

    Yes, it is.
    The Windows Server operating systems implement the Kerberos version 5 authentication protocol and extensions for public key authentication, transporting authorization data, and delegation. https://learn.microsoft.com/en-us/windows-server/security/kerberos/kerberos-authentication-overview

    --please don't forget to close up the thread here by marking answer if the reply is helpful--

    1 person found this answer helpful.
    0 comments No comments

3 additional answers

Sort by: Most helpful
  1. Anonymous
    2023-09-13T02:53:19.4+00:00

    Kerberos would be the default and preferred. Something here could help.

    https://learn.microsoft.com/en-us/windows-server/security/kerberos/kerberos-authentication-overview

    --please don't forget to close up the thread here by marking answer if the reply is helpful--


  2. チャブーン 1,376 Reputation points MVP
    2023-09-14T05:27:48.8733333+00:00

    Hi, Takahiko Itou - san

    This is Chaboon.

    My understanding is that RDP logon uses Kerberos authentication. However, NTLM authentication will only be performed if you use an IP address instead of a hostname.

    If you use the host name but RDP logon results in NTLM authentication, the SPN is not registered correctly in the computer account.

    You can find "TERMSRV/<Hostname>" and "TERMSRV/<FQDN>" registered in the servicePrincipalName attribute included in that computer account. If not, register it using the setspn command.


  3. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.


    Comments have been turned off. Learn more

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.