Share via

How to identify 3des traffic coming to Domain controllers

Anonymous
2024-02-10T01:12:44+00:00

Hi Team,

I want to identify 3DES traffic coming to Domain Controllers.

What is required from our end to see this traffic?

What event codes can be used to check this kind of traffic?

Should we look at kerberos authentication for this?

Are there any specific logs that we have to enable to check this?

Any pointers will be helpful

Windows Server Identity and access User logon and profiles

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-02-12T02:40:18+00:00

    Hello Heenashree Khandelwal,

    Thank you for posting in Microsoft Community forum.

    What is required from our end to see this traffic?

    A1: You can try to Monitor LDAP, Kerberos and NTLM Traffic to the Domain Controller and check if there is any traffic related to 3DES.

    Domain and DC Migrations: How To Monitor LDAP, Kerberos and NTLM Traffic To Your Domain Controllers - Microsoft Community Hub

    *What event codes can be used to check this kind of traffic?*A2: It seems there is no specific event ID related to 3DES.

    *Should we look at kerberos authentication for this?*A3: Yes, as mentioned in A1.

    Are there any specific logs that we have to enable to check this?
    A4: It seems there is no specific logs related to 3DES.

    Meanwhile, you can also try to test and disable 3DES on DCs during downtime, then check if there is any failure between any app/programs caused by 3DES.

    I hope the information above is helpful.

    If you have any question or concern, please feel free to let us know.

    Best Regards,

    Daisy Zhou

    0 comments