I recently by mistake configured "Network security: Restrict NTLM: NTLM authentication in this domain" on Domain Controller and found that my mails outgoing was stopped, users were not able to access SMB using \\IP instead they had to use \\SMBServerName
Then after I removed the, did gpupdate and asked users to continue using \\SMBServerName. Somehow work started but one issue I started to faced. Prior to above configuration I was able to RDP using domain accounts which were member of Administrators. But now if I RDP using other then Administrator. I received the error as attached.
I did the settings as available on Net, but nothing doing.
After that I came across a line on one of site explaining about disable NLA - As soon as I disabled NLA I was able to connect using accounts other then Administrator. But before configuring NTLM as explained above, NLA was working absolutely fine!
It is production server which I configured. I did all the above just to check as if I have NTLM or Kerberos enabled / disabled. As per one of site explanation, if we access using IP then NTLM authentication is used and if we access using DNS name then Kerberos is used.
Now I just configured below so I can make sure what Authentication is used.
Network security: Restrict NTLM: Audit Incoming NTLM Traffic - Enable auditing for all accounts --- On All Systems
Network security: Restrict NTLM: Audit NTLM authentication in this domain - Enable all --- On Domain Controller
Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers - Audit all --- On All Systems.
As soon as I got the event viewer what I see is in Event Viewer "Kerberos-Key-Distribution-Center" has no logs while NTLM is logs with Event ID 4004.
Please advise for 2 issues - One for RDP not available other then Administrator and Second - Why NTLM is showing logs with 4004 ID and Kerberos is blank.
Please help me resolve and understand why it is happening.