3.2.5.2.1 Server Sends the Client an Initial CHALLENGE_MESSAGE

The server MUST send a set of supported features and a random key to use as part of the challenge. This key is in the form of a 64-bit (8-byte) nonce value for the ServerChallenge value. The nonce is a pseudo-random number generated by the server and intended for one-time use. The connectionless variant always uses key exchange, so the NTLMSSP_NEGOTIATE_KEY_EXCH flag MUST be set in the required flags mask. The client SHOULD determine the set of supported features and whether those meet minimum security requirements. This message is sent to the client as a CHALLENGE_MESSAGE.