Windows Authentication doesn’t work for remote control authentication (NTLMv2 Support of Remote Control)

Version 2

    This document applies to LDMS 9.0 and 9.5

     

    Description

    Some customers want to use local Windows Authentication to authenticate their remote control sessions via LANDesk. This might also be the case if the to be remote controlled device is not member of a domain (standalone) or not part of any trusted domain (untrusted) to the domain within the administrator and/or the LDMS core resits.

    The usual configuration within the LANDesk Agent configuration would look like similar to this

                        1.png

    On the to be remote controlled device there are some local account added to the “Remote Control Operators” group (here LDAdmin and the local administrator).

      2.png

    But every time the customer wants to connect to the machine the “Credentials Required” window keeps popping up. And no successful remote control session can be established.

      3.png

    The issuser.log (in the LDClient directory) does show entries which imply that the user has established a successful remote control session.

    These entries might look similar to this one:

    Start Remote Control  Initiated from W2K3-CITRIX-EN by user \, Security Type: Windows NT

    Cause

    The cause of this was that the local machine was set to only accept network connection authenticated by NTLMv2 within the local group policy for “Network security: LAN Manager authentication level Properties”.

      4.png

     

    Solution

    The solution is to set the authentication level to “Send LM & NTLM – use NTLMv2 session security if negotiated”

      6.png