When trying to connect to Netwrix Auditor Server (with Netwrix Auditor client or Integration API), you get the following error:
You are trying to contact Netwrix Auditor Server by its IP address while NTLM authentication is disabled through group policy. In this case, Windows cannot resolve server’s IP address into a service principal name (SPN) and Kerberos authentication fails.
Review a list of NTLM restricting policies and their settings:
- Network Security: Restrict NTLM: Audit Incoming NTLM Traffic – Deny all accounts
- Network Security: Restrict NTLM: NTLM authentication in this domain – Deny all
- Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers – Deny all
- Network security: Do not store LAN Manager hash value on next password change – Enabled
- Network security: LAN Manager authentication level – Send NTLMv2 response only. Refuse LM & NTLM
Netwrix recommends enabling NTLM authentication.
If for some reason, you cannot enable NTLM authentication, review the following workaround: contact Netwrix Auditor Server by its computer name. For example, WKSWin12R2, EnterpriseWKS.enterprise.local.