Searching the internets we haven't found any other references to this particular Event ID Warning message. It's likely new in Windows Server 2012, we are part of an Active Directory that is at Forest Functional Level: Windows Server 2008, but out Child Domain is at Domain Functional Level: Windows Server 2012 (3 Domain Controllers in our Child Domain). Clicking on the URL in the Description of the Event ID just link to a ‘Windows Server Future Resources’ placeholder page. The full Event ID is pasted in below.
We would like to know how to complete these checks, and if possible, raise our NTLM Authentication to Kerberos. How are these tasks accomplished on Windows Server 2012 Domain Controllers? Thanks in advance for any help!
Log Name: System
Source: LsaSrv
Date: 12/27/2012 6:00:01 PM
Event ID: 6038
Task Category: None
Level:
Warning
Keywords: Classic
User: N/A
Computer: <server FQDN>
Description:
Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server.
NTLM is a weaker authentication mechanism. Please check:
Which applications are using NTLM authentication?
Are there configuration issues preventing the use of stronger authentication such as Kerberos authentication?
If NTLM must be supported, is Extended Protection configured?
Details on how to complete these checks can be found at http://go.microsoft.com/fwlink/?LinkId=225699.