If you are receiving failed logons due to Netwrix using NTLM to communicate to newer servers or domain controllers you can fix this. Here are the steps Netwrix support gave me.
This change only needs to be done on the Netwrix server
Edit this GPO. Browse to → Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
Change this setting → Network Security: Restrict NTLM: Outgoing NTLM traffic to remote server → to → Deny All
This fixed my issue. I have not seen any negative effects from making this change. Hope this helps.
The GPO update did not work, thank you for the suggestion.
For us the issue is the database sits on different server. The reporting functionality in Netwrix still relies on NTLM. It still gathers data and logs, but we can’t view the reports.
I was looking at our settings. Keep in mind any of these changes require a machine reboot to take effect. We do store the Netwrix database on the same server as Netwrix, so some or all of this might not help, but it may make it at least more secure.
Computer configuration:
Network Security:
If I may, I’ll answer this one. My name is Nate, and I am one of the Tier 2 Engineers supporting Netwrix Auditor.
The process for upgrading is outlined here: Upgrade to the Latest Version
It covers a number of preliminary best-practice steps to back up Auditor’s data and its audit databases out of an abundance of caution. The actual upgrade process involves running the installer and following the Wizard.
If you would like assistance or have any problems, please feel free to open a ticket with Support. We would be happy to help you.