What is a one sentence summary of your feature request?
Enhancement Request: Enable Concurrent Kerberos and NTLM Authentication in Discovery
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
Product/Module: Netwrix Privilege Secure – Discovery
Enable Discovery to negotiate and use Kerberos and NTLM concurrently (SPNEGO with intelligent fallback/selection) per target endpoint, without forcing a global single-method setting. The feature should allow adaptive, per-connection choice—prefer Kerberos when available (SPNs, time sync, mutual auth) and seamlessly fall back to NTLMv2 when Kerberos prerequisites are unmet—within the same discovery run.
Today, requires selecting a single auth method globally , which creates blind spots:
Kerberos-only runs fail on endpoints lacking valid SPNs, constrained delegation paths, or with clock skew/line-of-sight issues (isolated segments, one-way trusts, DMZ).
NTLM-only runs fail in domains where NTLM is disabled or restricted via policy, or where SMB signing & channel binding policies require Kerberos.
Mixed estates (legacy devices, appliances, lab/OT segments) cannot be reliably scanned in one pass, increasing operational overhead and risk of incomplete inventory.
How do you currently solve the challenges you have by not having this feature?
NA