After disabling or blocking SMB 1.0, NTLM authentication fails to work with the Symantec Web Gateway (SWG). Attempts to test NTLM (HTTP 407) or add/change the Primary or Secondary Domain Controller result in errors.
When attempting to test NTLM (HTTP 407), the following error is noted:
NTLM HTTP 407 test failed: An error occurred while contacting the domain controller: system error, error code = NTLM40.
When attempting to change/add a Primary or Secondary Domain controller, the following error is noted:
We're sorry, but an error occurred while contacting the domain controller: 255 Failed to join domain: failed to look up DC info for domain '[DOMAIN NAME]' over RPC: NT_STATUS_CONNECTION_RESET
The SWG only supports SMB 1.0 for NTLM authentication.
Ensure that the SWG has unrestricted access to SMB port 445 to the Primary and Secondary Domain Controllers.
Subscribing will provide email updates when this Article is updated. Login is required.