After disabling or blocking SMB 1.0, NTLM authentication fails to work with the Symantec Web Gateway (SWG). Attempts to test NTLM (HTTP 407) or add/change the Primary or Secondary Domain Controller result in errors.
When attempting to test NTLM (HTTP 407), the following error is noted:
NTLM HTTP 407 test failed: An error occurred while contacting the domain controller: system error, error code = NTLM40.
When attempting to change/add a Primary or Secondary Domain controller, the following error is noted:
We're sorry, but an error occurred while contacting the domain controller: 255 Failed to join domain: failed to look up DC info for domain '[DOMAIN NAME]' over RPC: NT_STATUS_CONNECTION_RESET
The SWG only supports SMB 1.0 for NTLM authentication.
Ensure that the SWG has unrestricted access to SMB port 445 to the Primary and Secondary Domain Controllers.