Customers migrating their Microsoft Active Directory environments from NTLMv1 to NTLMv2 may want to understand:

• Whether VIP Enterprise Gateway supports NTLMv2?
• Whether Windows Server 2025 impacts NTLM-based authentication?
• Whether NTLM is being deprecated by Microsoft?

Symantec VIP EG 9.11.x

Symantec VIP Enterprise Gateway does not directly implement its own NTLM authentication stack. Instead, it relies on the underlying Microsoft Windows Operating System security providers and Active Directory authentication mechanisms for LDAP/AD communication.

As a result:

• If the Windows Server and Domain Controllers are configured to require NTLMv2, VIPEG will utilize the OS-level authentication capabilities accordingly.
• NTLMv1 is considered insecure and deprecated.
• NTLMv2 remains supported in Windows Server 2025, although Microsoft has publicly indicated a long-term direction toward reducing and eventually phasing out NTLM usage in favor of Kerberos and modern authentication methods.

Customers currently using NTLMv1 should migrate to NTLMv2 as soon as possible.

Before enforcing NTLMv2-only policies, verify the following:

1. Ensure the VIPEG servers are running a supported Windows Server version
2. Verify that:
   1. Domain Controllers permit NTLMv2 authentication
   2. NTLMv1 is disabled only after compatibility validation
3. Ensure the VIPEG LDAP bind account remains active, has appropriate directory permissions and is not restricted by new authentication hardening policies
4. Where possible, use LDAPS (LDAP over SSL/TLS), secure bind configurations and trusted certificates.

Migrating from NTLMv1 to NTLMv2 remains the recommended and supported approach for current VIPEG deployments, including environments running Windows Server 2025.