Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Configure to Allow InSecure NETLOGON

Allow Insecure NETLOGON for Backward Compatibility

For some users, the domain controller is configured in such a way that the AES algorithm is not supported for NETLOGON and hence, ends up creating an insecure NETLOGON channel. 

In order to avoid the unintentional creation of such an insecure NETLOGON Channel, we have an option in the “Windows Join Domain” dialog to choose explicitly. By default, the checkbox will not be selected. 

Configure Insecure NETLOGON
  1. Select Configuration | Appliances.
  2. On the appliances tree, select the appliance you want to join and click Windows Domain Memberhship.
    A list of domains appears on the settings pane. It is initially empty.
  3. Click Join to enter a domain into the list.
    The Join Domain window opens.
  4. Configure a domain name, a domain controller, and other settings in the window.
  5. Select Allow Insecure Netlogon option to allow the Insecure NETLOGON Channel for backward compatibility with the Windows Domain controller until security hardening is enforced


  1. Click OK.

Best Practices

After an upgrade it is required, to remove existing windows domain memberships and rejoin to the Domains for Allow insecure logon checkbox to come into action.

  • Was this article helpful?