Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ PI Vision™

TABLE OF CONTENTS

Disable NTLM authentication (recommended)

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedApr 07, 2025
  • 1 minute read

Note: This section doesn't apply if installing in an environment whose end users only use OpenID Connect authentication, or if using Basic authentication.

Some configurations of Windows Integrated Security (WIS) may cause the PI Vision server to fall back to NTLM authentication, a protocol that may be susceptible to replay attacks. For more information about how Microsoft is working to eliminate the need for NTLM, see the blog post The evolution of Windows authentication.

For increased security, we recommend that you remove the NTLM protocol by following these steps:

  1. In Internet Information Services (IIS) Manager, select the PIVision site and double-click the Authentication icon under the features view.

    Select Authentication icon

  2. Select Windows Authentication.

  3. Select the Advanced Settings link from the right pane.

  4. Deselect the checkbox for Enable Kernel-mode authentication. Select OK.

    This setting is not compatible with the Negotiate:Kerberos authentication provider.

  5. Select the Providers link from the right pane.

  6. Remove NTLM and Negotiate from the list of enabled providers.

  7. Add the Negotiate:Kerberos provider. Select OK.

TitleResults for “How to create a CRG?”Also Available in