SteelHead Domain Join Integration with Active Directory

Microsoft started enforcing msds-KrbTgtLink validation starting January 2022 via their Security Update for NTLM authentication. In simple terms, msds-KrbTgtLink is a link that helps verify your identity when you’re trying to access network resources, preventing tampering. Microsoft has explained that these improvements and fixes will be a part of Security Updates going forward.

This produced a hurdle for users of Riverbed SteelHeads who join domains via Riverbed’s Active Directory Integrated Mode (Windows 2008 and later). One of the solutions researched by Riverbed was to modify the SteelHead’s userAccountControl value to represent with a small subset of attributes used by a Domain Controller, but without enabling any Domain Controlling functions from Riverbed SteelHeads after joined to the domain.

For a detailed technical insights, please refer to this technical brief.

About the author

Riverbed, the leader in AIOps for observability, helps organizations optimize their users’ experiences by leveraging AI automation for the prevention, identification, and resolution of IT issues. With over 20 years of experience in data collection and AI and machine learning, Riverbed’s open and AI-powered observability platform and solutions optimize digital experiences and greatly improve IT efficiency. Riverbed also offers industry-leading Acceleration solutions that provide fast, agile, secure acceleration of any app, over any network, to users anywhere. Together with our thousands of market-leading customers globally – including 95% of the FORTUNE 100 – we are empowering next-generation digital experiences.

More posts by Riverbed

SHARE ON:

TAGS: Application Acceleration, Optimization, Security, SteelHead, SteelHead Cloud, SteelHead Mobile, WAN optimization