message:Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server.
NTLM is a weaker authentication mechanism. Please check:
Which applications are using NTLM authentication?
Are there configuration issues preventing the use of stronger authentication such as Kerberos authentication?
If NTLM must be supported, is Extended Protection configured?
Details on how to complete these checks can be found at http://go.microsoft.com/fwlink/?LinkId=225699.
Resolution
Events related to Windows authentication.
Detected that NTLM authentication is being used. It is a weaker authentication method than Kerberos. Check the audit settings to see which applications are using NTLM authentication. Check what is causing NTLM authentication to be used. If you need to use NTLM authentication, make sure the strong method is used.
