home
products
contribute
download
documentation
forum
Home
Forums
New posts
Search forums
What's new
New posts
All posts
Latest activity
Members
Registered members
Current visitors
Donate
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Search titles only
By:
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
MediaPortal 1
Support
General Support
Running TVService as "NT Service\TVService" or "Local Service" not working anymore since Windows September 2025 updates
Contact us
RSS
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Andy_2639" data-source="post: 1303854" data-attributes="member: 161048"><p>I can't connect the problem to networking. It appeared over network (with RTSP) as well as with a single-seat setup.</p><p></p><p>Your SMB problems might be connected to SMB/NTLM hardening that Microsoft is currently doing. SMB version 1 shall die and AFAIK MS is automatically deinstalling it. Also replay-attack protection for NTLM is going to be enforced step-by-step IIRC.</p><p></p><p>I'm most probably not affected by this because I already enabled some mitigation via Group Policies/Registry. Be aware that these settings are rather strict and need some deviations on client/server to allow SMB/RDP communication (especially ClientAllowedNTLMServers/RestrictSendingNTLMTraffic and RestrictReceivingNTLMTraffic - that's what I have to change in my network with just Windows 11 computers). I intend this more as a starting point for research which setting might cause your network to break.</p><p>[CODE=ini]Windows Registry Editor Version 5.00</p><p></p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]</p><p>;"ClientAllowedNTLMServers"=hex(7):</p><p>"RestrictSendingNTLMTraffic"=dword:00000002</p><p>; https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic</p><p>"RestrictReceivingNTLMTraffic"=dword:00000002</p><p>;"RestrictReceivingNTLMTraffic"=dword:00000001</p><p></p><p>; SMB hardening</p><p>; https://support.microsoft.com/en-us/help/2345886/description-of-the-update-that-implements-extended-protection-for-auth</p><p>; Client</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]</p><p>"SuppressExtendedProtection"=dword:00000000</p><p>; Server</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters]</p><p>;"SmbServerNameHardeningLevel"=dword:00000001</p><p>"SmbServerNameHardeningLevel"=dword:00000002</p><p>;"SrvAllowedServerNames"</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0]</p><p>"ExtendedProtection"=dword:00000002</p><p></p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]</p><p>"NoLmHash"=dword:00000001</p><p>; https://techcommunity.microsoft.com/blog/coreinfrastructureandsecurityblog/active-directory-hardening-series---part-1-%e2%80%93-disabling-ntlmv1/3934787</p><p>"LmCompatibilityLevel"=dword:00000005</p><p></p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters]</p><p>"AutoShareWks"=dword:00000000</p><p>"EnablePlainTextPassword"=dword:00000000</p><p>"enablesecuritysignature"=dword:00000001</p><p>"requiresecuritysignature"=dword:00000001</p><p></p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]</p><p>"EnablePlainTextPassword"=dword:00000000</p><p>"EnableSecuritySignature"=dword:00000001</p><p>"requiresecuritysignature"=dword:00000001</p><p>"AllowInsecureGuestAuth"=dword:00000000</p><p></p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters]</p><p>; https://support.microsoft.com/en-us/topic/2020-2023-and-2024-ldap-channel-binding-and-ldap-signing-requirements-for-windows-kb4520412-ef185fb8-00f7-167d-744c-f299a66fc00a</p><p>"LDAPServerIntegrity"=dword:00000002</p><p>"LdapEnforceChannelBinding"=dword:00000002</p><p></p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ldap]</p><p>"ldapclientconfidentiality"=dword:00000002</p><p>; https://techcommunity.microsoft.com/blog/coreinfrastructureandsecurityblog/active-directory-hardening-series---part-3-%E2%80%93-enforcing-ldap-signing/4066233</p><p>; https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements</p><p>"ldapclientintegrity"=dword:00000002</p><p>[/CODE]</p></blockquote><p></p>
[QUOTE="Andy_2639, post: 1303854, member: 161048"] I can't connect the problem to networking. It appeared over network (with RTSP) as well as with a single-seat setup. Your SMB problems might be connected to SMB/NTLM hardening that Microsoft is currently doing. SMB version 1 shall die and AFAIK MS is automatically deinstalling it. Also replay-attack protection for NTLM is going to be enforced step-by-step IIRC. I'm most probably not affected by this because I already enabled some mitigation via Group Policies/Registry. Be aware that these settings are rather strict and need some deviations on client/server to allow SMB/RDP communication (especially ClientAllowedNTLMServers/RestrictSendingNTLMTraffic and RestrictReceivingNTLMTraffic - that's what I have to change in my network with just Windows 11 computers). I intend this more as a starting point for research which setting might cause your network to break. [CODE=ini]Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0] ;"ClientAllowedNTLMServers"=hex(7): "RestrictSendingNTLMTraffic"=dword:00000002 ; https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic "RestrictReceivingNTLMTraffic"=dword:00000002 ;"RestrictReceivingNTLMTraffic"=dword:00000001 ; SMB hardening ; https://support.microsoft.com/en-us/help/2345886/description-of-the-update-that-implements-extended-protection-for-auth ; Client [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "SuppressExtendedProtection"=dword:00000000 ; Server [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters] ;"SmbServerNameHardeningLevel"=dword:00000001 "SmbServerNameHardeningLevel"=dword:00000002 ;"SrvAllowedServerNames" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0] "ExtendedProtection"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "NoLmHash"=dword:00000001 ; https://techcommunity.microsoft.com/blog/coreinfrastructureandsecurityblog/active-directory-hardening-series---part-1-%e2%80%93-disabling-ntlmv1/3934787 "LmCompatibilityLevel"=dword:00000005 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters] "AutoShareWks"=dword:00000000 "EnablePlainTextPassword"=dword:00000000 "enablesecuritysignature"=dword:00000001 "requiresecuritysignature"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters] "EnablePlainTextPassword"=dword:00000000 "EnableSecuritySignature"=dword:00000001 "requiresecuritysignature"=dword:00000001 "AllowInsecureGuestAuth"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters] ; https://support.microsoft.com/en-us/topic/2020-2023-and-2024-ldap-channel-binding-and-ldap-signing-requirements-for-windows-kb4520412-ef185fb8-00f7-167d-744c-f299a66fc00a "LDAPServerIntegrity"=dword:00000002 "LdapEnforceChannelBinding"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ldap] "ldapclientconfidentiality"=dword:00000002 ; https://techcommunity.microsoft.com/blog/coreinfrastructureandsecurityblog/active-directory-hardening-series---part-3-%E2%80%93-enforcing-ldap-signing/4066233 ; https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements "ldapclientintegrity"=dword:00000002 [/CODE] [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
MediaPortal 1
Support
General Support
Running TVService as "NT Service\TVService" or "Local Service" not working anymore since Windows September 2025 updates
Contact us
RSS
Top
Bottom
