SCCM 2012 R2; Distribution Point servers are Windows Server 2012 R2 (IIS 8.5). Everything working fine. Being requested to make a change, and I want to verify what, if any, impact it may have. By default, when Windows Authentication is enabled the DP website apps (SMS_DP_SMSPKG$ and SMS_DP_SMSSIG$) the authentication providers are set to: 1. Negotiate & 2. NTLM.
I'm being asked to remove NTLM from the list. I believe this should be something I can do without any issues, because "negotiate" should revert to NTLM if Kerberos can't be leveraged. However, I'm curious why the default config would be to list both if having both is 100% redundantly unnecessary? Will I break something if I remove NTLM?