FIX: Unable to connect to Synology NAS from Domain Controller or older Windows Clients or Servers.
If you cannot connect to your Synology NAS from your Windows Server 2019/2016 Domain Controller (DC) because authentication fails, continue reading below to resolve the issue.
Problem: While connecting to the Synology NAS from Windows 10/11 or standard Windows Server 2016/2019 is successful, it fails when connecting from the domain controller or older Windows clients or server.
Specifically, you can log in to Synology from all workstations running Windows11/10, but you cannot log in to Synology from the Server 2016/2019 Domain Controller(s) or from older Windows 7/8 machines (or servers), because the authentication fails with an error "The username or password is incorrect."
Cause: The issue is caused because the domain controller is trying to authenticate with your Synology NAS using the NTLMv1 authentication protocol, which is disabled by default (on the Synology NAS device) for security reasons.
How to FIX: Unable to connect to and access SYNOLOGY NAS shared folders from a standalone Windows Server 2016/2019 or from Domain controller or from older Windows clients and servers.
-
Enable NTLMv2 authentication on Domain Controller.
-
Enable NTLMv2 authentication on older Windows Clients/Servers.
-
Enable NTLMv1 authentication on Synology NAS.
Method 1. Enable NTLMv2 authentication on Domain Controller.
As mentioned above, the problem is caused because the domain controller is not using the NTLMv2 protocol to authenticate with Synology. To force the domain controller to use the NTLMv2 authentication method when authenticating to your NAS device, proceed and change the Network security: LAN Manager authentication level as instructed below:*
* Note: The following steps should be applied to any domain controller running Windows Server 2019/2016 that cannot connect to the Synology NAS. If you face the problem while trying to connect to your NAS from a standard Windows Server or an older Windows client see the instructions on method-2 below:
1. Open Server Manager and from the Tools menu, open Group Policy Management (gpmc.msc).
2. In Group Policy Management, under your domain, expand Domain Controllers and edit the Default Domain Controllers Policy.
2a. Navigate to the following path:
-
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options
2b. Open the Network Security: LAN Manager Authentication Level policy.
2c. Select to 'Define this policy setting' and then select below "Send NTLMv2 response only" or "Send NTLMv2 response only. Refuse LM & NTLM" (for better security). When done, click Apply > OK.
3. Close the Group Policy Management console.
4. Open command prompt and run "gpupdate /force" to apply the policy, or restart the machine.
5. Try to connect to Synology NAS now.
Method 2. Enable NTLMv2 authentication on Windows 11/10/7/8 or Standalone Windows Servers. (NOT Domain Controllers).*
* Note: This method applies to Windows Server 2003, Windows Server 2008, Windows 7, Windows 8, Windows 8.1, Windows 11, Windows 10, Windows Server 2008, Windows Server 2012.
1. Simultaneously press the Windows 
+ R keys to open the ‘Run‘ command box.
2. In run command box, type regedit press Enter to open the Registry Editor.
3a. At the left pane, navigate to the following registry key:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
4a. Then, open the LmCompatibilityLevel REG_DWORD on the right pane.
4b. Set the value data to "5" and click OK.
5. Close the registry editor, restart the computer and try to connect to your Synology NAS again.
Additional notes/info:
1. The "LAN Manager Authentication Level" can also be changed via Group Policy under the bellow mentioned location:
-
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options > Network Security: LAN Manager Authentication Level
2. The possible LAN Manager authentication level values are listed below along with the level of security they provide. (source):
-
0 = Send LM & NTLM responses (Very insecure)
-
1 = Send LM & NTLM – use NTLMv2 session security if negotiated (Insecure)
-
2 = Send NTLM response only (Weak security)
-
3 = Send NTLMv2 response only (Moderate security)
-
4 = Send NTLMv2 response only. Refuse LM (Strong security)
-
5 = Send NTLMv2 response only. Refuse LM & NTLM (Very strong security – BEST)
Method 3. Enable NTLMv1 authentication on Synology NAS.
The final, BUT NOT SECURE* method to solve the aforementioned problem is to enable NTLMv1 authentication on your Synology NAS device. To do that, follow the steps below:
Caution* : Enabling NTLMv1 authentication poses a significant security risk to your NAS device. It should only be used as a last resort when the above more secure method cannot be applied for any reason.
1. On DSM, go to Control Panel > File Services > SMB > Advanced Settings.
2. On the "Others" tab, select Enable NTLMv1 Authentication and then click Apply.
3. Read carefully the information message and if you agree click Yes.
4. Now try to connect to NAS shares from your Domain Controller.
That's it! Which method worked for you?
Let me know if this guide has helped you by leaving your comment about your experience. Please like and share this guide to help others.
Frequently Asked Questions
Why can't I connect to my Synology NAS from a Domain Controller?
The connection fails because the domain controller is attempting to use NTLMv1 authentication, which is disabled on the Synology NAS by default for security reasons.
How can I resolve authentication issues with Synology NAS on Windows Server Domain Controllers?
You should enable NTLMv2 authentication on the Domain Controller. This involves modifying the 'Network security: LAN Manager authentication level' policy to send only NTLMv2 responses.
What steps should I follow to enable NTLMv2 authentication on a Domain Controller?
Open Group Policy Management, edit the Default Domain Controllers Policy, navigate to 'Security Options', modify 'Network Security: LAN Manager Authentication Level' to use 'Send NTLMv2 response only', apply the changes, and force a policy update using 'gpupdate /force' or restart the machine.
Is there a fix for older Windows clients that can't connect to Synology NAS?
Yes, you can enable NTLMv2 authentication on older Windows clients by changing their registry settings to ensure compatibility with the Synology NAS.
- How to Effectively Remove or Disable Microsoft Copilot on Windows 11. - May 11, 2026
- FIX: Device encryption is temporarily suspended and does not resume after the computer restarts (Windows 11). - May 5, 2026
- How to Install Chrome or any 'Line of Business' app on Intune Enrolled Windows Devices. - April 29, 2026
