18.104.22.168.1 Client Initiates the NEGOTIATE_MESSAGE
When the client application initiates the exchange through SSPI, the NTLM client sends the NEGOTIATE_MESSAGE to the server, which is embedded in an application protocol message, and encoded according to that application protocol.
If ClientBlocked == TRUE and targ_name ([RFC2743] section 2.2.1) does not equal any of the ClientBlockExceptions server names, then the NTLM client MUST return STATUS_NOT_SUPPORTED to the client application.<41>
The client prepares a NEGOTIATE_MESSAGE and sets the following fields:
The Signature field is set to the string, "NTLMSSP".
The MessageType field is set to NtLmNegotiate.
The client sets the following configuration flags in the NegotiateFlags field of the NEGOTIATE_MESSAGE:
If LM authentication is not being used, then the client sets the following configuration flag in the NegotiateFlags field of the NEGOTIATE_MESSAGE:
In addition, the client sets the flags specified by the application in the NegotiateFlags field in addition to the initialized flags.
If the NTLMSSP_NEGOTIATE_VERSION flag is set by the client application, the Version field MUST be set to the current version (section 22.214.171.124), the DomainName field MUST be set to a zero-length string, and the Workstation field MUST be set to a zero-length string.