Annotated edit history of
RequireSignOrSeal version 5, including all changes.
View license author blame.
| Rev |
Author |
# |
Line |
| 2 |
CraigBox |
1 |
Windows XP tries to sign or seal the secure channel between the workstation and the domain controller. This causes the following error: |
| |
|
2 |
|
| 3 |
CraigBox |
3 |
__Windows cannot connect to the domain either because the domain controller is down or otherwise unavailable or because your computer account was not found.__ |
| 2 |
CraigBox |
4 |
|
| |
|
5 |
The domain controller may record: |
| |
|
6 |
|
| 3 |
CraigBox |
7 |
__Event ID: 5723__ |
| 2 |
CraigBox |
8 |
|
| 3 |
CraigBox |
9 |
__The session setup from the computer <Computername> failed to authenticate. The name of the account referenced in the security database is <Computername>. The following error occurred: Access is denied.__ |
| 2 |
CraigBox |
10 |
|
| |
|
11 |
The client may record: |
| |
|
12 |
|
| 3 |
CraigBox |
13 |
__Event Source: NETLOGON__ |
| |
|
14 |
__Event ID: 3227__ |
| |
|
15 |
__Description: The session setup to the Windows NT or Windows 2000 domain controller \\<!ServerName> for the domain <!DomainName> failed because \\<!ServerName> does not support signing or sealing the Netlogon session. Either upgrade the domain controller or set the !RequireSignOrSeal registry entry on this machine to 0.__ |
| 2 |
CraigBox |
16 |
|
| |
|
17 |
!!Option 1: Manual registry editing |
| |
|
18 |
|
| |
|
19 |
Start Regedit, navigate to: |
| 1 |
GavinGrieve |
20 |
|
| |
|
21 |
HKEY_LOCAL_MACHINE\System\!CurrentControlSet\Services\!NetLogon\Parameters |
| |
|
22 |
|
| |
|
23 |
and change |
| |
|
24 |
|
| |
|
25 |
"!RequireSignOrSeal"=dword:00000001 |
| |
|
26 |
|
| |
|
27 |
to |
| |
|
28 |
|
| |
|
29 |
"!RequireSignOrSeal"=dword:00000000 |
| 2 |
CraigBox |
30 |
|
| |
|
31 |
|
| 5 |
BillEager |
32 |
!!Option 2: The only way Microsoft advocates changing this setting |
| 2 |
CraigBox |
33 |
|
| |
|
34 |
# Use Control Panel to open Local Security Policy in the Administrative Tools. |
| |
|
35 |
# Navigate to Local Policies / Security Options. |
| |
|
36 |
# Double-click Domain Member:Digitally encrypt or sign secure channel data (always). |
| |
|
37 |
# Press Disabled. |
| |
|
38 |
# Press Apply and OK. |
| |
|
39 |
|
| |
|
40 |
!!Option #3: registry file |
| |
|
41 |
|
| |
|
42 |
Save the followig text to requiresignorseal.reg and then right click->Merge |
| |
|
43 |
|
| |
|
44 |
REGEDIT4 |
| |
|
45 |
|
| 4 |
CraigBox |
46 |
[[HKEY_LOCAL_MACHINE\SYSTEM\!CurrentControlSet\Services\Netlogon\Parameters] |
| 2 |
CraigBox |
47 |
"requiresignorseal"=dword:00000000 |
| |
|
48 |
|
| |
|
49 |
This file can be found in the docs/Registry directory of the Samba 2.2.2 source distribution as WinXP_!SignOrSeal.reg. |
