Diff: RequireSignOrSeal

Differences between current version and predecessor to the previous major change of RequireSignOrSeal.

Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History

Newer page: version 5 Last edited on Thursday, September 9, 2004 1:22:38 am by BillEager
Older page: version 1 Last edited on Tuesday, July 30, 2002 2:07:58 pm by GavinGrieve Revert
@@ -1,6 +1,23 @@
-Start Regedit  
-Navigate to: 
+Windows XP tries to sign or seal the secure channel between the workstation and the domain controller. This causes the following error:  
+__Windows cannot connect to the domain either because the domain controller is down or otherwise unavailable or because your computer account was not found.__  
+The domain controller may record:  
+__Event ID: 5723__  
+__The session setup from the computer <Computername> failed to authenticate. The name of the account referenced in the security database is <Computername>. The following error occurred: Access is denied.__  
+The client may record:  
+__Event Source: NETLOGON__  
+__Event ID: 3227__  
+__Description: The session setup to the Windows NT or Windows 2000 domain controller \\<!ServerName> for the domain <!DomainName> failed because \\<!ServerName> does not support signing or sealing the Netlogon session. Either upgrade the domain controller or set the !RequireSignOrSeal registry entry on this machine to .__  
+!!Option 1: Manual registry editing  
+ Start Regedit, navigate to: 
 and change 
@@ -9,4 +26,24 @@
+!!Option 2: The only way Microsoft advocates changing this setting  
+# Use Control Panel to open Local Security Policy in the Administrative Tools.  
+# Navigate to Local Policies / Security Options.  
+# Double-click Domain Member:Digitally encrypt or sign secure channel data (always).  
+# Press Disabled.  
+# Press Apply and OK.  
+!!Option #3: registry file  
+Save the followig text to requiresignorseal.reg and then right click->Merge  
+ [[HKEY_LOCAL_MACHINE\SYSTEM\!CurrentControlSet\Services\Netlogon\Parameters]  
+ "requiresignorseal"=dword:00000000  
+This file can be found in the docs/Registry directory of the Samba 2.2.2 source distribution as WinXP_!SignOrSeal.reg.