Differences between current version and predecessor to the previous major change of RequireSignOrSeal.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
Newer page: | version 5 | Last edited on Thursday, September 9, 2004 1:22:38 am | by BillEager | |
Older page: | version 1 | Last edited on Tuesday, July 30, 2002 2:07:58 pm | by GavinGrieve | Revert |
@@ -1,6 +1,23 @@
-Start Regedit
-Navigate
to:
+Windows XP tries to sign or seal the secure channel between the workstation and the domain controller. This causes the following error:
+
+__Windows cannot connect to the domain either because the domain controller is down or otherwise unavailable or because your computer account was not found.__
+
+The domain controller may record:
+
+__Event ID: 5723__
+
+__The session setup from the computer <Computername> failed to authenticate. The name of the account referenced in the security database is <Computername>. The following error occurred: Access is denied.__
+
+The client may record:
+
+__Event Source: NETLOGON__
+__Event ID: 3227__
+__Description: The session setup to the Windows NT or Windows 2000 domain controller \\<!ServerName> for the domain <!DomainName> failed because \\<!ServerName> does not support signing or sealing the Netlogon session. Either upgrade the domain controller or set the !RequireSignOrSeal registry entry on this machine to .__
+
+!!Option 1: Manual registry editing
+
+
Start Regedit, navigate
to:
HKEY_LOCAL_MACHINE\System\!CurrentControlSet\Services\!NetLogon\Parameters
and change
@@ -9,4 +26,24 @@
to
"!RequireSignOrSeal"=dword:00000000
+
+
+!!Option 2: The only way Microsoft advocates changing this setting
+
+# Use Control Panel to open Local Security Policy in the Administrative Tools.
+# Navigate to Local Policies / Security Options.
+# Double-click Domain Member:Digitally encrypt or sign secure channel data (always).
+# Press Disabled.
+# Press Apply and OK.
+
+!!Option #3: registry file
+
+Save the followig text to requiresignorseal.reg and then right click->Merge
+
+ REGEDIT4
+
+ [[HKEY_LOCAL_MACHINE\SYSTEM\!CurrentControlSet\Services\Netlogon\Parameters]
+ "requiresignorseal"=dword:00000000
+
+This file can be found in the docs/Registry directory of the Samba 2.2.2 source distribution as WinXP_!SignOrSeal.reg.