Differences between version 2 and predecessor to the previous major change of RequireSignOrSeal.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 2 | Last edited on Tuesday, July 30, 2002 3:31:01 pm | by CraigBox | Revert |
| Older page: | version 1 | Last edited on Tuesday, July 30, 2002 2:07:58 pm | by GavinGrieve | Revert |
@@ -1,6 +1,23 @@
-Start Regedit
-Navigate
to:
+Windows XP tries to sign or seal the secure channel between the workstation and the domain controller. This causes the following error:
+
+ Windows cannot connect to the domain either because the domain controller is down or otherwise unavailable or because your computer account was not found.
+
+The domain controller may record:
+
+Event ID: 5723
+
+ The session setup from the computer <Computername> failed to authenticate. The name of the account referenced in the security database is <Computername>. The following error occurred: Access is denied.
+
+The client may record:
+
+ Event Source: NETLOGON
+ Event ID: 3227
+ Description: The session setup to the Windows NT or Windows 2000 domain controller \\<ServerName> for the domain <DomainName> failed because \\<ServerName> does not support signing or sealing the Netlogon session. Either upgrade the domain controller or set the RequireSignOrSeal registry entry on this machine to .
+
+!!Option 1: Manual registry editing
+
+
Start Regedit, navigate
to:
HKEY_LOCAL_MACHINE\System\!CurrentControlSet\Services\!NetLogon\Parameters
and change
@@ -9,4 +26,24 @@
to
"!RequireSignOrSeal"=dword:00000000
+
+
+!!Option 2: The only way Microsoft advocate changing this setting
+
+# Use Control Panel to open Local Security Policy in the Administrative Tools.
+# Navigate to Local Policies / Security Options.
+# Double-click Domain Member:Digitally encrypt or sign secure channel data (always).
+# Press Disabled.
+# Press Apply and OK.
+
+!!Option #3: registry file
+
+Save the followig text to requiresignorseal.reg and then right click->Merge
+
+ REGEDIT4
+
+ [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
+ "requiresignorseal"=dword:00000000
+
+This file can be found in the docs/Registry directory of the Samba 2.2.2 source distribution as WinXP_!SignOrSeal.reg.
