You are viewing an old revision of this page.
- Windows XP tries to sign or seal the secure channel between the workstation and the domain controller. This causes the following error
- Windows cannot connect to the domain either because the domain controller is down or otherwise unavailable or because your computer account was not found.
The domain controller may record:
Event ID: 5723
The session setup from the computer <Computername> failed to authenticate. The name of the account referenced in the security database is <Computername>. The following error occurred: Access is denied.
- The client may record
- Event Source: NETLOGON
Event ID: 3227
Description: The session setup to the Windows NT or Windows 2000 domain controller \\<ServerName?> for the domain <DomainName> failed because \\<ServerName?> does not support signing or sealing the Netlogon session. Either upgrade the domain controller or set the RequireSignOrSeal registry entry on this machine to 0.
Option 1: Manual registry editing
- Start Regedit, navigate to
- HKEY_LOCAL_MACHINE\System\!CurrentControlSet?\Services\!NetLogon?\Parameters
and change
"!RequireSignOrSeal"=dword:00000001
to
"!RequireSignOrSeal"=dword:00000000
Option 2: The only way Microsoft advocate changing this setting
- Use Control Panel to open Local Security Policy in the Administrative Tools.
- Navigate to Local Policies / Security Options.
- Double-click Domain Member:Digitally encrypt or sign secure channel data (always).
- Press Disabled.
- Press Apply and OK.
Option #3: registry file
Save the followig text to requiresignorseal.reg and then right click->Merge
REGEDIT4
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters?
"requiresignorseal"=dword:00000000
This file can be found in the docs/Registry directory of the Samba 2.2.2 source distribution as WinXP_!SignOrSeal?.reg.