JSI Tip 5146. Windows XP client cannot log on to a Windows NT 4.0 domain?

Windows XP tries to sign or seal the secure channel between the workstation and the domain controller. This causes the following error:

Windows cannot connect to the domain either because the domain controller is down or otherwise unavailable or because your computer account was not found.

The domain controller may record:

Event ID: 5723

The session setup from the computer <Computername> failed to authenticate. The name of the account referenced in the security database is <Computername>. The following error occurred: Access is denied.

The client may record:

Event Source: NETLOGON
Event ID: 3227
Description: The session setup to the Windows NT or Windows 2000 domain controller \\<ServerName> for the domain <DomainName> failed because \\<ServerName> does not support signing or sealing the Netlogon session. Either upgrade the domain controller or set the RequireSignOrSeal registry entry on this machine to 0.

To workaround this feature difference:

1. Use Control Panel to open Local Security Policy in the Administrative Tools.

2. Navigate to Local Policies / Security Options.

3. Double-click Domain Member:Digitally encrypt or sign secure channel data (always).

4. Press Disabled.

5. Press Apply and OK.

NOTE: You could Merge the following requiresignorseal.reg file:

REGEDIT4

\[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\]
"requiresignorseal"=dword:00000000




Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish