How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.
DES encryption and Windows Server
We use Oracle Applications on our Windows network and have enabled WNA integration for Oracle/AD integration. This works well except using IE8 on Windows 7, we have to manually enter credentials to login in to the Oracle App.
Oracle posted this fix for it:
Run gpedit.msc - Expand "Local Computer Policy" > "Computer Configuration" > "Windows Settings" > "Security Settings" > "Local Policies" > "Security Options"
Double click "Network security: Configure encryption types allowed for Kerberos" - Select "DES_CBC_MD5" and "DES_CBC_CRC"
Press "OK"
and
Run regedit.exe (Take a backup of the registry settings before any change)
Change HKEY_LOCAL_MACHINE\SYSTEM\
I did this and the fix worked. However, once I have done this the Windows 7 client cannot logon to the network anymore - always bad username or password. I assume that DES authentication needs to be turned on on the AD servers. My AD servers are Win 2003 and Win 2008 (not R2). How can I solve this issue?
I am concerned about enabling this via group policy because the only time i can see the "Network security: Configure encryption types allowed for Kerberos" is via a Windows 7 computer using GPO man. When I look at the policy on 2003 or 2008 server this particular GPO setting is not present. I am scared to set it and lock out all my other clients the majority of which are Windows XP.
Help.
Oracle posted this fix for it:
Run gpedit.msc - Expand "Local Computer Policy" > "Computer Configuration" > "Windows Settings" > "Security Settings" > "Local Policies" > "Security Options"
Double click "Network security: Configure encryption types allowed for Kerberos" - Select "DES_CBC_MD5" and "DES_CBC_CRC"
Press "OK"
and
Run regedit.exe (Take a backup of the registry settings before any change)
Change HKEY_LOCAL_MACHINE\SYSTEM\
I did this and the fix worked. However, once I have done this the Windows 7 client cannot logon to the network anymore - always bad username or password. I assume that DES authentication needs to be turned on on the AD servers. My AD servers are Win 2003 and Win 2008 (not R2). How can I solve this issue?
I am concerned about enabling this via group policy because the only time i can see the "Network security: Configure encryption types allowed for Kerberos" is via a Windows 7 computer using GPO man. When I look at the policy on 2003 or 2008 server this particular GPO setting is not present. I am scared to set it and lock out all my other clients the majority of which are Windows XP.
Help.
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Windows 7 and 2008 does not support DES by default. It uses HMAC encryption.
I've recently been working on implementing this for a client.
Here is some articles;
http://technet.microsoft.com/en-us/library/dd560670(WS.10).aspx
http://support.microsoft.com/kb/977321
http://www.faqs.org/rfcs/rfc4757.html
I'd rather look at setting up direct Active Directory authentication on the Oracle servers.
http://download.oracle.com/docs/cd/E19351-01/821-1926/z40000dd1295358.html
http://download.oracle.com/docs/cd/B28196_01/idmanage.1014/e12023/ad_integ.htm
http://www.dbforums.com/oracle/1614856-configuring-oracle-authenticate-users-active-directory.html
I've recently been working on implementing this for a client.
Here is some articles;
http://technet.microsoft.com/en-us/library/dd560670(WS.10).aspx
http://support.microsoft.com/kb/977321
http://www.faqs.org/rfcs/rfc4757.html
I'd rather look at setting up direct Active Directory authentication on the Oracle servers.
http://download.oracle.com/docs/cd/E19351-01/821-1926/z40000dd1295358.html
http://download.oracle.com/docs/cd/B28196_01/idmanage.1014/e12023/ad_integ.htm
http://www.dbforums.com/oracle/1614856-configuring-oracle-authenticate-users-active-directory.html
Thanks, but a this encryption relates to 2008 'R2' - i do not have a 2008 R@ server only 2008.
Does this mean I cannot use this see=tting on my windows 7 client if I am not running a 2008 R2 DC? And how would this affect my XP clients?
Does this mean I cannot use this see=tting on my windows 7 client if I am not running a 2008 R2 DC? And how would this affect my XP clients?
I looked at the article http://support.microsoft.com/kb/977321 and this highlights my main point and question. The DES encryption setting is required on Win 2008 R2 version. If I look on a 2008 server non-R2 server the configuration in GP at - Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options - Network security: Configure encryption types allowed for Kerberos option is not present, neither is the registry key HKLM\Software\Microsoft\Wi
SO does this mean that if it is not present it should be enabled by default, as part of the Windows Server OS or is there some other way that it needs to be enabled that is different from W2K8 R2?
SO does this mean that if it is not present it should be enabled by default, as part of the Windows Server OS or is there some other way that it needs to be enabled that is different from W2K8 R2?
I eventually had to log a Microsoft issue as this website is for from an 'EXPERTS EXCHANGE'. Here it is:
This article http://support.microsoft.com/kb/977321 differs from the Oracle instruction and tells us to check all 6 encryption methods as opposed to just the 2.
This fixes the issue.
This article http://support.microsoft.com/kb/977321 differs from the Oracle instruction and tells us to check all 6 encryption methods as opposed to just the 2.
This fixes the issue.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial