We use Oracle Applications on our Windows network and have enabled WNA integration for Oracle/AD integration. This works well except using IE8 on Windows 7, we have to manually enter credentials to login in to the Oracle App.
Oracle posted this fix for it:
Run gpedit.msc - Expand "Local Computer Policy" > "Computer Configuration" > "Windows Settings" > "Security Settings" > "Local Policies" > "Security Options"
Double click "Network security: Configure encryption types allowed for Kerberos" - Select "DES_CBC_MD5" and "DES_CBC_CRC"
Run regedit.exe (Take a backup of the registry settings before any change)
Change HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SuppressExtendedProtection = REG_DWORD with a value of 3
I did this and the fix worked. However, once I have done this the Windows 7 client cannot logon to the network anymore - always bad username or password. I assume that DES authentication needs to be turned on on the AD servers. My AD servers are Win 2003 and Win 2008 (not R2). How can I solve this issue?
I am concerned about enabling this via group policy because the only time i can see the "Network security: Configure encryption types allowed for Kerberos" is via a Windows 7 computer using GPO man. When I look at the policy on 2003 or 2008 server this particular GPO setting is not present. I am scared to set it and lock out all my other clients the majority of which are Windows XP.