We help IT Professionals succeed at work.
Get Started
DES encryption and Windows Server
We use Oracle Applications on our Windows network and have enabled WNA integration for Oracle/AD integration. This works well except using IE8 on Windows 7, we have to manually enter credentials to login in to the Oracle App.
Oracle posted this fix for it:
Run gpedit.msc - Expand "Local Computer Policy" > "Computer Configuration" > "Windows Settings" > "Security Settings" > "Local Policies" > "Security Options"
Double click "Network security: Configure encryption types allowed for Kerberos" - Select "DES_CBC_MD5" and "DES_CBC_CRC"
Press "OK"
and
Run regedit.exe (Take a backup of the registry settings before any change)
Change HKEY_LOCAL_MACHINE\SYSTEM\
I did this and the fix worked. However, once I have done this the Windows 7 client cannot logon to the network anymore - always bad username or password. I assume that DES authentication needs to be turned on on the AD servers. My AD servers are Win 2003 and Win 2008 (not R2). How can I solve this issue?
I am concerned about enabling this via group policy because the only time i can see the "Network security: Configure encryption types allowed for Kerberos" is via a Windows 7 computer using GPO man. When I look at the policy on 2003 or 2008 server this particular GPO setting is not present. I am scared to set it and lock out all my other clients the majority of which are Windows XP.
Help.
Oracle posted this fix for it:
Run gpedit.msc - Expand "Local Computer Policy" > "Computer Configuration" > "Windows Settings" > "Security Settings" > "Local Policies" > "Security Options"
Double click "Network security: Configure encryption types allowed for Kerberos" - Select "DES_CBC_MD5" and "DES_CBC_CRC"
Press "OK"
and
Run regedit.exe (Take a backup of the registry settings before any change)
Change HKEY_LOCAL_MACHINE\SYSTEM\
I did this and the fix worked. However, once I have done this the Windows 7 client cannot logon to the network anymore - always bad username or password. I assume that DES authentication needs to be turned on on the AD servers. My AD servers are Win 2003 and Win 2008 (not R2). How can I solve this issue?
I am concerned about enabling this via group policy because the only time i can see the "Network security: Configure encryption types allowed for Kerberos" is via a Windows 7 computer using GPO man. When I look at the policy on 2003 or 2008 server this particular GPO setting is not present. I am scared to set it and lock out all my other clients the majority of which are Windows XP.
Help.
Why Experts Exchange?
Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.
Jim Murphy
Programmer at Smart IT Solutions
When asked, what has been your best career decision?
Deciding to stick with EE.
Mohamed Asif
Technical Department Head
Being involved with EE helped me to grow personally and professionally.
Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question
Connect with Certified Experts to gain insight and support on specific technology challenges including:
- Troubleshooting
- Research
- Professional Opinions
Did You Know?
We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE