Microsoft KB Archive/303790

= XGEN: The MCU Does Not Follow Domain Policy to Guarantee a Specific Encryption Level =

Article ID: 303790

Article Last Modified on 10/26/2006

-

APPLIES TO


 * Microsoft Exchange 2000 Conferencing Server

-



This article was previously published under Q303790





SYMPTOMS
Multipoint Control Unit (MCU) may not follow domain policy to guarantee a specific encryption level. For example, even if domain policy settings that prohibit the following are turned on, a user may be able to join a secure conference as an invitee:
 * Using a 40-bit, cipher-strength browser. -and-


 * Over a secure channel that requires a client user certificate.



RESOLUTION
To resolve this problem, obtain the latest service pack for Microsoft Exchange 2000 Conferencing Server. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

301378 XGEN: How to Obtain the Latest Exchange 2000 Server Service Pack

The English version of this fix should have the following file attributes or later:

Component: MCU

NOTE: Because of file dependencies, this update requires Microsoft Exchange 2000 Conferencing Server Service Pack 1.



STATUS
Microsoft has confirmed that this is a problem in Microsoft Exchange 2000 Conferencing Server. This problem was first corrected in Microsoft Exchange 2000 Server Service Pack 2.



MORE INFORMATION
To use the 128-bit encryption level, make sure that the MCU and the clients have the Microsoft Windows 2000 high-encryption pack installed.

You can use the SOFTWARE\\Microsoft\\Exchange Conferencing\\Parameters\\MCUMinCipherStrength DWORD registry value for encryption-level enforcement to determine the minimum cipher strength. This is enforced on inbound Secure Sockets Layer (SSL) connections to the MCU.

If you use a DWORD value other than one of the documented DWORD values in this table, the cipher strength is forced to the next lower value. For example, if you use &quot;55&quot; as a value, the value forces 40-bit cipher strength, but if you use &quot;57&quot; as a value, the value forces 56-bit cipher strength. A value that is higher than the encryption pack that is available on the system uses the system default.

Keywords: kbbug kbexchange2000presp2fix kbexchange2000sp2fix kbfix KB303790

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.