Microsoft KB Archive/318266

From BetaArchive Wiki
Knowledge Base


Article ID: 318266

Article Last Modified on 5/29/2007


APPLIES TO

  • Microsoft Windows XP Professional
  • Microsoft Windows NT Server 4.0 Standard Edition


This article was previously published under Q318266

SYMPTOMS

After you join a Windows XP-based client to a Windows NT 4.0-based domain, the client may be unable to log on to the domain. You may receive the following error message:

Windows cannot connect to the domain either because the domain controller is down or otherwise unavailable or because your computer account was not found.

Event ID 5723 may also be recorded on a domain controller in the domain when the client attempts to log on:

The session setup from the computer Computername failed to authenticate. The name of the account referenced in the security database is Computername. The following error occurred: Access is denied.

You may also see the following entry in Event Viewer on the client:

Event Source: NETLOGON
Event ID: 3227
Description:
The session setup to the Windows NT or Windows 2000 domain controller \\Server for the domain Domainname failed because \\Server does not support signing or sealing the Netlogon session. Either upgrade the domain controller or set the RequireSignOrSeal registry entry on this machine to 0.

CAUSE

This behavior occurs because the Windows XP-based client tries to sign or seal the secure channel. Windows XP Professional does this by default. However, Windows NT 4.0 is not configured to do this by default.

RESOLUTION

To resolve this issue:

  1. Click Start, and then click Control Panel.
  2. If you are using Classic view in Control Panel, double-click Administrative Tools, and then double-click Local Security Policy.


If you are using Category view in Control Panel, click Performance and Maintenance, click Administrative Tools, and then double-click Local Security Policy.

  1. Under the Local Policies\Security Options node, double-click the Domain Member:Digitally encrypt or sign secure channel data (always) policy to open it.
  2. Click Disabled, and then click OK.


MORE INFORMATION

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

183859 Integrity Checking on Secure Channels with Domain Controllers


Keywords: kbenv kberrmsg kbprb KB318266



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/318266&oldid=175177
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki