Hello Everyone,

We have introduced a 2008 R2 DC into our environment, migrated all the roles 
to it, and for now are keeping some 2003 DCs for a mixed mode domain 
functionality environment..

We do have some older machines (NT) that currently we cannot get rid of and 
I am seeing some authentication errors on the 08 DC (IDs 5722, 5805).  Since 
we still have 03 DC's, the NT machines still authenticate fine.

My question is regarding KB 942564 - for our environment, I'm thinking we 
would use the group policy workaround - where I get stumped is step 6: 
Install third-party software updates that fix the problem, or remove client 
computers that use incompatible cryptography algorithms..  

Can someone please clarify this?  Does this mean that even though we 
correctly set the group policy, the clients still won't authenticate unless 
'updates' are applied? 

Thanks in advance!!!!

Hello da,

This part belongs to 3rd party software, not using the correct algorithmus. 
So with a wwong one you still can't use the GPO, there is only the option 
to remove it.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers 
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm 


> Hello Everyone,
> 
> We have introduced a 2008 R2 DC into our environment, migrated all the
> roles to it, and for now are keeping some 2003 DCs for a mixed mode
> domain functionality environment..
> 
> We do have some older machines (NT) that currently we cannot get rid
> of and I am seeing some authentication errors on the 08 DC (IDs 5722,
> 5805).  Since we still have 03 DC's, the NT machines still
> authenticate fine.
> 
> My question is regarding KB 942564 - for our environment, I'm thinking
> we would use the group policy workaround - where I get stumped is step
> 6: Install third-party software updates that fix the problem, or
> remove client computers that use incompatible cryptography
> algorithms..
> 
> Can someone please clarify this?  Does this mean that even though we
> correctly set the group policy, the clients still won't authenticate
> unless 'updates' are applied?
> 
> Thanks in advance!!!!
> 

Thank you for the reply Meinolf.

Just to confirm - with the GPO, all windows machines (at least NT and later) 
will be able to authenticate to an 08 R2 DC.  Only 3rd party apps would need 
to be upgraded or removed?

Thanks again!

"Meinolf Weber [MVP-DS]" wrote:

> Hello da,
> 
> This part belongs to 3rd party software, not using the correct algorithmus. 
> So with a wwong one you still can't use the GPO, there is only the option 
> to remove it.
> 
> Best regards
> 
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers 
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm 
> 
> 
> > Hello Everyone,
> > 
> > We have introduced a 2008 R2 DC into our environment, migrated all the
> > roles to it, and for now are keeping some 2003 DCs for a mixed mode
> > domain functionality environment..
> > 
> > We do have some older machines (NT) that currently we cannot get rid
> > of and I am seeing some authentication errors on the 08 DC (IDs 5722,
> > 5805).  Since we still have 03 DC's, the NT machines still
> > authenticate fine.
> > 
> > My question is regarding KB 942564 - for our environment, I'm thinking
> > we would use the group policy workaround - where I get stumped is step
> > 6: Install third-party software updates that fix the problem, or
> > remove client computers that use incompatible cryptography
> > algorithms..
> > 
> > Can someone please clarify this?  Does this mean that even though we
> > correctly set the group policy, the clients still won't authenticate
> > unless 'updates' are applied?
> > 
> > Thanks in advance!!!!
> > 
> 
> 
> .
>