I think that may have fixed it, guess I need to take my own advice. Reboot then call me back. It wasn't the registry change that needed the reboot because the DC had been rebooted many times since that change. It was the GPO. Thanks
________________________________ From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Thursday, August 11, 2011 1:28 PM To: NT System Admin Issues Subject: RE: NT authentication to 08 DC's It's possible the DC needs a reboot for the setting to be effective? Some of this legacy stuff is like that. I'd get a network trace of the failed communication though as a troubleshooting step and see where it actually fails. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: N Parr [mailto:npar...@mortonind.com] Sent: Thursday, August 11, 2011 11:23 AM To: NT System Admin Issues Subject: NT authentication to 08 DC's So I did my research and found multiple answers that say the same thing. In order for old NT clients to authenticate to 08 DC's you have to change the following. I've done so with no success. Am I missing something else? It's been 6 hours since I made the change so policy should have replicated. Nothing in the security event log on the DC other than and audit success when the computer attempted to validate the credentials for the account. Default Domain Controller GPO: Computer Configuration->Policies->Windows Settings->Security Settings->Local Policies->Security Options Network security: LAN Manager authentication level ----Send LM & NTLM - use NTLMv2 session security if negotiated Computer Configuration->Policies->Administrative Templates->System->Net Logon Allow cryptography algorithms compatible with Windows NT 4.0 ---Enabled Software\Policies\Microsoft\Netlogon\Parameters\AllowNT4Crypto 1 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
