IPsec policy on DC

Toggle sidebar Toggle sidebar
B

Bentley

Distinguished
Jul 19, 2004
5
0
18,510
Archived from groups: microsoft.public.win2000.security (More info?)

I need to secure communications between my DC's and 1
domain member server. I configured identical policies on
both ends, using Kerboros authentication, but only the
policy from the DC to the server works. The server cannot
communicate with the DC at all until the DC initiates the
communication, then the server will respond and both are
fine.
What am I missing? Thanks
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Ipsec negotiation policies between domain members and domain computers are not
supported by Microsoft and not recommended due to the problems they cause such as
those you mention. Usually if you try to implement, a user will find he can not logon
to the domain computer after a reboot. This is not well documented but there is a KB
below that references this problem and it is mentioned in the Windows 2003 Server
Deployment Kit ipsec domination. The last link is to a thread about this subject on
this newsgroup a while back --- Steve

http://support.microsoft.com/?kbid=254949

http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&threadm=%23UR2xG4CEHA.1452%40TK2MSFTNGP09.phx.gbl&rnum=3&prev=/groups%3Fq%3Dipsec%2520domain%2520controller%2520umbach%26hl%3Den%26lr%3D%26ie%3DUTF-8%26sa%3DN%26tab%3Dwg
http://tinyurl.com/5b3ne -- same link as above shorter, in case of wrap.

"Bentley" <anonymous@discussions.microsoft.com> wrote in message
news:d2e601c48ac7$91bbde70$a401280a@phx.gbl...
>I need to secure communications between my DC's and 1
> domain member server. I configured identical policies on
> both ends, using Kerboros authentication, but only the
> policy from the DC to the server works. The server cannot
> communicate with the DC at all until the DC initiates the
> communication, then the server will respond and both are
> fine.
> What am I missing? Thanks
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Hi,

Can you describe what you set on DC and what you set on Server?

Mike

"Bentley" <anonymous@discussions.microsoft.com> wrote in message
news:d2e601c48ac7$91bbde70$a401280a@phx.gbl...
> I need to secure communications between my DC's and 1
> domain member server. I configured identical policies on
> both ends, using Kerboros authentication, but only the
> policy from the DC to the server works. The server cannot
> communicate with the DC at all until the DC initiates the
> communication, then the server will respond and both are
> fine.
> What am I missing? Thanks
>
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom