|
Posted by S. Pidgorny on April 7, 2007, 7:08 pm
Please log in for more thread options ...only when you apply the IPSec policies by using Group Policy or when you
use the Kerberos version 5 protocol authentication method. Use certificates
or manually configured policies and you'll be fine.
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
* http://sl.mvps.org * http://msmvps.com/blogs/sp *
> S. Pidgorny <MVP> wrote:
>>How simple is your simple policy? I mean, if you require Kerberos
>>authentication, and your DC (which is also KDC, the Kerberos Distribution
>>Center) requires IPsec to connect to it, then no one will be able to
>>connect, as KDC isn't available.
>>
>>Details here: http://support.microsoft.com/kb/254949
>>
>>> Hey guys i created and enabled a sample IPSec policy in our test lab DC
>>> and
>>[quoted text clipped - 6 lines]
>>> Security..
>>> .
>
> - my simple policy is very similar to the built-in secure server policy
> - i checked the link that you have provided....and its my understanding
> that
> IPSec communication is not support between domain clients and domain
> servers..
> is it?
>
> --
> Message posted via WinServerKB.com
> http://www.winserverkb.com/Uwe/Forums.aspx/windows-server-security/200704/1
>
| 
XML Sitemap