Anonymous_User Absent Member.
Absent Member.
2407 views

EnableSecuritySignature

We discovered a problem on our machines running the Novell Client v4.91
sp3 (4.91.3.20061109) which prevents communication with a Win2003 active
directory domain controller. Not only could the clients not join the AD
domain, they couldn't even map a drive to ipc$ on the DC, like this: net
use \\10.1.32.100\ipc$ /user:Administrator mypassword

Running the above command yielded this error:
System error 5 has occured
Access is denied

Machines without the novell client did not have this problem. After hours
of troubleshooting and finally doing a packet trace, this appears to be
the problem:

During SMB negotiation between client and server, the client reported
that "EnableSecuritySignature" is disabled, causing the challenge/response
to fail. To fix the problem I changed this registry entry from a 0 to 1:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\par
ameters]

then restarted the Workstation service. After that, the client could
connect to the DC's ipc$, and could be added to the domain. However,
after the client was rebooted, the above registry entry magically changed
back to a zero, causing client-DC communication to again fail. So I
uninstalled the Novell Client, changed the registry entry back to 1,
rebooted, and the client was able to communicate again with the DC.

Is this a known issue? Please...there is no problem with communication
between client and server, ldap and dns are working, i can ping the
server, the username and password are correct...this is definitely a
Novell client problem.

Thanks
Mike

Labels (1)
0 Likes
1 Reply
Anonymous_User Absent Member.
Absent Member.

Re: EnableSecuritySignature

No, this is not a known issue.
What you may have, however, is some type of ZENworks policy or perhaps a
login script push that is forcing out this setting.



<mmi_nospam@athletics.wisc.edu> wrote in message
news:2k2zh.77$DN1.60@prv-forum2.provo.novell.com...
> We discovered a problem on our machines running the Novell Client v4.91
> sp3 (4.91.3.20061109) which prevents communication with a Win2003 active
> directory domain controller. Not only could the clients not join the AD
> domain, they couldn't even map a drive to ipc$ on the DC, like this: net
> use \\10.1.32.100\ipc$ /user:Administrator mypassword
>
> Running the above command yielded this error:
> System error 5 has occured
> Access is denied
>
> Machines without the novell client did not have this problem. After hours
> of troubleshooting and finally doing a packet trace, this appears to be
> the problem:
>
> During SMB negotiation between client and server, the client reported
> that "EnableSecuritySignature" is disabled, causing the challenge/response
> to fail. To fix the problem I changed this registry entry from a 0 to 1:
>
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\par
> ameters]
>
> then restarted the Workstation service. After that, the client could
> connect to the DC's ipc$, and could be added to the domain. However,
> after the client was rebooted, the above registry entry magically changed
> back to a zero, causing client-DC communication to again fail. So I
> uninstalled the Novell Client, changed the registry entry back to 1,
> rebooted, and the client was able to communicate again with the DC.
>
> Is this a known issue? Please...there is no problem with communication
> between client and server, ldap and dns are working, i can ping the
> server, the username and password are correct...this is definitely a
> Novell client problem.
>
> Thanks
> Mike
>



0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.