Cisco Cisco TelePresence Video Communication Server Expressway
Compatibilities
AD Domain Controller Level
Jabber Video client PC
0, 1, 2, 3, 4
0, 1, 2, 3, 4, 5
5
3, 4, 5
The setting called “LmCompatibilityLevel” can be found in the Windows registry.
Using regedit, go to My Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
The key is called LmCompatibilityLevel (REG_DWORD)
NtlmMinClientSec and Session Security Level
Microsoft supports different versions of session security in NTLM v2.
Enhanced session security is not supported by VCS prior to X7.1, and if selected on a client when using a VCS
version prior to X7.1 authentication will fail.
version prior to X7.1 authentication will fail.
The session security level is controlled by the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\LSA\MSV1_0\NtlmMinClientSec
On VCS prior to X7.1, if NtlmMinClientSec is set to mandate "NTLM 2 session security" Jabber Video authentication
will fail.
will fail.
Recommended client setting for use with VCS software X7.1 and later:
LmCompatibilitylevel set to 3, 4 or 5
NtlmMinClientSec set to 0x20080000
With the above settings, the Jabber Video client will use NTLMv2 with 128-bit encrypted NTLM 2 session security.
From Microsoft:
Value: NtlmMinClientSec
Value Type: REG_DWORD - Number
Valid Range: the logical 'or' of any of the following values:
0x00000010
0x00000020
0x00080000
0x20000000
Default: 0
Value: NtlmMinServerSec
Value Type: REG_DWORD - Number
Valid Range: same as NtlmMinClientSec
Default: 0
Description: This parameter specifies the minimum security to be used.
0x00000010 Message integrity
0x00000020 Message confidentiality
0x00080000 NTLMv2 session security
0x20000000 128 bit encryption
Checking Domain Information and VCS Status
This appendix describes commands that can be used to check the status of the VCS’s connection to the AD domain.
In a clustered VCS system, each peer must be checked separately.
In a clustered VCS system, each peer must be checked separately.
41
Cisco VCS Authenticating Devices Deployment Guide