Cisco Cisco TelePresence Video Communication Server Expressway

Compatibilities

AD Domain Controller Level

Jabber Video client PC

0, 1, 2, 3, 4

0, 1, 2, 3, 4, 5

3, 4, 5

The setting called “LmCompatibilityLevel” can be found in the Windows registry.

Using regedit, go to My Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

The key is called LmCompatibilityLevel (REG_DWORD)

NtlmMinClientSec and Session Security Level

Microsoft supports different versions of session security in NTLM v2.

Enhanced session security is not supported by VCS prior to X7.1, and if selected on a client when using a VCS
version prior to X7.1 authentication will fail.

The session security level is controlled by the following registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\LSA\MSV1_0\NtlmMinClientSec

On VCS prior to X7.1, if NtlmMinClientSec is set to mandate "NTLM 2 session security" Jabber Video authentication
will fail.

Recommended client setting for use with VCS software X7.1 and later:

LmCompatibilitylevel set to 3, 4 or 5

NtlmMinClientSec set to 0x20080000

With the above settings, the Jabber Video client will use NTLMv2 with 128-bit encrypted NTLM 2 session security.

From Microsoft:

Value: NtlmMinClientSec

Value Type: REG_DWORD - Number

Valid Range: the logical 'or' of any of the following values:

0x00000010

0x00000020

0x00080000

0x20000000

Default: 0

Value: NtlmMinServerSec

Value Type: REG_DWORD - Number

Valid Range: same as NtlmMinClientSec

Default: 0

Description: This parameter specifies the minimum security to be used.

0x00000010 Message integrity

0x00000020 Message confidentiality

0x00080000 NTLMv2 session security

0x20000000 128 bit encryption

Checking Domain Information and VCS Status

This appendix describes commands that can be used to check the status of the VCS’s connection to the AD domain.
In a clustered VCS system, each peer must be checked separately.

Cisco VCS Authenticating Devices Deployment Guide