Cisco Cisco TelePresence Video Communication Server Expressway
Level
DC accepts:
LM
NTLM
NTLM 2
2
3
4
-
5
-
-
Compatibilities
AD Domain Controller Level
Jabber Video client PC
0, 1, 2, 3, 4
0, 1, 2, 3, 4, 5
5
3, 4, 5
The setting called “LmCompatibilityLevel” can be found in the Windows registry.
Using regedit, go to My Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
The key is called LmCompatibilityLevel (REG_DWORD)
NtlmMinClientSec and session security level
Microsoft supports different versions of session security in NTLM v2.
Enhanced session security is not supported by VCS prior to X7.1, and if selected on a client when using a
VCS version prior to X7.1 authentication will fail.
VCS version prior to X7.1 authentication will fail.
The session security level is controlled by the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\LSA\MSV1_0\NtlmMinClientSec
On VCS prior to X7.1, if NtlmMinClientSec is set to mandate "NTLM 2 session security" Jabber Video
authentication will fail.
authentication will fail.
Recommended client setting for use with VCS software X7.1 and later:
LmCompatibilitylevel set to 3, 4 or 5
NtlmMinClientSec set to 0x20080000
With the above settings, the Jabber Video client will use NTLMv2 with 128-bit encrypted NTLM 2 session
security.
security.
From Microsoft:
Value: NtlmMinClientSec
Value Type: REG_DWORD - Number
Valid Range: the logical 'or' of any of the following values:
0x00000010
0x00000020
0x00080000
0x20000000
Default: 0
Cisco TelePresence Device Authentication on Cisco VCS Deployment Guide (X8.5)
Page 42 of 55
Appendix 3: Active Directory (direct)