Cisco Cisco TelePresence Video Communication Server Expressway
Appendix 5 — Active Directory (direct): Movi PC and AD server compatibility configuration
VCS Deployment Guide: Device authentication on Cisco VCS (VCS X7.1)
Page 29 of 47
NtlmMinClientSec and session security level
Microsoft supports different versions of session security in NTLM v2.
Enhanced session security is not supported by VCS prior to X7.1, and if selected on a client when
using a VCS version prior to X7.1 authentication will fail.
using a VCS version prior to X7.1 authentication will fail.
The session security level is controlled by the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\LSA\MSV1_0\NtlmMinClientSec
On VCS prior to X7.1, if
NtlmMinClientSec
is set to mandate "
NTLM 2 session security
" Movi
authentication will fail.
Recommended client setting for use with VCS software X7.1 and later:
LmCompatibilitylevel
set to 3, 4 or 5
NtlmMinClientSec
set to 0x20080000
With the above settings, the Movi client will use NTLMv2 with 128-bit encrypted NTLM 2 session
security.
security.
From Microsoft:
Value: NtlmMinClientSec
Value Type: REG_DWORD - Number
Valid Range: the logical 'or' of any of the following values:
0x00000010
0x00000020
0x00080000
0x20000000
Default: 0
Value: NtlmMinServerSec
Value Type: REG_DWORD - Number
Valid Range: same as NtlmMinClientSec
Default: 0
Description: This parameter specifies the minimum security to be used.
0x00000010 Message integrity
0x00000020 Message confidentiality
0x00080000 NTLMv2 session security
0x20000000 128 bit encryption