Cisco Cisco TelePresence Video Communication Server Expressway
Appendix 4 — Active Directory (direct): Movi PC and AD server compatibility configuration
VCS Deployment Guide: Authenticating Devices (VCS X7.0)
Page 23 of 44
NtlmMinClientSec and session security level
Microsoft supports different versions of session security in NTLM v2.
Enhanced session security is not supported by VCS prior to X7.1, and if selected on a client when
using a VCS version prior to X7.1 authentication will fail.
using a VCS version prior to X7.1 authentication will fail.
The session security level is controlled by the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\LSA\MSV1_0\NtlmMinClientSec
If
NtlmMinClientSec
is set to mandate "
NTLM 2 session security
" Movi authentication will fail;
VCS does not support this mode of security.
Recommended setting is:
NtlmMinClientSec REG_DWORD 0x20000000 (536870912)
(0x00080000 NTLMv2 session security
must not be set.)
From Microsoft:
Value: NtlmMinClientSec
Value Type: REG_DWORD - Number
Valid Range: the logical 'or' of any of the following values:
0x00000010
0x00000020
0x00080000
0x20000000
Default: 0
Value: NtlmMinServerSec
Value Type: REG_DWORD - Number
Valid Range: same as NtlmMinClientSec
Default: 0
Description: This parameter specifies the minimum security to be used.
0x00000010 Message integrity
0x00000020 Message confidentiality
0x00080000 NTLMv2 session security
0x20000000 128 bit encryption
Also check the Group policy settings:
1. On the Movi PC run gpedit.msc.
2. Select:
Computer Configuration > Windows Settings > Security Settings > Local Policies >
Security Options
.