powered by Jive Software

SSO working only on Windows XP not Vista (x64)

Just a few weeks ago I’ve started using OpenFire (on windows 2008 x64 server) and Spark. Openfire is using AD, and it works with no problem.

Funny thing is that I can use SSO in spark only on Windows XP machines (all x86, not much left now - under 10%) on Vista and Windows 7 (all x64) it does not won’t too authenticate.

Any ideas? Where Should I look?

Give this a try and let me know if it helps

Enable DES-CBC-MD5 or DES-CBC-CRC.

The Configure encryption types allowed for Kerberos policy setting is located in Computer Configuration\Security Settings\Local Policies\Security Options.

That probably is the answer (I have now reed some articles about that) - but the one think I hate about Microsoft is their inconsistency. I’m reading this Microsoft Tech Net article (http://technet.microsoft.com/en-us/library/dd560670%28WS.10%29.aspx) and it leads exactly to the same place in Local policy management - but the problem is it differently arranged form the control panel tool - and even using this does not lead to the configuration that you mention. Reading this (http://pronichkin.com/blog/Lists/Posts/Post.aspx?ID=15) leads to Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Configure encryption types allowed for Kerberos but I don’t have this option either in Domain Group Policy nor Local Policy. The funny thing is that if the setting has a changed name or location there is no way to search through hundreds of those settings. For now thanks for help if I finally able to find the setting I will let you know.

That probably is the answer (I have now reed some articles about that) - but the one think I hate about Microsoft is their inconsistency. I’m reading this Microsoft Tech Net article (http://technet.microsoft.com/en-us/library/dd560670%28WS.10%29.aspx) and it leads exactly to the same place in Local policy management - but the problem is it differently arranged form the control panel tool - and even using this does not lead to the configuration that you mention. Reading this (http://pronichkin.com/blog/Lists/Posts/Post.aspx?ID=15) leads to Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Configure encryption types allowed for Kerberos but I don’t have this option either in Domain Group Policy nor Local Policy. The funny thing is that if the setting has a changed name or location there is no way to search through hundreds of those settings. For now thanks for help if I finally able to find the setting I will let you know.