JSI Tip 5146. Windows XP client cannot log on to a Windows NT 4.0 domain?

Windows XP tries to sign or seal the secure channel between the workstation and the domain controller. This causes the following error:

Windows cannot connect to the domain either because the domain controller is down or otherwise unavailable or because your computer account was not found.

The domain controller may record:

Event ID: 5723

The session setup from the computer failed to authenticate. The name of the account referenced in the security database is . The following error occurred: Access is denied.

The client may record:

Event Source: NETLOGON
Event ID: 3227
Description: The session setup to the Windows NT or Windows 2000 domain controller \ for the domain failed because \ does not support signing or sealing the Netlogon session. Either upgrade the domain controller or set the RequireSignOrSeal registry entry on this machine to 0.

To workaround this feature difference:

1. Use Control Panel to open Local Security Policy in the Administrative Tools.

2. Navigate to Local Policies / Security Options.

3. Double-click Domain Member:Digitally encrypt or sign secure channel data (always).

4. Press Disabled.

5. Press Apply and OK.

NOTE: You could Merge the following requiresignorseal.reg file:

REGEDIT4

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetlogonParameters]
"requiresignorseal"=dword:00000000