IMC
cancel
Showing results for 
Search instead for 
Did you mean: 

Win Server 2016 Domain caution

 
NeilR
Respected Contributor

Win Server 2016 Domain caution

Recently we've been upgrading servers to Win 2016 and decided to elevate the Domain Controllers and related certificates to the 2016 version. Unfortunately we discovered that 7.3 E0605 & UAM E0505 is not compatible with MS move to sha256. 

All of our 802.1x authentication became unreliable. This was confusing because it was not a binary fail. Sometimes it worked, other times not. Very frustrating for our users.

Errors in user access log E63121: receive no packet from mschapv2server indicate the issue.

Even after turning off the certificate checks on the clients, the issues persisted. 

Fortunately newly patched releases, but not yet posted, of 7.3 E0703 were made available from support and resolved this. Still not sure all cert related issues are sorted but the basic authentication is looking solid.

So wait for HPE to finish up the patches on this before upgrading your Domain to 2016 - running the OS is ok but  keep the certs back.

Also make sure that you have a local admin account before upgrading - the cert changes may inhibit admin authentication using LDAP