HPE Community
IMC
1825758 Members
2443 Online
109687 Solutions
New Discussion

Win Server 2016 Domain caution

 
NeilR
Esteemed Contributor

‎06-28-2019 10:41 AM

‎06-28-2019 10:41 AM

Win Server 2016 Domain caution

Recently we've been upgrading servers to Win 2016 and decided to elevate the Domain Controllers and related certificates to the 2016 version. Unfortunately we discovered that 7.3 E0605 & UAM E0505 is not compatible with MS move to sha256. 

All of our 802.1x authentication became unreliable. This was confusing because it was not a binary fail. Sometimes it worked, other times not. Very frustrating for our users.

Errors in user access log E63121: receive no packet from mschapv2server indicate the issue.

Even after turning off the certificate checks on the clients, the issues persisted. 

Fortunately newly patched releases, but not yet posted, of 7.3 E0703 were made available from support and resolved this. Still not sure all cert related issues are sorted but the basic authentication is looking solid.

So wait for HPE to finish up the patches on this before upgrading your Domain to 2016 - running the OS is ok but  keep the certs back.

Also make sure that you have a local admin account before upgrading - the cert changes may inhibit admin authentication using LDAP

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.