i am recieveg this error indicating i need to have all my user accounts and trusts at the
Advanced Encryption Standard (AES) or RC4
Kerberos encryption keys
"
Title:
CN=petersonax64,CN=System,DC=peterson2ax64,DC=fhpeterson,DC=fhpetersonmachine,DC=com should not be configured for DES only
Severity:
Error
Date:
2/4/2013 9:31:35 AM
Category:
Configuration
Issue:
A user account or trust for domain peterson2ax64.fhpeterson.fhpetersonmachine.com is configured for Data Encryption Standard (DES) only. DES is considered weak cryptography and is no longer enabled by default in Kerberos authentication in Windows 7 and Windows Server 2008 R2.
Impact:
User accounts and trusts configured for DES only will have authentication failures.
Resolution:
User accounts and trusts should use Advanced Encryption Standard (AES) or RC4 Kerberos encryption keys.
More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=168859"
When I try to remove the trust that will not allow me to add the higher level of security i get "the directory service is busy" error. i have tried to force it out at the comand prompt and it says it completed but the trust is still listed in ad domains and trusts.
The trust appears to be with a local domain controller. We only have one domain and i was not here when this was set up.
Any help would be greatly appreciated. we are having problems browsing the network by name but not all the time and DNS appears to be working correctly.