Windows 2000-Based Clients Do Not Use the DES-CBC-CRC EncryptionType (296842)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional
This article was previously published under Q296842

SUMMARY

This article describes the reason that Windows 2000-based clients do not use the DES-CBC-CRC encryption type.

MORE INFORMATION

Windows 2000 uses the Kerberos protocol to support the following encryption types:
  • RC4-HMAC
  • DES-CBC-MD5
  • DES-CBC-CRC
The support, however, for the DES-CBC-CRC encryption type is primarily for Massachusetts Institute of Technology (MIT) Kerberos interoperability. If a Windows 2000 user account in configured to use DES encryption, a Windows 2000-based client requests a Ticket to Get Tickets (TGT) by using the DES-CBC-MD5 encryption type. You cannot configure a Windows 2000-based client to request a TGT by using the DES-CBC-CRC encryption type.

For additional information about Kerberos in Windows 2000, click the article number below to view the article in the Microsoft Knowledge Base:

266080 Answers to Frequently Asked Kerberos Questions

Modification Type:MinorLast Reviewed:1/27/2006
Keywords:kbinfo kbSecurity KB296842
©2004 Microsoft Corporation. All rights reserved.