XGEN: The MCU Does Not Follow Domain Policy to Guarantee a Specific Encryption Level (303790)


The information in this article applies to:

  • Microsoft Exchange 2000 Conferencing Server
This article was previously published under Q303790

SYMPTOMS

Multipoint Control Unit (MCU) may not follow domain policy to guarantee a specific encryption level. For example, even if domain policy settings that prohibit the following are turned on, a user may be able to join a secure conference as an invitee:
  • Using a 40-bit, cipher-strength browser. -and-

  • Over a secure channel that requires a client user certificate.

RESOLUTION

To resolve this problem, obtain the latest service pack for Microsoft Exchange 2000 Conferencing Server. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

301378 XGEN: How to Obtain the Latest Exchange 2000 Server Service Pack

The English version of this fix should have the following file attributes or later:

Component: MCU

File nameVersion
Xt120mcu.exe6.0.4720.16

NOTE: Because of file dependencies, this update requires Microsoft Exchange 2000 Conferencing Server Service Pack 1.

STATUS

Microsoft has confirmed that this is a problem in Microsoft Exchange 2000 Conferencing Server. This problem was first corrected in Microsoft Exchange 2000 Server Service Pack 2.

MORE INFORMATION

To use the 128-bit encryption level, make sure that the MCU and the clients have the Microsoft Windows 2000 high-encryption pack installed.

You can use the SOFTWARE\\Microsoft\\Exchange Conferencing\\Parameters\\MCUMinCipherStrength DWORD registry value for encryption-level enforcement to determine the minimum cipher strength. This is enforced on inbound Secure Sockets Layer (SSL) connections to the MCU.

Key ValueExplanation
0Uses the system default
-1Uses a null cipher
40Uses a 40-bit cipher
56Uses a 56-bit cipher
128Uses a 128-bit cipher

If you use a DWORD value other than one of the documented DWORD values in this table, the cipher strength is forced to the next lower value. For example, if you use "55" as a value, the value forces 40-bit cipher strength, but if you use "57" as a value, the value forces 56-bit cipher strength. A value that is higher than the encryption pack that is available on the system uses the system default.
Modification Type:MinorLast Reviewed:7/15/2004
Keywords:kbbug kbExchange2000preSP2fix kbExchange2000SP2Fix kbfix KB303790
©2004 Microsoft Corporation. All rights reserved.