none
what is secure channel and how it works between DCs and client machines?

Answers

  • Like users, each system maintains its credentials which is required for authentication when system is used to login to the domain. Each system refreshes its password after 30 days and the machine password is much more complex than what is being set for users.

    I got an article, which will explain you in more details.

    http://awinish.wordpress.com/tag/secure-channel/

    http://www.windowsitpro.com/article/domains2/what-s-a-secure-channel

     

    Regards


    Awinish Vishwakarma

    MY BLOG:  awinish.wordpress.com


    This posting is provided AS-IS with no warranties/guarantees and confers no rights.
    Wednesday, December 21, 2011 11:33 AM
  • Hi ,

     

    This article should help you. http://blogs.technet.com/b/asiasupp/archive/2007/01/18/typical-symptoms-when-secure-channel-is-broken.aspx 


    Regards, Mohan R Sr. Administrator - Server Support
    Wednesday, December 21, 2011 11:14 AM
  • A secure channel is a means of communication between machines that is resistant to interception and tampering. So when a client communicates with DC, it is important to ensure ( by DC ) that the clients / member servers / DC's remain secured and the Data transmission between the machines is not intercepted by various mechanisms. Hence a client / server maintains its secure channel with the domain controller to tell that it is still in the secure zone and transferring data is safe. other technical details are answered by awinish. 

     

    Hope that answers. 


    anand
    Wednesday, December 21, 2011 11:59 AM
  • Hi,

    A secure channel is any point-to-point network connection established between a client and a server that "provides privacy, integrity, and authentication"

    This kind of channel is used for transportation of sensitive data, such as user credentials during a domain logon and replication of the account database between DCs.

    The secure channel is established as soon as the domain member machine is booted and is based on a shared secret that is used as the key for encrypting the data that travels through the channel. Each domain member has a machine account defined in the domain SAM database that is created when the machine joins the domain. The password of this account is used as the shared secret for encryption of the channel.

    Best Regards,

    Yan Li


    Yan Li

    TechNet Community Support

    • Marked as answer by Gautam Ji Thursday, December 22, 2011 6:53 AM
    Thursday, December 22, 2011 3:31 AM
  • The secure channel is used to validate the member servers or workstations membership in the domain, based upon its hashed password. This discrete communication channel helps provide a more secure communication path between the domain controller and the member servers or
    workstations.

    A secure channel always involves a DC. Think of a secure channel as the enabler of secure communication between machines and their trusted authority in the same domain, and between the trusted authorities of different domains. Secure in this context means providing authentication of the requestor and confidentiality, integrity, and data-authentication services for the data sent across the channel

    But when secure channel is broken lot of  issues are encountered. If secure channel of domain controller is broken, it can be reset using netdom utility but if the secure channel is broken for domain member clients/server, the only way to reset is disjoing.

    Typical Symptoms when secure channel is broken
    http://blogs.technet.com/b/asiasupp/archive/2007/01/18/typical-symptoms-when-secure-channel-is-broken.aspx

    Reset secure channel between DC:
    http://sandeshdubey.wordpress.com/2011/10/02/secure-channel-between-the-dcs-broken/

    Reset secure channel of client and member server:
    Remove the client from the domain & readd it to the domain else try using netdom utility to reset the secure channel between the worksation & the domain controller?
    http://support.microsoft.com/kb/260575

    Hope this helps

    Regards,
    Sandesh Dubey.
    -------------------------------
    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
    My Blog: http://sandeshdubey.wordpress.com
    This posting is provided AS IS with no warranties, and confers no rights.

    • Marked as answer by Gautam Ji Thursday, December 22, 2011 6:53 AM
    Thursday, December 22, 2011 3:50 AM

All replies

  • Hi ,

     

    This article should help you. http://blogs.technet.com/b/asiasupp/archive/2007/01/18/typical-symptoms-when-secure-channel-is-broken.aspx 


    Regards, Mohan R Sr. Administrator - Server Support
    Wednesday, December 21, 2011 11:14 AM
  • Like users, each system maintains its credentials which is required for authentication when system is used to login to the domain. Each system refreshes its password after 30 days and the machine password is much more complex than what is being set for users.

    I got an article, which will explain you in more details.

    http://awinish.wordpress.com/tag/secure-channel/

    http://www.windowsitpro.com/article/domains2/what-s-a-secure-channel

     

    Regards


    Awinish Vishwakarma

    MY BLOG:  awinish.wordpress.com


    This posting is provided AS-IS with no warranties/guarantees and confers no rights.
    Wednesday, December 21, 2011 11:33 AM
  • A secure channel is a means of communication between machines that is resistant to interception and tampering. So when a client communicates with DC, it is important to ensure ( by DC ) that the clients / member servers / DC's remain secured and the Data transmission between the machines is not intercepted by various mechanisms. Hence a client / server maintains its secure channel with the domain controller to tell that it is still in the secure zone and transferring data is safe. other technical details are answered by awinish. 

     

    Hope that answers. 


    anand
    Wednesday, December 21, 2011 11:59 AM
  • Hi,

    A secure channel is any point-to-point network connection established between a client and a server that "provides privacy, integrity, and authentication"

    This kind of channel is used for transportation of sensitive data, such as user credentials during a domain logon and replication of the account database between DCs.

    The secure channel is established as soon as the domain member machine is booted and is based on a shared secret that is used as the key for encrypting the data that travels through the channel. Each domain member has a machine account defined in the domain SAM database that is created when the machine joins the domain. The password of this account is used as the shared secret for encryption of the channel.

    Best Regards,

    Yan Li


    Yan Li

    TechNet Community Support

    • Marked as answer by Gautam Ji Thursday, December 22, 2011 6:53 AM
    Thursday, December 22, 2011 3:31 AM
  • The secure channel is used to validate the member servers or workstations membership in the domain, based upon its hashed password. This discrete communication channel helps provide a more secure communication path between the domain controller and the member servers or
    workstations.

    A secure channel always involves a DC. Think of a secure channel as the enabler of secure communication between machines and their trusted authority in the same domain, and between the trusted authorities of different domains. Secure in this context means providing authentication of the requestor and confidentiality, integrity, and data-authentication services for the data sent across the channel

    But when secure channel is broken lot of  issues are encountered. If secure channel of domain controller is broken, it can be reset using netdom utility but if the secure channel is broken for domain member clients/server, the only way to reset is disjoing.

    Typical Symptoms when secure channel is broken
    http://blogs.technet.com/b/asiasupp/archive/2007/01/18/typical-symptoms-when-secure-channel-is-broken.aspx

    Reset secure channel between DC:
    http://sandeshdubey.wordpress.com/2011/10/02/secure-channel-between-the-dcs-broken/

    Reset secure channel of client and member server:
    Remove the client from the domain & readd it to the domain else try using netdom utility to reset the secure channel between the worksation & the domain controller?
    http://support.microsoft.com/kb/260575

    Hope this helps

    Regards,
    Sandesh Dubey.
    -------------------------------
    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
    My Blog: http://sandeshdubey.wordpress.com
    This posting is provided AS IS with no warranties, and confers no rights.

    • Marked as answer by Gautam Ji Thursday, December 22, 2011 6:53 AM
    Thursday, December 22, 2011 3:50 AM