westfield setup ipsec on our servers so laptops can connect to sims on the admin network. laptops and dcs are in "secured" OUs. they have group policies with ip sec settings in.
some laptops are logging on uber slowly today but if i try and sniff the traffic it's all encrypted ESP. I've rememoved the laptop from the secured laptops and rebooted bou but the traffic is still being encrypted. is there anyway to get unencrypted traffic?
No, thats the point.
so if i was to remove the DCs from the secured DCs OU then the traffic would become unencrypted?
Depends if windows feels like it. I suspect you'd have to enforce unencypted traffic in your other OU(s).
normal computers dont have encrypted traffic so if i make a test OU and put the laptop in it and somehow....force encryption off for that OU the laptop traffic should become visible.
Depending on how its been set i'm pretty sure you would have to remove the policy from the server as well. There's some instructions here
http://www.microsoft.com/resources/d...in_policy.mspx
but the last line may be appropriate for you
'If you need to disable IPSec for only a specific computer, you can disable the IPSEC Services service on that computer.'
we discovered that if we rename the laptops and remove them from the ipsec OU. logging on goes back to the normal speed.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks