Extended Protection for Authentication in Windows 7

I came across an interesting issue when deploying Windows 7 into my environment. Users were having issues connecting to the filer/network share after upgrading to Windows 7. Due to the fact that we had several users unable to access network aliases, this put our Windows 7 deployment on hold momentarily. At the time we were running an EMC Celera DART (NAS) Code version 5.5. Windows 7 Introduces a new feature, Extended Protection for Authentication (KB968389), which is enabled by default in Windows 7. This feature enhances the protection and handling of credentials when authenticating network connections by using Integrated Windows Authentication (IWA).


If you’re running EMC in your environment, this could cause some conflict depending on the version of the OS. I recently came across the issue in my environment where the EMC server doesn’t have the capability to handle Extended Protection for Authentication. This results in an error message: “STATUS_INVALID_PARAMETER”. The error message tells us that EMC doesn’t have a way to understand “Extended Protection for Authentication” and throws the error message: “STATUS_INVALID_PARAMETER”.

To work around this issue, you can lower the security on Windows 7 to be compatible with the EMC server. This can be done by modifying 2 REG keys. Both are DWORD values.




However, the better solution would be to upgrade EMC’s NAS OS so that it can understand and handle Extended Protection for Authentication feature. 🙂

You will find the solution is to upgrade to DART 5.6 if you’re running EMC within your organization.




One response to “Extended Protection for Authentication in Windows 7

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s