SHA256 and Isilon connection issues

This is what is in the article

 

The Microsoft Security Vulnerability announcement for CVE-2022-38023 (Netlogon RPC Elevation of Privilege Vulnerability) available here:
https://dell.to/43PAjXX

Describes the security vulnerability as "An authenticated attacker could leverage cryptographic protocol vulnerabilities in the Windows Netlogon protocol when RPC Signing is used instead of RPC Sealing. Where RPC Signing is used instead of RPC Sealing the attacker could gain control of the service and then might be able to modify Netlogon protocol traffic to elevate their privileges."

Microsoft KBA 5021130 available here:
https://dell.to/43S2qGf

Details how Microsoft will be addressing this security vulnerability in Microsoft Windows Server products.

Windows updates released on November 8, 2022 introduced the following system registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\RequireSeal

That has 3 values:

0 – Disabled
1 – Compatibility mode. Windows domain controllers will require that Netlogon clients use RPC Seal if they are running Windows, or if they are acting as either domain controllers or Trust accounts.
2 - Enforcement mode. All clients are required to use RPC Seal, unless they are added to the "Domain Controller: Allow vulnerable Netlogon secure channel connections” group policy object (GPO).

This value will initially be set to Compatibility mode (1) by default. Starting with the April 11, 2023 or later updates, this value will be changed to Enforcement mode (2) by default.

Windows updates released on November 8, 2022 also introduced the following Windows event:

Event Log: System
Event Type: Warning
Event Source: NETLOGON
Event ID: 5840
Event Text: The Netlogon service created a secure channel with a client with RC4

Microsoft is locking down netlogon

How could an attacker exploit this vulnerability?
An authenticated attacker could leverage cryptographic protocol vulnerabilities in the Windows Netlogon protocol when RPC Signing is used instead of RPC Sealing. Where RPC Signing is used instead of RPC Sealing the attacker could gain control of the service and then might be able to modify Netlogon protocol traffic to elevate their privileges.

These updates to Windows by Microsoft to address CVE-2022-38023 will have NO functional impact to PowerScale clients running any current release of OneFS as RPC Sign and Seal has been supported since OneFS 7.x.

New Event ID 5840 WILL be created with PowerScale clients running OneFS releaess 9.4.x and earlier which use RC4 by default for NTLM/Netlogon Secure Channel.

New Event ID 5840 WILL NOT be created with PowerScale clients running OneFS releases 9.5.0 and later as AES cryptography will be supported and preferred for NTLM/Netlogon Secure Channel.

A pre-existing system registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Netlogon\Parameters\RejectMd5Clients

Is disabled by default. If set to TRUE (1), this WILL result in NTLM/Netlogon Secure Channel auth failures with PowerScale clients running OneFS releases 9.4.x and earlier.

To take advantage of AES cryptography for NTLM/Netlogon Secure Channel in OneFS, upgrade to release 9.5.0 or higher.

The support of AES cryptography for NTLM/Netlogon Secure Channel will NOT be backported to OneFS releases 9.4.x and earlier.