20,222 questions
If you find Event 5840, this is a sign that a client in your domain is using weak cryptography. These ones below could help.
--please don't forget to upvote and Accept as answer if the reply is helpful--
Netlogon Hardening KB5021130
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 19%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Matteo Montorsi
20
Reputation points
Hi,
I'm checking an environment on which we have already done March 2023 updates on all DC's and enabled the registry key in Compatibility Mode.
From Event viewer I've found some Windows Server 2008 / 2008R2 that report Warning EventID 5840 "The Netlogon service created a secure channel with a client with RC4. "
What happen to these servers when MS enforce the hardening on NetLogon?
I'm wrong to think that we have to replace these machine before the next hardening step?
Thanks
Windows for business | Windows Server | User experience | Other
Accepted answer
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2023-03-24T12:34:26.3+00:00 -
Deleted
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
-
Anonymous
2023-03-26T12:19:49.3166667+00:00 Just checking if there's any progress or updates?
--please don't forget to
upvoteandAccept as answerif the reply is helpful-- -
Matteo Montorsi 20 Reputation points
2023-03-28T08:52:12.86+00:00 Hi, thanks for your reply. I will try to update the device as you suggested me.
Just to be sure, what happen to that servers if I continue using weak cryptography after enforcement phase?
Server connection with domain will be blocked?
-
Anonymous
2023-03-28T13:23:55.92+00:00 Yes, they could be blocked. You can update the clients.
--please don't forget to
upvoteandAccept as answerif the reply is helpful-- -
Anonymous
2023-03-29T13:06:33.85+00:00 Just checking if there's any progress or updates?
--please don't forget to
upvoteandAccept as answerif the reply is helpful--
Sign in to comment -