This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 56.00000000000001%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDM%3C/text%3E%3C/svg%3E)
Hi All
After applying the August 2020 patch to cover the zerologon vulnerability, i have noticed some Win7's being denied connection with eventid 5827.
I thought all Windows machines will be using secure channel by now. So wondering why i am seeing several win7's showing up in the event logs.
I have even seen one Win10 show up with 5827.
Thanks
DM
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 16%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHX%3C/text%3E%3C/svg%3E)
Hello @David Moon ,
Would you mind telling us the current situation? Please let us know if you would like further assistance. Thanks.
Best regards,
Hannah Xiong
Hello,
Does this question have any update or has this issue been solved? Also, for the question, is there any other assistance we could provide?
Besides, there is email notifications function on this forum. It is suggested that we could set it up so that we could receive prompts for responses in time.
https://learn.microsoft.com/en-us/answers/articles/67444/email-notifications.html
Thank you so much for your time and support.
Best regards,
Hannah Xiong
Hi Hannah.
Thanks for your reply.
I just thought that all Windows 7 & 10 were already using secure channel. Is that not the case? Is it possible for a machine using secure channel, can then become broken and not use secure channel anymore?
Thanks
DM
Hi,
You are welcome. Thank you so much for your kindly reply.
August 11, 2020 and later updates make changes to the Netlogon protocol to protect Windows devices by default, logs events for non-compliant device discovery and adds the ability to enable protection for all domain-joined devices with explicit exceptions.
As per my understanding, yes, it is not the case. Some are not using secure channel. It is hard to tell, and we need to further check about this. By default, supported versions of Windows that have been fully updated should not be using vulnerable Netlogon secure channel connections.
For any question, please feel free to contact us.
Best regards,
Hannah Xiong
Hello,
Thank you so much for posting here.
Deploy the August 11th updates to all applicable domain controllers (DCs) in the forest, including read-only domain controllers (RODCs). After deploying this update patched DCs will:
Begin enforcing secure RPC usage for all Windows-based device accounts, trust accounts and all DCs.
Log event IDs 5827 and 5828 in the System event log, if connections are denied.
Log event IDs 5830 and 5831 in the System event log, if connections are allowed by "Domain controller: Allow vulnerable Netlogon secure channel connections" group policy.
Event ID 5827 will be logged when a vulnerable Netlogon secure channel connection from a machine account is denied.
Addressing event IDs 5827 and 5828
By default, supported versions of Windows that have been fully updated should not be using vulnerable Netlogon secure channel connections. If one of these events is logged in the system event log for a Windows device:
1.Confirm that the device is running a supported versions of Windows.
2.Ensure the device is fully updated.
3.Check to ensure that Domain member: Digitally encrypt or sign secure channel data (always) is set to Enabled.
For more information, we could refer to:
https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc
For any question, please feel free to contact us.
Best regards,
Hannah Xiong
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.