XGEN: The MCU Does Not Follow Domain Policy to Guarantee a Specific Encryption Level

This article was previously published under Q303790
This article has been archived. It is offered "as is" and will no longer be updated.
Multipoint Control Unit (MCU) may not follow domain policy to guarantee a specific encryption level. For example, even if domain policy settings that prohibit the following are turned on, a user may be able to join a secure conference as an invitee:
  • Using a 40-bit, cipher-strength browser.-and-

  • Over a secure channel that requires a client user certificate.
To resolve this problem, obtain the latest service pack for Microsoft Exchange 2000 Conferencing Server. For additional information, click the following article number to view the article in theMicrosoft Knowledge Base:
301378 XGEN: How to Obtain the Latest Exchange 2000 Server Service Pack
The English version of this fix should have the following file attributes or later:

Component: MCU

File nameVersion

NOTE: Because of file dependencies, this update requires Microsoft Exchange 2000 Conferencing Server Service Pack 1.
Microsoft has confirmed that this is a problem in Microsoft Exchange 2000 Conferencing Server. This problem was first corrected in Microsoft Exchange 2000 Server Service Pack 2.
To use the 128-bit encryption level, make sure that the MCU and the clients have the Microsoft Windows 2000 high-encryption pack installed.

You can use the SOFTWARE\\Microsoft\\Exchange Conferencing\\Parameters\\MCUMinCipherStrength DWORD registry value for encryption-level enforcement to determine the minimum cipher strength. This is enforced on inbound Secure Sockets Layer (SSL) connections to the MCU.

Key ValueExplanation
0Uses the system default
-1Uses a null cipher
40Uses a 40-bit cipher
56Uses a 56-bit cipher
128Uses a 128-bit cipher

If you use a DWORD value other than one of the documented DWORD values in this table, the cipher strength is forced to the next lower value. For example, if you use "55" as a value, the value forces 40-bit cipher strength, but if you use "57" as a value, the value forces 56-bit cipher strength. A value that is higher than the encryption pack that is available on the system uses the system default.

Article ID: 303790 - Last Review: 10/24/2013 07:05:16 - Revision: 1.2

  • Microsoft Exchange 2000 Conferencing Server
  • kbnosurvey kbarchive kbbug kbexchange2000presp2fix kbexchange2000sp2fix kbfix KB303790