Hi all just wonder if these settings are deprecated or old...Brasil Alterar | Todos os sites da Microsoft Ajuda e Suporte Buscar no suporte de MicrosoftEm todo Microsoft.comA Internet Portugus ingls Pgina principal Centros de Suporte Pesquisa Avanada Comunidades Mapa do SiteArticle ID: 947054 - Last Review: January 14, 2008 - Revision: 1.2Registry entries that Routing and Remote Access adds in Windows Server 2008View products that this article applies to.On This PageINTRODUCTIONMORE INFORMATIONRegistry entries for Secure Socket Tunneling ProtocolListenerPortUseHTTPSNoCertRevocationCheckSha256EnabledSha256CertificateHashSha1EnabledSha1CertificateHashServerUriRegistry entries for IPv6 supportEnableIn AllowNetworkAccessFromToRegistry entries for VPN tunnel encryption levelsAllowPPTPWeakCryptoAllowL2TPWeakCryptoExpand all | Collapse allINTRODUCTIONThis article lists the registry entries that Routing and Remote Access adds in W...This article lists the registry entries that Routing and Remote Access adds in Windows Server 2008.Back to the topMORE INFORMATIONRegistry entries for Secure Socket Tunneling ProtocolNote Secure Socket Tunnelin...Registry entries for Secure Socket Tunneling ProtocolNote Secure Socket Tunneling Protocol (SSTP) is a new VPN tunneling protocol that is introduced in Windows Server 2008.ListenerPortRegistry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Sstpsvc\ParametersRegistry entry: ListenerPortData type: REG_DWORDDefault value: 0 You can use the ListenerPort registry entry to change the server-side TCP port on which the SSTP server listens. You can set this value to any valid 16-bit port number. If the value is set to 0, the SSTP server listens on the default port number, depending on the value of the UseHTTPS registry entry. For example, if the UseHTTPS registry entry is set to 1, the default listener port number is 443. If the UseHTTPS registry entry is set to 0, the default listener port number is 80. The ListenerPort registry entry is typically useful in configurations where the VPN server is behind a Network Address Translation (NAT) router or behind a reverse proxy. Notice that SSTP clients always connect to the TCP 443 port. This behavior cannot be configured from the clients.UseHTTPSRegistry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Sstpsvc\ParametersRegistry entry: UseHTTPSData type: REG_DWORDDefault value: 1 You can use the UseHTTPS registry entry to specify whether the SSTP server should listen on the HTTPS port or on the HTTP port. The SSTP server listens on the HTTP port if the value is set to 0. If the value is set to 1, the SSTP server listens on the HTTPS port. This registry entry is typically helpful in load-balancing scenarios. For example, a reverse Web proxy or an SSL load balancer may be configured to receive an HTTPS connection and open an HTTP connection to a remote access server.NoCertRevocationCheckRegistry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Sstpsvc\ParametersRegistry entry: NoCertRevocationCheckData type: REG_DWORD You can use this registry entry to enable or to disable the SSL certificate revocation check that the VPN client performs during the SSL negotiation phase. Certificate revocation check will be performed if the value is set to 0. If the value is set to 1, certificate revocation check will be skipped. Notice that you should set this value to 1 only for debugging. Do not set this value to 1 in your production environment. By default, certificate revocation check is performed.Sha256EnabledRegistry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Sstpsvc\ParametersRegistry entry: Sha256EnabledData type: REG_DWORD You can use the Sha256Enabled registry entry to enable SHA256 support for SSTP crypto binding. If this value is set to 1, SHA256 is enabled. In this case, the Sha256CertificateHash registry entry should contain an appropriate certificate hash. By default, Windows Vista clients support only SHA256. You may want to enable SHA1 on the server side if SSTP is supported on clients that do not support SHA256. If both SHA1 and SHA256 are enabled, SSTP will use the stronger crypto algorithm. By default, this registry setting is enabled.Sha256CertificateHashRegistry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Sstpsvc\ParametersRegistry entry: Sha256CertificateHashData type: REG_BINARY The Sha256CertificateHash registry entry contains a certificate hash that is computed by SHA256. If the UseHTTPS registry entry is set to 1, Routing and Remote Access automatically populates the certificate hash the first time that Routing and Remote Access starts. To do this, Routing and Remote Access finds a computer certificate from the certificate store, and then Routing and Remote Access writes the hash to the Sha256CertificateHash registry entry.Sha1EnabledRegistry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Sstpsvc\ParametersRegistry entry: Sha1EnabledData type: REG_DWORD You can use the Sha1Enabled registry entry to enable SHA1 support for SSTP crypto binding. If this value is set to 1, SHA1 is enabled. In this case, the Sha1CertificateHash registry entry will contain an appropriate certificate hash. By default, Windows Vista clients support only SHA256. You may have to enable SHA1 on the server side if SSTP is supported on clients that do not support SHA256. If both SHA1 and SHA256 are enabled, SSTP will use the stronger crypto algorithm. By default, this registry setting is disabled.Sha1CertificateHashRegistry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Sstpsvc\ParametersRegistry entry: Sha1CertificateHashData type: REG_BINARY The Sha1CertificateHash registry entry contains a certificate hash that SHA1 computes. If the UseHTTPS registry entry is set to 1, Routing and Remote Access automatically populates the certificate hash the first time that Routing and Remote Access starts. To do this, Routing and Remote Access finds a computer certificate from the certificate store, and then Routing and Remote Access writes the hash to the Sha1CertificateHash registry entry. However, if the UseHTTPS registry entry is set to 0, you must manually deploy the certificate hashes to make sure that the VPN server and the SSL load balancer trust one another.ServerUriRegistry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Sstpsvc\ParametersRegistry entry: ServerUriData type: REG_SZ The ServerUri registry entry is set to a value that contains the following value: sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/You must not change this registry entry because it is read-only. This registry entry is typically useful in load-balancing scenarios. The load balancer receives an HTTPS connection that is specific to this URI, and then the load balancer redirects the connection to a remote access server. For example, if the server name is server.contoso.com, the exact HTTPS URI is as follows:https://server.contoso.com/sra_{BA195980-CD49-458b-9E23-C84EE0ADC

Sorry about the duplicated threads Administrators that occurred when i tried to submit the thread and it wouldnt send the information then i refreshed the browser and then no text was there anymore and it was saying i overlaped the number of caracters,so i had copied the text before submiting the thread then i just copied again resulting in that 2 threads with the same topic ,could you guys please delete the other one,apreciate that and sorry for the inconvinient!Kind regards,RR

Taking the same topic i also have some extra settings which i already applied to my system even knowing they could have no effect, some keys that didnt exist i created myself and some stuff is written in portuguese just ignore themso check this out:REMOTE ACCESS PARAMETERSParmetros de acesso remotos so listados por nome de parmetro e podem ser encontrados na seguinte subchave do Registro: SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters Parameter Range Use---------------------------------------------------------------------- AuthenticateRetries 0-10 Sets the maximum number of default = 2 unsuccessful retries at authentication. AuthenticateTime 20-600 secs. Sets the maximum amount of time default: 120 a user is allowed to finish authentication. CallbackTime 2-12 secs. Sets the time interval the default: 2 server waits before calling the client back; client communicates the value of its own callback time when connecting to a Remote Access server. If the client does not communicate a callback time value (as with Remote Access 1.0 and 1.1 clients), the value of this parameter is used. EnableAudit 0 = disabled Enables or disables Remote 1 = enabled Access auditing default: 1 NetbiosGatewayEnabled 0 = disabled Makes the server function like 1 = enabled a NetBIOS gateway, allowing default: 1 clients to access the LAN. If disabled, remote clients can access the files on the server in a point-to-point connection only. NumRecvQueryIndications 1-32 Allows Remote Access clients to default: 3 initiate simultaneous, multiple network connections. PARAMETERS DE GATEWAY NETBIOSNo Windows NT 3.1, os parmetros de gateway NetBIOS so listados por nome de parmetro e podem ser encontrados no Registro o sub-rvore HKEY_LOCAL_MACHINE na seguinte subchave: SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\NetbiosGateway Observao: no Windows NT 3.5 e 3.51, o parmetro de desconexo automtica na sub-rvore HKEY_LOCAL_MACHINE na seguinte subchave: SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters para obter informaes adicionais, consulte a seo parmetros RemoteAccess no manual do Windows NT Server 3.5 Remote Access Service na pgina 82. Parameter Range Use---------------------------------------------------------------------- AutoDisconnect 0-60000 minutes. Sets the time interval after default: 20 which inactive connections are terminated. Inactivity is measured by lack of session data transfer. You may want to set this parameter to 0 minutes if clients are running NetBIOS datagram applications. Setting this parameter to 0 disables AutoDisconnect. DisableMcastFwd 0 = disabled Allows session traffic to haveWhenSessionTraffic 1 = enabled priority over multicast data- default: 1 grams. This means that multicast datagrams are transferred only when there is no session traffic. EnableBroadcast 0 = disabled Determines whether broadcast 1 = enabled datagrams are forwarded to default: 0 remote workstations. See MulticastForwardRate. MaxBcastDgBuffered 16-255 Sets the number of broadcast default: 32 datagrams that the gateway buffers for a client. MaxDgBufferedPer 1-255 Sets the number of datagramsGroupName default: 10 that can be buffered per group name. Because this setting is done in virtual memory, you can set it high. MaxDynMem 131072- Sets the amount of virtual 4294967295 memory used to buffer NetBIOS default: 655350 session data for each remote client. (See Note 1, below.) MaxNames 1-255 Sets the number of unique default: 255) NetBIOS names that each client can have. NetBIOS stacks on the LAN have a maximum of 255 names allocated for all clients (cumulative). For example: To allow 64 clients to connect simultaneously, set this parameter to 3 or 4. MaxSessions 1-255 Sets the maximum number of default: 255 simultaneous NetBIOS sessions each client can have. NetBIOS stacks on the LAN have a maximum of 255 names allocated for all clients. (See Note 2, below.) MultiCast -1 to Governs the multicasting ofForwardRate 4294967295 server announcements (group name secs datagrams) to all remote work- default: 5 stations in a server's domain. -1 Disables forwarding. 0 Guarantees delivery of group name datagrams. n Forwards datagrams every n seconds. (See Note 3, below.) RcvDgSubmitted 1-32 Determines how many NetBIOSPerGroupName default: 3 Receive Datagram commands can be submitted simultaneously for each group name on the LAN stack. Keep this setting as small as possible to minimize the amount of memory consumed by system resources. Each datagram command received locks about 1.5K of physical memory in the system. RemoteListen 0-2 Sets the remote NCB_LISTEN capa- default: 1 bility. (Microsoft recommends using the default value.) 0 Client can't post NCB_LISTEN for any NetBIOS name. 1 Remote client can receive messages from LAN users and printers. Client can post NCB_LISTEN on Windows NT Advanced Server aliases only. 2 Enables NCB_LISTEN for all remote client NetBIOS names, enabling them to run NetBIOS server applications and to act as servers on the network. (See Note 4, below.) SizWorkBufs 1024-65536 Sets the size of work buffers. default: 4500 The default setting is optimized for the server message block (SMB) protocol, the protocol between the workstation and the server running on Windows NT Advanced Server. NOTES: Como o servidor de acesso remoto um gateway entre a linha lenta e a rede local, dados buffer na memria quando provenientes da linha de rpida (LAN) para a linha (assncrona) lenta. O servidor de acesso remoto minimiza o uso de memria fsica, bloqueio somente um conjunto que mnimo de forma interativa tenham de pginas (aproximadamente 64 k por cliente) e fazer uso de memria virtual para o restante dos dados do buffer. Contanto que voc tenha espao em disco suficiente no seu armazenamento de backup, voc pode aumentar esse parmetro se necessrio. Se voc tiver um aplicativo com um remetente de rede local (rpido) e um receptor de assncrono (lenta), e se o remetente est enviando mais dados uma vez que o servidor pode buffer de acesso remoto, o acesso remoto servidor tenta aplicar uma forma de NetBIOS nvel controle de fluxo, no enviando NCB_RECEIVE na sesso, at que ele tenha espao suficiente buffer para armazenar dados de entrada. Nessa situao, voc deve aumentar o tempo limite de NetBIOS SEND e RECEIVE para que o remetente rpido pode manter ritmo com o receptor lento. Para um gateway, voc deve definir o tamanho do NBF para 3 (grande). Isso remove qualquer limite quanta memria o NetBEUI permite a mesmo para usar. Um tamanho de 2 indica um limite de 300K, que suficiente para normalconnections aproximadamente 64. A subchave do registro para este parmetro SYSTEM\CurrentControlSet\Services\Nbf\Parameters. Se houver vrios servidores no domnio, o fluxo de anncios pode aparecer como um fluxo contnuo de datagramas direcionados para estaes de trabalho remotas. Como esses anncios so repetidos, eles desperdiar ciclos de CPU em estaes de trabalho sem qualquer ganho de informaes reais em return.The MultiCastForwardRate parmetro torna possvel para anncios de servidor do filtro por encaminh-las em um intervalo especificado. Se o parmetro EnableBroadcast definido como 0, difuses no so encaminhadas, mesmo se o parmetro de MultiCastForwardRate definido como um nmero positivo (nesse caso, apenas datagramas de difuso seletiva so encaminhadas). Se MultiCastForwardRate for definido como-1, em seguida, difuses so ainda no encaminhadas mesmo se EnableBroadcast estiver definida como 1. (Consulte o parmetro EnableBroadcast.) A capacidade NCB_LISTEN significativamente pode descarregar recursos do sistema. Se o parmetro RemoteListen estiver configurado para 2, o acesso remoto envia um NCB_LISTEN em todos os nomes de NetBIOS de clientes de acesso remoto. Considerando que a estao de trabalho mdia do Windows NT Advanced Server possui aproximadamente 5 nomes de NetBIOS atribudos a ele, o nmero total de nomes NetBIOS para o qual um NCB_LISTEN deve ser lanada 64 5 vezes (o nmero mximo de clientes por servidor de acesso remoto).ASSNCRONO MAC PARAMETERSParmetros de MAC (Media Access Control) assncrona so listados por nome de parmetro e podem ser encontrados na seguinte subchave do Registro: SYSTEM\CurrentControlSet\Services\AsyncMacn\Parameters Parameter Range Use---------------------------------------------------------------------- FramesPerPort 2-20 Allocates frames for each dial-in default: 3 or dial-out port. Set this value to the number of frames the transport may have outstanding at any given time. IrpStackSize 1-10 Sets the number of device drivers default: 5 MAC is layered above. Increase this value only if the serial driver below the MAC needs more stack size. MaxFrameSize 576-1514 Determines the maximum frame size default: 1514 Use smaller frames for noisy links. RAS HUB PARAMETERSParmetros de RAS Hub so listados por nome de parmetro e podem ser encontrados na seguinte subchave do Registro: SYSTEM\CurrentControlSet\Services\RasHub\Parameters Parameter Range Use---------------------------------------------------------------------- NetworkAddress ----- Reassigns the first 4 bytes of the 6-byte IEEE address. For example, if you reset the address to "03-1F-2C-81-92-34," only the first 4 bytes are looked at. Reset this parameter in the RasHub\Parameters subkey with the REG_SZ data type. User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network]System Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Network]Value Name: NoDialInData Type: REG_DWORD (DWORD Value)Value Data: (0 = dial-in enabled, 1 = dial-in disabled)

Ok im posting the latest changes ive made and would like to have some feedback if possible:hkey_local_machine\system\services\remoteacess\parameters\ip\EnableIn: i set to 0 it wassetto 1AllowNetworkAccess: i set to 0 it was setto 1EnableRoute: i set to 0 it was setto1hkey_local_machine\system\services\remoteacess\parameters\nbf\EnableIn: i set to 0 it was setto 1AllowNetworkAccess: i set to 0 it was setto1hkey_local_machine\system\services\remoteacess\interfaces\0Enabled: i set to 0 it was 1(this is the loopback interface)And also this one:hkey_local_machine\software\microsoft\windows\com3allowremoteaccess:i set to 0 it was set to 1so if i did any mistakes can anyone warn me?Thanks in advance and apreciate all help provided so far (sorry for most of the times posting things not related to windows 7 issues)Kind regards,RR