Re: nt4 servers on AD2003 with server 2008 - global \local securitygroup problem

[Guest Mhairi]

Re: nt4 servers on AD2003 with server 2008 - global \local securitygroup problem

 

Sorry, my line re the nt4 server's always authenticating with the pdc

emulator is wrong - the nt4 servers will authenticate with ANY dc

[Guest Mhairi]

Re: nt4 servers on AD2003 with server 2008 - global \local securitygroup problem

 

Re: nt4 servers on AD2003 with server 2008 - global \local securitygroup problem

 

I have found a resolution to this problem. The problem is with secure

channels and the NT client authentication process. This problem has

occured within our set up as we have 4 windows 2008 domain

controllers, and 2 windows 2003 domain controllers. If the nt4 server

authenticates secure channel with a 2008dc - it cannot see the domain

correctly.

 

I enabled LMHOSTS on the network card settings, and insert an lmhosts

entry(which points to a windows 2003 domain controller), as referenced

by this website:

http://www.windowsnetworking.com/kbase/WindowsTips/WindowsNT/AdminTips/Network/WindowsNTsSetPrfDCcontrolslogindomaincontrollerinWANenvironment.html

 

Once this entry has been set, after a reboot the server can now see

the domain properly and all local groups show the correctly contained

global groups.

The only fall back with this is - if the server which is noted in the

lmhosts file is unobtainable then the server won't authenticate with

that domain controller. The other way round this is to use a tool

called 'setprfdc.exe' which is found within the i386 folder of NT

servers with SP4 and above. This tool allows you to set a preferential

order, i.e dc1, dc2, dc3 for authentication.

 

I hope this helps somebody :)