Re: Remote site BDCs won't auth clients when T1 to AD 2003 is down LTLM?
From: Jerold Schulman (Jerry_at_jsiinc.com)
Date: 01/16/04
- Next message: Tom Blackwell: "Re: Printing and File Access in two Domains"
- Previous message: Brian Komar : "Re: generating user certificate for code signing"
- In reply to: Cappy_at_Aol.com: "Remote site BDCs won't auth clients when T1 to AD 2003 is down LTLM?"
- Next in thread: Richard McCall [MSFT]: "Re: Remote site BDCs won't auth clients when T1 to AD 2003 is down LTLM?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 16 Jan 2004 08:34:49 -0500
On Fri, 16 Jan 2004 01:40:47 GMT, Cappy@Aol.com wrote:
>(Sorry for Multiple Posts- Have Pitty, I'm Old)
>I am totally screwed, I think… I need some adult supervision for my next
>step at solving a problem…
>We did an in place upgrade from NT4 PDC to 2003 Server w/ Mixed/Hybrid Mode
>Active Directory. We took our PDC and upgraded it. We upgraded a second
>machine (BDC) and all seemed wonderful (DNS included). Now, due apparently
>to the structure of our domain, lack of through testing, and following
>Microsoft’s directions to a tee, we are in a HUGE MESS!
>We have a main site which has our PDC emulator and several legacy BDCs. We
>have several remote sites that connect via to the main campus over speedy
>links. (You already know what I am going to say, right?) We have a BDP at
>each of the remote sites that have not been upgraded to 2000.
>Currently whenever we lose one of our T1 links overnight, in the morning
>nobody at the remote sight can authenticate to the domain even though a
>domain controller (NT4BDC) is on the same subnet and replication thought-out
>the domain is going perfectly. I have done several packet captures and it
>looks as if the clients are ignoring the local domain control and wanting to
>authenticate themselves to an active directory box. It is as if they will
>not stand for NTLM authentication anymore having tasted the fruits of
>Kerberos. I have tried forcing the AD controller to do NTLM only- but that
>still didn’t work. If I remove one of the computers from the domain and
>re-add it then it works if I force the AD to do NTLM. (this of course will
>not work if the machines are not able to get to the main campus in an outage
>situation.) I have tried flipping the machine’s registry for NTLM to 1 but
>that didn’t work either.
>Please, Please, Please HELP ME! Am I going to have to remove EVERY MACHINE
>IN THE ENTIRE ENTERPRISE FROM THE DOMAIN AND RE-ADD THEM??? If so, please
>let me know so I may kill myself.
>Your Old Hippy/ ex Cobol Programmer Friend.
>CappyClam
See if http://support.microsoft.com?kbid=293127 helps.
Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com
- Next message: Tom Blackwell: "Re: Printing and File Access in two Domains"
- Previous message: Brian Komar : "Re: generating user certificate for code signing"
- In reply to: Cappy_at_Aol.com: "Remote site BDCs won't auth clients when T1 to AD 2003 is down LTLM?"
- Next in thread: Richard McCall [MSFT]: "Re: Remote site BDCs won't auth clients when T1 to AD 2003 is down LTLM?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
