Re: Overcomplicating an OS: NTLM, Kerberos, Win2003/2000 incompatibility.

From: G. Tarazi ("G.)
Date: 10/08/04


Date: Fri, 8 Oct 2004 11:42:33 -0400

It's not 50,000 Win2003 machines, its 2000 all kinds of Windows machines.

"Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message news:%23twBmzOrEHA.592@TK2MSFTNGP11.phx.gbl...
> This doesn't make sense. You seem to have the following setup:
>
> Client -> Windows 2003 (with SPS) -> Web Service on Windows 2000
>
> In this case, you do not need to mark the Windows 2000 computer as "trusted
> for delegation". You need to mark the WIndows 2003 machine as "trusted for
> delegation"
>
> Why would you have 50,000 Windows 2003 machines that need to be trusted for
> delegation?
>
> In any case, what does this have to do with your original post? You
> complained about incompatible authentication. You said:
> "Someone at Microsoft decided that IIS on 2003 will be using incompatible
> authentication by default with 2000's IIS, and that's it, SharePoint on 2003
> is not able to access the web services on 2000."
>
> What is incompatible? Please be precise, please don't just post vague
> comments about things. That way we can help you with your problem. On the
> other hand, if you just want to rant and complain, please make it clear that
> you are doing so, so that we don't waste time looking at your problem.
>
> Thanks
>
> Cheers
> Ken
>
>
> "G. Tarazi" <Tarazi (at) LiveTechnologies.ca> wrote in message
> news:OYkTBFHrEHA.3744@TK2MSFTNGP10.phx.gbl...
> > So simple
> >
> >
> >
> > Install Active Directory (PC1)
> >
> > Install Windows 2003 Server / SharePoint PC2
> >
> > Install Windows 2000 Pro PC3 (for the software developers) / VS.NET C#
> >
> > Add all to the domain.
> >
> > Create a SPS site on Win2003
> >
> > Create a Web service in Win2000
> >
> > Disable the anonymous connection and keep the windows authentication on
> > both
> > IIS
> >
> > Call the web service (that is on W2000) in the new SPS site. W2003
> >
> >
> >
> > And then you will realize what I am talking about, the W2003 is using
> > Kerberos the W2000 not. And making them compatible according to
> > support.microsoft.com means making W2000 trusted for delegation, it can
> > happen in an environment where there is 5 Pc's, but when you have 50,000 I
> > don't think so.
> >
> >
> >
> >
> > "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
> > news:%23MQ3evBrEHA.2904@TK2MSFTNGP15.phx.gbl...
> >> ?!?
> >>
> >> What authentication is "incompatible"?
> >>
> >> Do you really know what you're talking about? Or are you just ranting
> >> because you ran into something you didn't quite understand?
> >>
> >> Cheers
> >> Ken
> >>
> >>
> >> --
> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >> "G. Tarazi" <Tarazi (at) LiveTechnologies.ca> wrote in message
> >> news:uBPUdU8qEHA.556@tk2msftngp13.phx.gbl...
> >> I am just not getting it
> >>
> >> There is a web server with Windows 2003 and a SharePoint server on it,
> >> and
> >> there is a 2000 server with .net 1.1 and web services on it, and both are
> > on
> >> the active directory and there are thousands of computers there.
> >>
> >> Someone at Microsoft decided that IIS on 2003 will be using incompatible
> >> authentication by default with 2000's IIS, and that's it, SharePoint on
> > 2003
> >> is not able to access the web services on 2000.
> >>
> >> And that causes tons of treble and hundreds of lost hours of
> >> productivity.
> >>
> >> Think about it next time, before someone says "Do more with less".
> >>
> >>
> >
> >
>
>



Relevant Pages

  • Re: Overcomplicating an OS: NTLM, Kerberos, Win2003/2000 incompatibility.
    ... what does this have to do with your original post? ... > complained about incompatible authentication. ... > other hand, if you just want to rant and complain, please make it clear that ...
    (microsoft.public.windows.server.security)
  • Re: Gender
    ... news client, they have no right to complain. ... right now I see in the title section of my reply editable boxes ... Windows machines manages that!!! ...
    (sci.lang)