C
Cappy
(Sorry for Multiple Posts- Have Pitty, I'm Old)
I am totally screwed, I think… I need some adult supervision for my next
step at solving a problem…
We did an in place upgrade from NT4 PDC to 2003 Server w/ Mixed/Hybrid Mode
Active Directory. We took our PDC and upgraded it. We upgraded a second
machine (BDC) and all seemed wonderful (DNS included). Now, due apparently
to the structure of our domain, lack of through testing, and following
Microsoft’s directions to a tee, we are in a HUGE MESS!
We have a main site which has our PDC emulator and several legacy BDCs. We
have several remote sites that connect via to the main campus over speedy
links. (You already know what I am going to say, right?) We have a BDP at
each of the remote sites that have not been upgraded to 2000.
Currently whenever we lose one of our T1 links overnight, in the morning
nobody at the remote sight can authenticate to the domain even though a
domain controller (NT4BDC) is on the same subnet and replication thought-out
the domain is going perfectly. I have done several packet captures and it
looks as if the clients are ignoring the local domain control and wanting to
authenticate themselves to an active directory box. It is as if they will
not stand for NTLM authentication anymore having tasted the fruits of
Kerberos. I have tried forcing the AD controller to do NTLM only- but that
still didn’t work. If I remove one of the computers from the domain and
re-add it then it works if I force the AD to do NTLM. (this of course will
not work if the machines are not able to get to the main campus in an outage
situation.) I have tried flipping the machine’s registry for NTLM to 1 but
that didn’t work either.
Please, Please, Please HELP ME! Am I going to have to remove EVERY MACHINE
IN THE ENTIRE ENTERPRISE FROM THE DOMAIN AND RE-ADD THEM??? If so, please
let me know so I may kill myself.
Your Old Hippy/ ex Cobol Programmer Friend.
CappyClam
I am totally screwed, I think… I need some adult supervision for my next
step at solving a problem…
We did an in place upgrade from NT4 PDC to 2003 Server w/ Mixed/Hybrid Mode
Active Directory. We took our PDC and upgraded it. We upgraded a second
machine (BDC) and all seemed wonderful (DNS included). Now, due apparently
to the structure of our domain, lack of through testing, and following
Microsoft’s directions to a tee, we are in a HUGE MESS!
We have a main site which has our PDC emulator and several legacy BDCs. We
have several remote sites that connect via to the main campus over speedy
links. (You already know what I am going to say, right?) We have a BDP at
each of the remote sites that have not been upgraded to 2000.
Currently whenever we lose one of our T1 links overnight, in the morning
nobody at the remote sight can authenticate to the domain even though a
domain controller (NT4BDC) is on the same subnet and replication thought-out
the domain is going perfectly. I have done several packet captures and it
looks as if the clients are ignoring the local domain control and wanting to
authenticate themselves to an active directory box. It is as if they will
not stand for NTLM authentication anymore having tasted the fruits of
Kerberos. I have tried forcing the AD controller to do NTLM only- but that
still didn’t work. If I remove one of the computers from the domain and
re-add it then it works if I force the AD to do NTLM. (this of course will
not work if the machines are not able to get to the main campus in an outage
situation.) I have tried flipping the machine’s registry for NTLM to 1 but
that didn’t work either.
Please, Please, Please HELP ME! Am I going to have to remove EVERY MACHINE
IN THE ENTIRE ENTERPRISE FROM THE DOMAIN AND RE-ADD THEM??? If so, please
let me know so I may kill myself.
Your Old Hippy/ ex Cobol Programmer Friend.
CappyClam