Windows 2000 machiens cannot do loopback processing

  • Thread starter Thread starter HP409ss
  • Start date Start date
H

HP409ss

We have upgrade a good chunk of Windows 2000 SP3 servers and
workstations to the latest MS Hot Fix MS03-045. Since then we are
receiving the following errors in the event log....

Windows cannot do loopback processing when the computer is joined to a
downlevel domain or is a member of a workgroup. Loopback processing
will be disabled.

&

The logged on user's forest is different from the machine's forest.
Cross Forest Group Policy processing is disabled and loopback
processing has been enforced in this forest for this user account.

Our machines are located in NT4 resource domains while our users are
in a Mixed mode AD across 2000 and 2003 servers. ( We are taking about
40 0r 50)

All signs point to this being an issue with W2K SP4 but since all
machines are SP3 I can not find a fix. I wish it was as easy as the
tech notes on enabling
cross-forest user policies in GRP.

Has anyone seen this? Is there a way to resolve this without backing
off the Hot Fix(Which we have done and the error goes away and speed
returns to the server)?

Thanks for the help.
 
Hello.

You can either reconfigure the local policy of the client to include the
setting "Allow Cross-Forest User Policy and Roaming User Profiles" or modify
the registry of the client directly:
HKLM\Software\Policies\Microsoft\Windows\System\AllowX-ForestPolicy-and-RUP
Reg DWORD Value = 1.

823862 User Policies Are Not Applied When You Log On to a Computer That Is
http://support.microsoft.com/?id=823862
824390 Cannot Log On to a Windows NT 4.0 Resource Domain from a Windows
http://support.microsoft.com/?id=824390

David Fisher
Enterprise Platform Support
 
That is not an option since the client side is still SP3. From waht I
gather this option is not available untill SP4.
 
Since your machine accounts reside in a Windows NT4 domain, loopback policy
processing is not supported.
231287 Loopback Processing of Group Policy
http://support.microsoft.com/?id=231287
Excerpt

NOTE: Loopback is supported only in a purely Windows 2000 based environment.
Both the computer account and the user account must be in Active Directory.
If a Microsoft Windows NT 4.0 based domain controller manages either
account, the loopback does not function. The client computer must be a
Windows 2000 based computer
--
--
Gary Mudgett, MCSE, MCSA
Windows 2000 Directory Services


=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
HP409ss said:
That is not an option since the client side is still SP3. From waht I
gather this option is not available untill SP4.

"David Fisher [MSFT]" <[email protected]> wrote in message
Hello.

You can either reconfigure the local policy of the client to include the
setting "Allow Cross-Forest User Policy and Roaming User Profiles" or modify
the registry of the client directly:
HKLM\Software\Policies\Microsoft\Windows\System\AllowX-ForestPolicy-and-RUP
Reg DWORD Value = 1.

823862 User Policies Are Not Applied When You Log On to a Computer That Is
http://support.microsoft.com/?id=823862
824390 Cannot Log On to a Windows NT 4.0 Resource Domain from a Windows
http://support.microsoft.com/?id=824390

David Fisher
Enterprise Platform Support
Click to expand...
Click to expand...
 
Back
Top