Re: nt4 servers on AD2003 with server 2008 - global \local securitygroup problem
Re: nt4 servers on AD2003 with server 2008 - global \local securitygroup problem
I have found a resolution to this problem. The problem is with secure
channels and the NT client authentication process. This problem has
occured within our set up as we have 4 windows 2008 domain
controllers, and 2 windows 2003 domain controllers. If the nt4 server
authenticates secure channel with a 2008dc - it cannot see the domain
correctly.
I enabled LMHOSTS on the network card settings, and insert an lmhosts
entry(which points to a windows 2003 domain controller), as referenced
by this website:
http://www.windowsnetworking.com/kb...olslogindomaincontrollerinWANenvironment.html
Once this entry has been set, after a reboot the server can now see
the domain properly and all local groups show the correctly contained
global groups.
The only fall back with this is - if the server which is noted in the
lmhosts file is unobtainable then the server won't authenticate with
that domain controller. The other way round this is to use a tool
called 'setprfdc.exe' which is found within the i386 folder of NT
servers with SP4 and above. This tool allows you to set a preferential
order, i.e dc1, dc2, dc3 for authentication.
I hope this helps somebody
