Re: 2003 AD XP Client domain name change
From: Seth Scruggs [MSFT] (sethsc_at_online.microsoft.com)
Date: 04/01/04
- Next message: jon: "EVENT LOG!!!!"
- Previous message: Jason Robarts [MSFT]: "Re: Windows Server 2003 Active Directory Branch Office Guide"
- In reply to: Kenno: "2003 AD XP Client domain name change"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 1 Apr 2004 10:19:10 -0500
One of the main problems with this scenario is that once a 2K/XP client
finds a server willing to authenticate them using Kerberos (as a W2K or 2003
DC would), it will never go back to NTLM. Basically, once a 2K/XP client
finds a Windows 2000 or 2003 DC, it will always need to authenticate with a
2000 or 2003 DC.
-- Seth Scruggs [MSFT] Windows 2000 Directory Services ===================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ===================================================== This posting is provided "AS IS" with no warranties, and confers no rights. "Kenno" <philip.kennedy@wineselectors.com.au> wrote in message news:1716101c417e3$436564f0$a101280a@phx.gbl... Currently have an AD 2003 test network setup in interim mode with an NT4 domain name of hdom and a 2003 domain name of selectors.com.au the test network was built by removing a NT4 bdc from the production network and upgrading it to 2003 AD. When ever I take an XP Pro workstation from the production NT4 network and logon to the test 2003 network it changes it's domain name from hdom to selectors.com.au on the XP client computer ID tab under properties of My Computer. When this client PC is then switched back to the production network I get the following event log errors and fails to log on to the NT4 domain. Can anybody tell me how to stop the domain name being changed when the XP client logs onto the 2003 AD network. The reason is if I perform an AD upgrade on the production network but then need to roll back I will need to remove all the clients from the domain that have logged onto the 2003 DC and then readd them back onto the domain. Event Type: Error Event Source: NETLOGON Event Category: None Event ID: 5791 Date: 4/1/2004 Time: 5:10:56 PM User: N/A Computer: AWS1135 Description: The domain of this computer, HVWSDOM has been downgraded from Windows 2000 or newer to Windows NT4 or older. The computer cannot function properly in this case for authentication purposes. This computer needs to rejoin the domain. The following error occurred: There are currently no logon servers available to service the logon request. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 5e 00 00 c0 ^..À Event Type: Warning Event Source: LSASRV Event Category: SPNEGO (Negotiator) Event ID: 40961 Date: 4/1/2004 Time: 5:10:45 PM User: N/A Computer: AWS1135 Description: The Security System could not establish a secured connection with the server cifs/hvws06.wineselectors.com.au. No authentication protocol was available. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Warning Event Source: LSASRV Event Category: SPNEGO (Negotiator) Event ID: 40960 Date: 4/1/2004 Time: 5:10:45 PM User: N/A Computer: AWS1135 Description: The Security System detected an attempted downgrade attack for server cifs/hvws06.wineselectors.com.au. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request. (0xc000005e)". For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Thanks
- Next message: jon: "EVENT LOG!!!!"
- Previous message: Jason Robarts [MSFT]: "Re: Windows Server 2003 Active Directory Branch Office Guide"
- In reply to: Kenno: "2003 AD XP Client domain name change"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
