Re: Re: Make 2003svr a DC+NT4 Servers=NT4 get denied access!
- From: burnsl <UseLinkToEmail@xxxxxxxxxxxxxxxxxxxxx>
- Date: 3 Nov 2005 01:35:56 -0500
"" wrote:
> burnsl wrote:
> > Our network is ancient.
> >
> > We have NT4 servers
> > windows 2000 servers
> >
> > and now...
> >
> > We got a new server and our 2003 exchange enterprise edition
> > agreement.
> >
> > I installed 2003 STD server, and made it a domain
> controller.
> > Later, I started the process of prepping the AD environment
> and
> > reaized that i needed to expand the AD to include some new
> 2003 server
> > objects.
> >
> > I did so, and all seemed fine.
> >
> > I then took a script that would complete the process of
> prepping the
> > AD structure to accept exchange 2003.
> >
> > however this script also ran, (for some ungodly reason) then
> GPOFIX
> > tool!!!!
> >
> > this reset the GPO to default, but for 2003? or 200? i
> dunno.
> >
> > Bottom line is, my NT4 servers cannot authenticate to the
> PDC_emulator
> > anymore.
> >
> > they get access denied if i browse to the server and try to
> open it
> > from network neigborhood on a NT4 box.
> >
> > from the 2000 servers i can freely expand all folders on the
> NT4
> > boxes, but not from NT4 to the 2000 PDC_EMU.
> >
> > Our production mail server runs on one of these NT4 systems
> and noone
> > can login to the exchange server.
> >
> > i cant beleive i did this.
> >
> Are you saying that you took a member server in an NT Domain
> and made it a Windows 2003 DC? If it was NOT the PDC of the
> NT4 Domain at the time, then it is no longer part of the
> same NT4 Domain.
>
> Cheers,
>
> Cliff
>
> --
>
> Barzoomian the Martian - http://barzoomian.blogspot.com
No...
I installed a new 2003 server and one of the funtions of the script
that i used was to reset the GPO to default for 2003.
Dont ask me why i did that.
As a result at least two things got elevated to a level that made NT4
incompatible.
1) the Policy object: send LM & NTLM responses was set to NTLM only.
2) use a secure encrypted channel (always) was set.
these two elevated the security beyond NT4s abilities.
I have reset these and after a hour regained access to NT4 servers.
Its all working now.
--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Make-2003svr-DC-NT4-Servers-NT4-denied-access-ftopict438417.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1484281
.
- References:
- Prev by Date: Re: One AD Domain Controller can not talk to another.
- Next by Date: dfs link exist but cannot be found ???
- Previous by thread: Re: Make 2003svr a DC+NT4 Servers=NT4 get denied access!
- Next by thread: Re: Wndows 2000 and 2003 forests and domains
- Index(es):
Relevant Pages
|
