SID Issue after Upgrading to AD to W2K3?

This issues seems to have started after installing the first W2K3-R2 AD
Controller into a W2K AD Domain. It has happened to very few people.

The symptom:
A user starts to get the logon prompt when opening Outlook from a computer
that is a domain member. OL will stay in Disconnected mode. If attempting
to take it out of Offline mode, it would prompt for the password again.
Entering the correct password and choosing "Save Password" logs the user on
in Cached mode, but closing and opening OL again triggers the prompt again.

This also seems to generate the following logs in the users System Event log
(the time on the client and server are in sync):

Event Type: Warning
Event Source: W32Time
Event Category: None
Event ID: 18
Date: 5/19/2006
Time: 9:29:52 AM
User: N/A
Computer: N102306
Description:
The time provider NtpClient failed to establish a trust relationship between
this computer and the corp.netopia.com domain in order to securely
synchronize time. NtpClient will try again in 15 minutes. The error was: The
trust relationship between this workstation and the primary domain failed.
(0x800706FD)

Changing the SID of the machines seems to correct the problem, but we are
still concerned. We do Ghost machines, however, we use SysPrep. The few
machines that this has happened to have been domain members for no less than
a year, so why is this starting. I would like to know if a SID issue
generates any specific error (such as the one above; either on the server or
the client), this way I can at least be sure this is the problem. I also
understand that W2K3-R2 uses Kerberos only and does not fall back to NTLM?
Not sure on that, however.

Any help would be appreciated.
.

Relevant Pages

  • RE: Default printer keeps changing on its own for every user
    ... Are users logging in from different machines? ... i.e. Julie logs on in the office where her default printer is ... Microsoft MVP - Terminal Server ... > auto create only the default printer and all pritner are installed as local ...
    (microsoft.public.windows.terminal_services)
  • Re: Logon type 3 - ID 529
    ... nothing has been installed recently on these machines. ... I couldnt see anything in the logs too. ... the alert appeared. ... I've read logon type 3 can be caused due to access of shared ...
    (microsoft.public.windows.server.sbs)
  • PC trying to connect to a huge list of IP addresses. Aye Chihuahua!
    ... Network Connections pops up a prompt literally about every 5 seconds ... with photos of my niece or my parent's Solitaire scores! ... list of IP addresses pointing to other infected machines? ...
    (comp.security.misc)
  • Re: PC trying to connect to a huge list of IP addresses. Aye Chihuahua!
    ... >Network Connections pops up a prompt literally about every 5 seconds ... >with photos of my niece or my parent's Solitaire scores! ... >list of IP addresses pointing to other infected machines? ...
    (comp.security.misc)
  • Re: [SLE] logdigest and mail problem
    ... I have two SUSE Linux 9.3 Professional machines here. ... still have off site logs. ... I just installed another fresh install and set up everything, ... Your sender address uses a domain name that is not resolvable outside your network. ...
    (SuSE)
Quantcast