Re: Domain Migration: Can not find domain controller

---

• From: BlueIT <bijal.shah@xxxxxxxxxx>
• Date: Wed, 6 Aug 2008 07:16:53 -0700 (PDT)

---

On Aug 6, 6:33 am, v-das...@xxxxxxxxxxxxxxxxxxxx (David Shen [MSFT])
wrote:

Hello,

Thanks for your reply.

According to your test result, it seems to be not an DNS resolution issue..
I suspect this may be cause by security channel failure.

Please make a few change of "Default Domain Controller Policy" both on DCs
of Domain A and Domain B as mentioned below:

SMB Signing and/or Encrypting

- Microsoft network client: Digitally sign communications (always) DISABLED

- Microsoft network client: Digitally sign communications (if server
agrees) ENABLED

- Microsoft network server: Digitally sign communications (always) DISABLED

- Microsoft network server: Digitally sign communications (if client
agrees) ENABLED

- Domain member: Digitally encrypt or sign secure channel data (always)
DISABLED

- Network access: Named pipes can be accessed anonymously ENABLED LM
Compatibility

- Network security: LAN Manager authentication level: "Send LM & NTLM - use
NTLMV2 session security if negotiated"

After rebooting the servers, please check if you can create and validate
the inbound and outbound Trust from Domain B.

Hope it helps.

David Shen
Microsoft Online Partner Support

David-

Once again thank you for the help.

My only question is - Network access: Named pipes can be accessed
anonymously ENABLED LM
Compatibility

Is LM Compatibility one word or two?

Also, when I selected ENABLED, Define the policy setting in the
template consist of the following:COMNAP
COMNODE
SQL\QUERY
SPOOLSS
LLSRPC
BROWSER
netlogon

Do I override this base on your suggestions?

B
.

---

• Follow-Ups:
  • Re: Domain Migration: Can not find domain controller
    • From: BlueIT

• References:
  • Domain Migration: Can not find domain controller
    • From: BlueIT
  • RE: Domain Migration: Can not find domain controller
    • From: David Shen [MSFT]

• Prev by Date: Re: Replacing Server
• Next by Date: Re: Can I replace an old webserver with the same ip and hostname?
• Previous by thread: RE: Domain Migration: Can not find domain controller
• Next by thread: Re: Domain Migration: Can not find domain controller
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: SMBmount conspiracy ... My local security policy settings are like this: ... Microsoft network client - digitally sign communications - ... Microsoft network server - digitally sign communications - ... (RedHat) RE: SMBmount conspiracy ... Local Policies - Security Options - Microsoft network client - digitally ... sign communications - DISABLED ... Local Policies - Security Options - Microsoft network server - digitally ... (RedHat) The SMBMOUNT plot thickens ... Event viewer shows a successful logon by my mount.cifs client ... Microsoft network client - digitally sign communications - ... Microsoft network server - digitally sign communications - ... (RedHat) RE: Domain Migration: Can not find domain controller ... I suspect this may be cause by security channel failure. ... Microsoft network client: Digitally sign communications DISABLED ... Microsoft network server: ... (microsoft.public.windows.server.migration) Re: disable digital signing ... "Microsoft Network Client: Digitally sign communications " ... "Microsoft Network Server: Digitally sign communications ". ... (microsoft.public.windows.group_policy)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)