Authentication Issues

L

lhilgers

I'm currently working on a mixed mode LAN that has two W2K
DC's and a few remaining NT4 BDC's. All client PC's in
the LAN are W2K and XP. A few of our W2K PC's continue to
authenticate to a NT4 BDC. There are no recorded errors
in the W2K client's event log. A PC in an adjacent
cubicle with the exact same IP settings will authenticate
with W2K DC every time.

Has any one seen anything like this? Is there any way to
get the W2K machines to stop authenticating with NT4 BDC's
other than blocking the port for the NT4 authentication
protocol?

Thanks in advance.
 
T

Tom Ausburne

There are a couple of reasons why this happens.

Once a Windows 2000 or Windows XP client discovers or establishes
encrypted channels with Windows 2000/2003 domain controllers, they
will not talk to the NT4 DC again.

During an upgrade this can be prevented by setting the NT4Emulator
value to turn off Kerberos traffic. This prevents the DC's from
becoming overloaded until enough of them have been upgraded.

298713 How to Prevent Overloading on the First Domain Controller
During Domain
http://support.microsoft.com/?id=298713

It could be that the clients have just never discovered the Windows
2000 DC. You can stop the net logon service on the NT4 machines
until the clients have authenticated to the WIndows 2000 DCs at which
time you can restart the service.


Tom Ausburne (MSFT)
Windows 2000 Directory Services
This posting is provided "AS IS" with no warranties, and confers no
rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Authentication 1
Migration Questions 1
To AD or not to AD, that is the question 2
BDC's and Native Mode 2
Decom of NT4 DC's 3
NT4 Password Policy implementation 2
removing a NT4 BDC from mixed mode domain 2
Forrests and trusts (please help) 2

Top