Nt4 Auth w/2000 Native mode?

[Guest]

Hello,

We have a 2000 server that was misconfigured for native mode. This server
is our remote backup server using NovaNet Web backup. One of our clients
remote servers is an NT4 PDC that needs to remotely backup to the 2000 native
mode server. The software requires a windows user account for its primary
authentication method. When the nt4 box attempts to authenticate a user for
the remote backup procedure the authentication fails and the backup is
impossible. Is there any way to force NT4 authentication on the 2000 domain
controller in native mode? It is not part of our network and does not need
any other replication feature or etc except access to the windows 2000
server. Any help please?

Brad

 

[Tomasz Onyszko]

Hello,

We have a 2000 server that was misconfigured for native mode. This server
is our remote backup server using NovaNet Web backup. One of our clients
remote servers is an NT4 PDC that needs to remotely backup to the 2000 native
mode server. The software requires a windows user account for its primary
authentication method. When the nt4 box attempts to authenticate a user for
the remote backup procedure the authentication fails and the backup is
impossible. Is there any way to force NT4 authentication on the 2000 domain
controller in native mode? It is not part of our network and does not need
any other replication feature or etc except access to the windows 2000
server. Any help please?

Native mode should not affect authentication of windows NT clients and
form this windows 2000 standpoint this is Windows NT client (PDC role is
not important here). Could you see any failed authentication attempts
from this NT in the event log of this DC. Check all the options in the
domain security policy and domain controller policy which may affect
communications between windows 2000 and windows NT like signing SMB etc.

 

[Guest]

Thank you for your response, but we have the novanet software running on 2
other 2000 servers that are in mixed mode and it does not have authentication
problems. This 2000 domain controller is pretty fresh OEM assisted install
from IBM. The only real option that was changed is native mode. Could you
elaborate more on the options specific in the security polices? I am not
sure exactly which ones to check on this subject, the few I did check seem to
be ok. Thank you.

Brad

 

[Tomasz Onyszko]

Thank you for your response, but we have the novanet software running on 2
other 2000 servers that are in mixed mode and it does not have authentication
problems. This 2000 domain controller is pretty fresh OEM assisted install
from IBM. The only real option that was changed is native mode. Could you
elaborate more on the options specific in the security polices? I am not
sure exactly which ones to check on this subject, the few I did check seem to
be ok. Thank you.

Hmm - If you changed it to the native mode it means that You changed the
domain to the native mode - so all DCs in this domain are working in
native mode now - even this two others. So I suspect some glitch in the
configuration.

For the first try I will suspect:
- anonymous access settings in the security options of GPO (domain or
domain controller defaults), some old software requires sometime
anonymous access to some data
- SMB signing: once again - security options in security options
- secure channel settings: see above.

 

[Tomasz Onyszko]

Thank you for your response, but we have the novanet software running on 2

and be sure to turn on account logon events auditing and check security
log for failures

 

[Enkidu]

We have a 2000 server that was misconfigured for native
mode. This server is our remote backup server using
NovaNet Web backup. One of our clients remote servers is
an NT4 PDC that needs to remotely backup to the 2000 native
mode server. The software requires a windows user account
for its primary authentication method. When the nt4 box
attempts to authenticate a user for the remote backup
procedure the authentication fails and the backup is
impossible. Is there any way to force NT4 authentication
on the 2000 domain controller in native mode? It is not
part of our network and does not need any other replication
feature or etc except access to the windows 2000 server.

Is the NT4 PDC supposed to be part of the 2000 Domain? If
not, the move to Native mode should have made no difference.
You say that the software needs a windows user account to
access the software. If the user account is, say, 'novanet',
and the 2000 Domain is called, say, 'nativemode' then ensure
that there is a 'novanet' user in the 'nativemode' Domain
and that you know the password.

Then the authentication details in the Novanet client should
be 'nativemode\novanet' with the novanet password on the
'nativemode' Domain. Is that what you have been using?

Cheers,

Cliff

 

[Jorge_de_Almeida_Pinto]

Hello,

We have a 2000 server that was misconfigured for native mode.
This server
is our remote backup server using NovaNet Web backup. One of
our clients
remote servers is an NT4 PDC that needs to remotely backup to
the 2000 native
mode server. The software requires a windows user account for
its primary
authentication method. When the nt4 box attempts to
authenticate a user for
the remote backup procedure the authentication fails and the
backup is
impossible. Is there any way to force NT4 authentication on
the 2000 domain
controller in native mode? It is not part of our network and
does not need
any other replication feature or etc except access to the
windows 2000
server. Any help please?

Brad

What I have read...

You have 2 DCs in mixed mode
You have 1 misconfigured DC in native mode
You have a NT4 PDC

Can you share the info and tell us in which domain(s) the DCs are a
part of?

Is this all 1 big domain?
2 domains?
3 domains?

Native mode means that new features are enabled (universal sec.
groups, group nesting, etc.) and the AD DCs started
talking/replicating in such a way with each other that NT4 DCs don’t
understand.

To me you situation is not clear. Please give some more info on this

 

[Guest]

Okay lets try to clear this up..

Novanet is a remote backup software package that has a server client
relationship. All of the clients sit on external domain controllers in other
business so they are all different domains that we are working with.

We have the server software setup for testing on 3 different places. There
are 2 servers in 1 domain, 1 configured in native mode and one configured in
mixed mode both windows 2000. We will call this Domain A. There is an
external home office backup server that is windows 2000 on a different domain
in mixed mode called Domain B. All of the clients are on Domains C,D,E etc.

The NT4 PDC on Domain C can backup successfully with the same username and
password to Domain B (mixed mode seperate domain) and to the mixed mode
server in Domain A(same one the native mode domain is on) but has
authentication failures to the native mode server in Domain A(Clean install
of windows 2000 just service packs etc, no advanced security has been set up).

This is the problem I am having. It can authenticate to other servers in
mixed mode but not to the one in native mode, and I wanted to know if there
is anything that stops a NT4 PDC from authneticating with a windows 2000
Domain in native mode, and if so, what options are there to change so that I
do not have to reinstall windows again. Thank you.

 

[Enkidu]

Okay lets try to clear this up..

Novanet is a remote backup software package that has a server client
relationship. All of the clients sit on external domain controllers in other
business so they are all different domains that we are working with.

We have the server software setup for testing on 3 different places. There
are 2 servers in 1 domain, 1 configured in native mode and one configured in
mixed mode both windows 2000. We will call this Domain A. There is an
external home office backup server that is windows 2000 on a different domain
in mixed mode called Domain B. All of the clients are on Domains C,D,E etc.

The NT4 PDC on Domain C can backup successfully with the same username and
password to Domain B (mixed mode seperate domain) and to the mixed mode
server in Domain A(same one the native mode domain is on) but has
authentication failures to the native mode server in Domain A(Clean install
of windows 2000 just service packs etc, no advanced security has been set up).

This is the problem I am having. It can authenticate to other servers in
mixed mode but not to the one in native mode, and I wanted to know if there
is anything that stops a NT4 PDC from authneticating with a windows 2000
Domain in native mode, and if so, what options are there to change so that I
do not have to reinstall windows again. Thank you.

You cannot have a Domain with one server in native mode and
the others in mixed mode. A Domain is *either* in native
mode *or* in mixed mode. Can you please say *why* you think
that one server is in native mode and the others in mixed
mode? If one server *appears* to be in a native mode Domain
and the other servers *appear* to be in a mixed mode Domain
then something is seriously wrong with your Domain. I guess
one way it could appear to be this way would be if the DC
*supposedly* in native mode is unable to replicate with the
other DCs, which could then appear to be in mixed mode.

The authentication problems could, I guess, be a result of
the mixed/native mode problem.

Cheers,

Cliff

 

[Guest]

After reading my late night response and your response, I agree that I cannot
have a native and mixed mode domain, given that fact I was incorrect in
stating there are 2 servers in the domain one of native mode and one in mixed
mode.

After resinspecting my configuration to refresh my memory, there are 2
domains at the office in which we store the data. Both domains are behind
the same external factors (same T1, router, etc), running the same version of
the software and windows server 2000. One domain is native and one is mixed
mode. I apologize for the confusion as I stated the problem incorrectly.

The backup software can initiate its remote backup procedure to the mixed
mode domain in our office, but not to the native mode domain in our office.
Thanks again for trying to help.

 

[Enkidu]

No worries. So, the problem is that you can authenticate
with the mixed mode domain, and not with the native mode domain.

I guess you checked that you were using the right
credentials for the native mode domain. That is there is a
user in the Domain whose password you know, and that you try
to authenticate with this Domain using the form
'domain\user' or 'user@domain' and the correct password?

Where does the remote backup software run? Outside you
Domains? I would check that backup software is in fact
*finding* the native mode domain. Do the firewall rules
permit the access from the remote backup software to the
Domain? Is incoming traffic from the remote backup software
being destined for the server in the mixed mode domain
correctly routed?

If you can confirm that the backup software is connecting to
its agent on the server in the native mode Domain, say by
looking and the Event logs, then that would seem to show
some sort of a problem in the remote software, presumably
the agent running on the server in the native mode Domain.

Cheers,

Cliff