> The telling symptom is that the primary DNS suffix of the machine > gets set to the FQDN of its domain (ipconfig /all).
Note that that doesn't always happen. If you set the registry or clear the checkbox for change DNS domain on join you don't change. This is called a disjoint namespace and is fully supported and pretty common in large deployments. Having a single dnz zone for hundreds of sites and thousands or tens of thousands of clients usually isn't something large companies like. They rather break it up. We break up our DNS pretty much by building and each building pretty much does their own DNS management. Note we do not use Windows DNS. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Willem Kasdorp Sent: Saturday, February 14, 2004 12:10 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] W2K not authenticated by NT4 BDC when DC is down. I'm not so sure. Once a W2000+ machine finds a DC talking Kerberos it will always want to talk Kerberos, for security reasons probably. The telling symptom is that the primary DNS suffix of the machine gets set to the FQDN of its domain (ipconfig /all). The only way I know to fix that is to rejoin the member to the NT4 domain. If you don't want to have the Kerberos lock-in happening, check out the NT4Emulator registry value. Not without its pitfalls, but may come in handy. -- Regards, Willem -----Oorspronkelijk bericht----- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Roger Seielstad Verzonden: zaterdag 14 februari 2004 17:32 Aan: '[EMAIL PROTECTED]' Onderwerp: RE: [ActiveDir] W2K not authenticated by NT4 BDC when DC is down. That was indeed an issue with gold code, but I beleve SP1 fixed that. -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: joe [mailto:[EMAIL PROTECTED] > Sent: Friday, February 13, 2004 9:10 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] W2K not authenticated by NT4 BDC when DC is > down. > > > It has been several years since I have played with NT and 2K DCs side > by side but I seem to recall that once a W2K client finds a W2K Server > it won't go back and use an NT4 server. I.E. No failback. That may not > be the case anymore with the various SP's as my experiences were SP0 > but worth checking. > > Also I would verify DNS, W2K prefers to use DNS to find DCs and the > NT4 BDC would not have the proper records registered. > > You could have a really great idea of what was happening with a > network trace. > > joe > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Niklas > Wikander > Sent: Friday, February 13, 2004 1:11 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] W2K not authenticated by NT4 BDC when DC is down. > > I'm preparing an upgrade of a NT domain to a W2k domain. > > The scenario: > > I have one NT PDC and one NT BDC in my domain TEST. > In the TEST domain I have one W2kclient. Everything works great. > > I upgrade the PDC to W2k DC and with the upgrade I also install DNS on > the DC and name the domain TEST.LOCAL Everything works great and I can > login to TEST.LOCAL with the W2kclient. > > But, > When the DC is down and only the old NT BDC is up, I cannot login to > the domain. > I get the classic error: > The system cannot log you on to this domain because the system's > computer account in its primary domain is missing or the password on > that account is incorecct. > > When I look in the event viewer the synchronization works between the > DC and the BDC. > With both DC and BDC I can see the W2kclient computer account in > server manager. > But with the DC down I only see the two servers in server manager. > > Why is the account missing when the DC is down? > Probably I have missed something in the upgrade process but I cannot > figure out what. > I have tried this twice now with the same result. > > Any suggestions? > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
