W2k3 servers with forest authentication problem

Home Forums Server Operating Systems Windows Server 2000 / 2003 / 2003 R2 W2k3 servers with forest authentication problem

Viewing 1 post (of 1 total)
  • Author
  • Avatar

    Problem Desciption:
    I have installed three windows 2003 servers in separated domains. Before the migration to domain server acting as a member server, there wasn’t any authentication problem with the primary domain controller. After the migration:
    I can add a user from the primary domain to the local group on the sub domain server and use a mapped file without any problems. However when I want to add a global group created on the sub domain to a local group on the primary domain server, I receive a message with authentication denied.
    On the primary server is also the Active Directory of both sub domains NOT visible and tells me the domain servers aren’t connected.
    There is only one DNS server running and is the same as the primary server.
    The ldap sessions are created for both servers.
    I found in the log an error pointing to the “secure channel” and telling me the inbound trust has “insufficient access rights to perform the operation”.
    All the trusts are created and setup as a two-way trust.
    However the forest level can’t be set to windows 2003 and is still in the mixed mode. All other servers are running on a windows 2003 level. I found something on the internet about changing the object “msDSBehaviorVersion” and the “class domainDNS, ntDSDSA and ntMixedDomain”.
    The problem is, I don’t understand where I can change these settings using the tool ASSIEDIT.msc.

    All servers are connected to one switch.
    All have the same IP-range and subnet.
    It is also possible to map and use a share from the child domain onto the primary domain controller using an account on the primary controller.

    Please please help me out with this issue.
    Maybe you send me some detailed information or let me know where i can find a step-by-step manual.

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.