Issues when running a mixed mode Active Directory with 2003 & 2012R2 Domain Controllers

The Windows Active Directory team have just relased a blog post regarding issues with mixed mode windows 2003 & 2012R2 Active Directory envirmoents.

Now lots of people are upgrading to Active Directory 2012 and many of those are from 2003.

The known symptons seem to be:

1. When any domain user tries to log on to their computer, the logon may fail with “unknown username or bad password”. Only local logons are successful.

2. Operating Systems on which the issue has been seen: Windows 7, WS2008 R2, WS2012 R2

3. This can affect Clients and Servers (including Domain Controllers)

4. This problem specifically occurs after the affected machine has changed its password. It can vary from a few minutes to a few hours post the change before the symptoms manifest.

The suggested workaround is to restart the computer that is experiencing the issue. This recreates the AES key as the client machine or member server reaches out to the KDC for Salt. Usually, this will fix the issue temporarily. (at least until the next password change).

My advice would be not to doodle around with the migration and remove all 2003 Active Directory servers as soon as possible. Granted in some enviroments this is not always that simple to perfrom.

For the full article read the Active Directroy teams blog over here.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s