R
raylward102
We recently had our server 2k upgraded. Previously 1 DC.
Our domain functional level is now server 2008; Primary DC server 2016, Secondary DC server 2008 R2.
Shortly after the migration, we began to experience client pc lock-outs. Users would attempt login; login failed stating 'Bad-wrong password' (something like that). The entered passwords were correct but would not work; rebooting the client system would solve. The event log seems to point to a Kerberos machine account password error of sorts. This happened randomly to about 15 systems (win7, win10..fully patched) and went through a lot of troubleshooting and finger pointing, from the outfit who performed the migration for us. The end verdict from this IT outfit who assisted with the migration, is that there was this same problem existing between mixed server 2003- 2012 DC's that behaved the same way and was eventually patched by Microsoft. The IT Outfit believes this is the same problem were having here, where the client computer tires to renew the machine account password with the server 2008 r2 DC and along comes our problem. We actually turned the server 2008 r2 DC off for a month and completely saw the problem go away for good (only the server 2016 DC, servicing the clients). That said, this outfit has basically told me, we can't continue to use the server 2008 r2 or we can if we disable machine account passwords for the domain.
I can't seem to find any other people having this exact issue online, with a server 2016-server 2008 r2 DC's. What are your thoughts with this issue we're facing and do you think it's wise to move forward with circumventing the security (disabling machine account passwords for all machines). Obviously we could go and buy another license for server 2016; I 'm just wondering why we're paying a professional rate @ 180/hr, to spend so many hours troubleshooting a problem that I don't see on anyone else's radar.
Here is the ref to the server 2003-2012 context: https://social.technet.microsoft.com/Forums/en-US/e16fcdda-8e5a-4b30-bbe0-d847bcb68b4e/dc-refuses-administrator-log-on?forum=winserverDS
Robert
Continue reading...
Our domain functional level is now server 2008; Primary DC server 2016, Secondary DC server 2008 R2.
Shortly after the migration, we began to experience client pc lock-outs. Users would attempt login; login failed stating 'Bad-wrong password' (something like that). The entered passwords were correct but would not work; rebooting the client system would solve. The event log seems to point to a Kerberos machine account password error of sorts. This happened randomly to about 15 systems (win7, win10..fully patched) and went through a lot of troubleshooting and finger pointing, from the outfit who performed the migration for us. The end verdict from this IT outfit who assisted with the migration, is that there was this same problem existing between mixed server 2003- 2012 DC's that behaved the same way and was eventually patched by Microsoft. The IT Outfit believes this is the same problem were having here, where the client computer tires to renew the machine account password with the server 2008 r2 DC and along comes our problem. We actually turned the server 2008 r2 DC off for a month and completely saw the problem go away for good (only the server 2016 DC, servicing the clients). That said, this outfit has basically told me, we can't continue to use the server 2008 r2 or we can if we disable machine account passwords for the domain.
I can't seem to find any other people having this exact issue online, with a server 2016-server 2008 r2 DC's. What are your thoughts with this issue we're facing and do you think it's wise to move forward with circumventing the security (disabling machine account passwords for all machines). Obviously we could go and buy another license for server 2016; I 'm just wondering why we're paying a professional rate @ 180/hr, to spend so many hours troubleshooting a problem that I don't see on anyone else's radar.
Here is the ref to the server 2003-2012 context: https://social.technet.microsoft.com/Forums/en-US/e16fcdda-8e5a-4b30-bbe0-d847bcb68b4e/dc-refuses-administrator-log-on?forum=winserverDS
Robert
Continue reading...