SBS Server 2003 & Server 2003 communications

Posted on 2004-11-24
Last Modified: 2010-04-19

We have a SBS Server 2003 on one customer site (Site A) which is the DC and is the fileserver for site A.
At another site (Site B) they have Server 2003 on the same domain and connected to the SBS Server via a Broadband VPN which is quite reliable.  This server is only being used as a fileserver and for providing Norton AV updates.  

On the rare occassion that the VPN has been down the users at Site B have still been able to get logged onto their accounts (All using XP) using cached profiles but when they have tried to get access to their files on the server its prompting them for a username and password.  The server will grant them access if I enter in the Administrator username and password but no other.

I know the problem lies with the users having to authenticate with the DC across the VPN before the server will allow them access to the data files.  Is there any way we can get users access to the files on the 2003 server without them having to be authenticate with the DC first?? Security is not really an issue in this case as its only a small business.

I have recreated their scenario in our office and attepted to see how promoting the 2003 server to a DC on the same domain would work out.  I got a little confused as to whether I needed to install DNS on the 2003 server before or after installing AD or even at all as I was using the SBS 2003 DNS server.  

I got the two sites setup in the AD Sites tool and everthing seemed nice enough, but when I went to the event viewer on the SBS server I was getting errors & warnings on directory service event ID's 1311, 1312 and 1865.  They seem to state the server has problems contacting the 2003 server, strange, even though I was able to ping and access the server no problem.  What is more confusing is the the AD seems to be replicating the users between the 2 servers!!  

I hope somebody has some ideas, I would rather avoid promoting the 2003 server to a DC if possible, so if there is a workaround to my initial problem I would rather work with that, but failing that can someone tell me if I should be worried by the errors in the event log or can it be safely ignored (I get no error messages on the Server 2003)

Thanks in advance,

Question by:CoreSupport
    LVL 11

    Accepted Solution

    I think part of you problem lies in having two sites and only one domain controller (DC).  For every site, you need to have a DC.  I would recommend it for your scenario.  The DC in Site A is trying to replicate to Site B and there is no DC there.  When you promote the other DC, you do not need to create another DNS server, it will use the DC in Site A.  In the future you may want to make it a DNS server.  

    I'm still thinking about a workaround for you.
    LVL 5

    Expert Comment

    I seem to remember seeing a setting in Group Policy (and Local Security Policy) on a server that essentially hinted that you could tell it to cache credentials in this scenario.

    I've had a search round but can't find it again now I want it. Anyone else ever seen this?

    Author Comment

    I'm now leaning towards the idea of the 2 domain controllers on the same domain as you recommended instead of a nasty hack that could come back and bite me!!

    I was eventually able to resolve my issues getting the two servers to replicate with out the errors appearing in the event log that I was previously getting by reading nearly every post on Experts exchange about AD replication!!

    Turned out when I was running DCDIAG on my SBSServer I was getting an error about ISMSERV service was not running, I mistook the first letter of the service for an 'L' instead of an 'I' which through me off a bit!!

    Once I got that service enabled (SBS 2003 must disable it by default?) I had to run


    This fixed the errors I was getting with the KCCEVENT tests.  I also decided to install the DNS server on the 2nd DC as well, before doing DCPROMO.

    I'm now going to revert back to the image of both test servers before I attempted to create the 2nd DC and see if I can do less stressfully this time!


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now