SBS Server 2003 & Server 2003 communications


We have a SBS Server 2003 on one customer site (Site A) which is the DC and is the fileserver for site A.
At another site (Site B) they have Server 2003 on the same domain and connected to the SBS Server via a Broadband VPN which is quite reliable.  This server is only being used as a fileserver and for providing Norton AV updates.  

On the rare occassion that the VPN has been down the users at Site B have still been able to get logged onto their accounts (All using XP) using cached profiles but when they have tried to get access to their files on the server its prompting them for a username and password.  The server will grant them access if I enter in the Administrator username and password but no other.

I know the problem lies with the users having to authenticate with the DC across the VPN before the server will allow them access to the data files.  Is there any way we can get users access to the files on the 2003 server without them having to be authenticate with the DC first?? Security is not really an issue in this case as its only a small business.

I have recreated their scenario in our office and attepted to see how promoting the 2003 server to a DC on the same domain would work out.  I got a little confused as to whether I needed to install DNS on the 2003 server before or after installing AD or even at all as I was using the SBS 2003 DNS server.  

I got the two sites setup in the AD Sites tool and everthing seemed nice enough, but when I went to the event viewer on the SBS server I was getting errors & warnings on directory service event ID's 1311, 1312 and 1865.  They seem to state the server has problems contacting the 2003 server, strange, even though I was able to ping and access the server no problem.  What is more confusing is the the AD seems to be replicating the users between the 2 servers!!  

I hope somebody has some ideas, I would rather avoid promoting the 2003 server to a DC if possible, so if there is a workaround to my initial problem I would rather work with that, but failing that can someone tell me if I should be worried by the errors in the event log or can it be safely ignored (I get no error messages on the Server 2003)

Thanks in advance,

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I think part of you problem lies in having two sites and only one domain controller (DC).  For every site, you need to have a DC.  I would recommend it for your scenario.  The DC in Site A is trying to replicate to Site B and there is no DC there.  When you promote the other DC, you do not need to create another DNS server, it will use the DC in Site A.  In the future you may want to make it a DNS server.  

I'm still thinking about a workaround for you.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
I seem to remember seeing a setting in Group Policy (and Local Security Policy) on a server that essentially hinted that you could tell it to cache credentials in this scenario.

I've had a search round but can't find it again now I want it. Anyone else ever seen this?
CoreSupportAuthor Commented:
I'm now leaning towards the idea of the 2 domain controllers on the same domain as you recommended instead of a nasty hack that could come back and bite me!!

I was eventually able to resolve my issues getting the two servers to replicate with out the errors appearing in the event log that I was previously getting by reading nearly every post on Experts exchange about AD replication!!

Turned out when I was running DCDIAG on my SBSServer I was getting an error about ISMSERV service was not running, I mistook the first letter of the service for an 'L' instead of an 'I' which through me off a bit!!

Once I got that service enabled (SBS 2003 must disable it by default?) I had to run


This fixed the errors I was getting with the KCCEVENT tests.  I also decided to install the DNS server on the 2nd DC as well, before doing DCPROMO.

I'm now going to revert back to the image of both test servers before I attempted to create the 2nd DC and see if I can do less stressfully this time!

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.