[Last Call] Learn how to a build a cloud-first strategyRegister Now


SBS Server 2003 & Server 2003 communications

Posted on 2004-11-24
Medium Priority
Last Modified: 2010-04-19

We have a SBS Server 2003 on one customer site (Site A) which is the DC and is the fileserver for site A.
At another site (Site B) they have Server 2003 on the same domain and connected to the SBS Server via a Broadband VPN which is quite reliable.  This server is only being used as a fileserver and for providing Norton AV updates.  

On the rare occassion that the VPN has been down the users at Site B have still been able to get logged onto their accounts (All using XP) using cached profiles but when they have tried to get access to their files on the server its prompting them for a username and password.  The server will grant them access if I enter in the Administrator username and password but no other.

I know the problem lies with the users having to authenticate with the DC across the VPN before the server will allow them access to the data files.  Is there any way we can get users access to the files on the 2003 server without them having to be authenticate with the DC first?? Security is not really an issue in this case as its only a small business.

I have recreated their scenario in our office and attepted to see how promoting the 2003 server to a DC on the same domain would work out.  I got a little confused as to whether I needed to install DNS on the 2003 server before or after installing AD or even at all as I was using the SBS 2003 DNS server.  

I got the two sites setup in the AD Sites tool and everthing seemed nice enough, but when I went to the event viewer on the SBS server I was getting errors & warnings on directory service event ID's 1311, 1312 and 1865.  They seem to state the server has problems contacting the 2003 server, strange, even though I was able to ping and access the server no problem.  What is more confusing is the the AD seems to be replicating the users between the 2 servers!!  

I hope somebody has some ideas, I would rather avoid promoting the 2003 server to a DC if possible, so if there is a workaround to my initial problem I would rather work with that, but failing that can someone tell me if I should be worried by the errors in the event log or can it be safely ignored (I get no error messages on the Server 2003)

Thanks in advance,

Question by:CoreSupport
LVL 11

Accepted Solution

cfairley earned 750 total points
ID: 12669042
I think part of you problem lies in having two sites and only one domain controller (DC).  For every site, you need to have a DC.  I would recommend it for your scenario.  The DC in Site A is trying to replicate to Site B and there is no DC there.  When you promote the other DC, you do not need to create another DNS server, it will use the DC in Site A.  In the future you may want to make it a DNS server.  

I'm still thinking about a workaround for you.

Expert Comment

ID: 12673320
I seem to remember seeing a setting in Group Policy (and Local Security Policy) on a server that essentially hinted that you could tell it to cache credentials in this scenario.

I've had a search round but can't find it again now I want it. Anyone else ever seen this?

Author Comment

ID: 12679880
I'm now leaning towards the idea of the 2 domain controllers on the same domain as you recommended instead of a nasty hack that could come back and bite me!!

I was eventually able to resolve my issues getting the two servers to replicate with out the errors appearing in the event log that I was previously getting by reading nearly every post on Experts exchange about AD replication!!

Turned out when I was running DCDIAG on my SBSServer I was getting an error about ISMSERV service was not running, I mistook the first letter of the service for an 'L' instead of an 'I' which through me off a bit!!

Once I got that service enabled (SBS 2003 must disable it by default?) I had to run


This fixed the errors I was getting with the KCCEVENT tests.  I also decided to install the DNS server on the 2nd DC as well, before doing DCPROMO.

I'm now going to revert back to the image of both test servers before I attempted to create the 2nd DC and see if I can do less stressfully this time!


Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question