I currently have a test setup and ran into an issue. I first started my test Domain with Server 2000 and then added Server 2003 as a second domain-- our domain was setup in the same way. I changed all the FSMO roles to Server 2003 and left the Schema role with server 2000. I first noticed i had an issue when I received access denied message whenever I would click on DC Group policy or Domain Group policy from the Server 2000 machine. I checked all permissions and everything was as it should be. Note that any policies made on the 2003 machine replicated to the 2000 DC with no problems.
So the next step was to verify if I can open shared drives on the Server 2003 DC which I couldn't. It gave me the message unknown user name or incorrect password-- I am logged in to 2000 DC as the domain administrator. I went ahead and joined an XP client machine to the domain. That machine could open any shares on both Domain controllers, the Server 2003 DC could also open shares on the 2000 DC and the client.
I read on the internet that digital signing settings may be the cause. However, I disabled all of them and even made them the same as what my actual Domain has everything set to but it still does not work-- I was using the secpol.mcs on the Server 2003.
Any suggestions on this one?