Solved

After Migration to Windows 2008 R2

Posted on 2011-09-29
4
475 Views
Last Modified: 2012-05-12
My environment: 1 2008 R2 DC and 2 2003 DCs

After adding the Windows 2008 R2 Server, I started receiving in  my  2003 DCs, system Event Log

Event ID
Source KDC, ID 27
Talking about TGS and Kerberos

In the 2008 DC I do not receive this error

Any idea ?
0
Comment
Question by:gadsad
4 Comments
 
LVL 6

Expert Comment

by:Reubenwelsh
ID: 36890079
Hi,

Check this out, it could be a log that you get if DES for Kerberos is disabled:

http://support.microsoft.com/kb/977321
0
 
LVL 10

Expert Comment

by:ienaxxx
ID: 36890081
Did you execute the ADREP /FORESTPREP and ADPREP /DOMAINPREP on your 2003 DC Schema master role owner, before promoting the new 2008 DC?

0
 
LVL 1

Accepted Solution

by:
archmuk earned 500 total points
ID: 36890207
This happens when a new Windows Server 2008 joins a Windows 2003 domain.
 
Actually, the Windows Server 2008 member server is sending a TGS request using  the encryption
type of 18 (AES). Windows Server 2003 does not support this  encryption type for Kerberos.
The Event ID 27  error that is being logged on the Windows Server 2003 domain
controller can  safely be ignored as it is by design.
The domain controller is just informing the client what encryption types it supports. The Windows Server  2008 servers are then falling back to one of the supported encryption types.
Some additional info is available at
http://technet.microsoft.com/en-us/library/cc733974(WS.10).aspx
0
 

Author Closing Comment

by:gadsad
ID: 36905525
thznk you
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now