Win2k8-R2 Allow Cryptography algorithms compatible witn NT 4.0

I have 2 DC's in my environment.
They are both Win2k3-R2
Both Domain & Forest Functional level are at 2003.

I  will like to bring up a Win2k8-R2 DC in my environment as well.

As soon as I start DCpromo I get a prompt that states that installing AD on this DC will prevent NT4.0 clients to log in because of a Cryptography algorithm.

I don't have any NT 4.0 servers in my domain.
I do have XP clients in my domain.

Does this mean that my XP clients will not be able to authenticate to the domain because I'm adding this Domain controller ?

Do I have to install this XP update on all of my XP clients prior to installing this server.
http://www.microsoft.com/en-us/download/details.aspx?id=7707

Please advise.
HelpMe01Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Rich WeisslerConnect With a Mentor Professional Troublemaker^h^h^h^h^hshooterCommented:
NT 4.0 clients would be equivalent to Windows 95-98.
Windows XP would be a Windows Server 2003 era client.  

The update you pointed to was a Read Only Domain Controller (RODC) issue, which would would only need to be installed on the XP clients before you add your first RODC.  Upgrading the domain and functional level to 2008 won't prevent your XP clients from logging in.
0
 
HelpMe01Author Commented:
When I upgrade my Domain & forest functional level (to Win2k8). Will my XP machines be able to log in ?
0
 
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
More information can be found here: http://support.microsoft.com/kb/942564
And that article does also have a 'more information' section that spells out a different (but similar) problem that CAN affect 2000 and XP clients... but that shouldn't manifest just from the NT 4.0 compatible cryptography change that comes with the functional level upgrade.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
btanExec ConsultantCommented:
The NT 4.0 sysetm can still join the 2008/2008 R2 domain as a member and authenticate.  But do note the link shared Razmus which spell out the criteria and workaround where applicable
0
 
btanExec ConsultantCommented:
Another link for info....in short not  really advisable and do consider upgrade old clients
http://technet.microsoft.com/en-us/library/cc731654.aspx
0
 
HelpMe01Author Commented:
Amazingly quick response.
0
All Courses

From novice to tech pro — start learning today.