Solved

Win2k8-R2  Allow Cryptography algorithms compatible witn NT 4.0

Posted on 2013-05-22
6
751 Views
Last Modified: 2013-05-24
I have 2 DC's in my environment.
They are both Win2k3-R2
Both Domain & Forest Functional level are at 2003.

I  will like to bring up a Win2k8-R2 DC in my environment as well.

As soon as I start DCpromo I get a prompt that states that installing AD on this DC will prevent NT4.0 clients to log in because of a Cryptography algorithm.

I don't have any NT 4.0 servers in my domain.
I do have XP clients in my domain.

Does this mean that my XP clients will not be able to authenticate to the domain because I'm adding this Domain controller ?

Do I have to install this XP update on all of my XP clients prior to installing this server.
http://www.microsoft.com/en-us/download/details.aspx?id=7707

Please advise.
0
Comment
Question by:HelpMe01
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 

Author Comment

by:HelpMe01
ID: 39191021
When I upgrade my Domain & forest functional level (to Win2k8). Will my XP machines be able to log in ?
0
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 500 total points
ID: 39192121
NT 4.0 clients would be equivalent to Windows 95-98.
Windows XP would be a Windows Server 2003 era client.  

The update you pointed to was a Read Only Domain Controller (RODC) issue, which would would only need to be installed on the XP clients before you add your first RODC.  Upgrading the domain and functional level to 2008 won't prevent your XP clients from logging in.
0
 
LVL 30

Expert Comment

by:Rich Weissler
ID: 39192167
More information can be found here: http://support.microsoft.com/kb/942564
And that article does also have a 'more information' section that spells out a different (but similar) problem that CAN affect 2000 and XP clients... but that shouldn't manifest just from the NT 4.0 compatible cryptography change that comes with the functional level upgrade.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 63

Expert Comment

by:btan
ID: 39193119
The NT 4.0 sysetm can still join the 2008/2008 R2 domain as a member and authenticate.  But do note the link shared Razmus which spell out the criteria and workaround where applicable
0
 
LVL 63

Expert Comment

by:btan
ID: 39193127
Another link for info....in short not  really advisable and do consider upgrade old clients
http://technet.microsoft.com/en-us/library/cc731654.aspx
0
 

Author Closing Comment

by:HelpMe01
ID: 39194099
Amazingly quick response.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question