Server 2012 in 2003 Domain Functional Level with 2000 clients
Hi guys,
We have a Domain with 2000, XP and 7 clients in at the minute, domain functional level is 2003. We introduced 2 2012 R2 DC's the other week and started to get KDC Errors in the event log (guessing these are from 2000 clients).
Do any of you guys have experience with 2000 clients talking to a 2012 Server even though Domain Functional Level is 2003?
Do we need to enable DES on the domain accounts?
Thanks a lot :)
We have a Domain with 2000, XP and 7 clients in at the minute, domain functional level is 2003. We introduced 2 2012 R2 DC's the other week and started to get KDC Errors in the event log (guessing these are from 2000 clients).
Do any of you guys have experience with 2000 clients talking to a 2012 Server even though Domain Functional Level is 2003?
Do we need to enable DES on the domain accounts?
Thanks a lot :)
ASKER
Hi there, yep the domain functional level is 2003 but we have 2012 R2 Domain controllers joined. But Just need to know are there any issues with 2000 clients talking to it? Thanks
Yes, in my scenario I can add workstation with W2k OS to domain but when I try log to domain (DC with W2k12 R2 OS) i get error "The trust relationship between this workstation and the primary domain failed".
Read this: https://technet.microsoft.com/en-us/library/hh994618.aspx - part: Windows client and Windows Server operating systems that are supported to join Windows Server domains
Read this: https://technet.microsoft.com/en-us/library/hh994618.aspx - part: Windows client and Windows Server operating systems that are supported to join Windows Server domains
ASKER
Hi there, i've seen a page that mentions the trust relationship. Thats only if your functional level is 2012. Ours is 2003,
Active Directory Functional Levels have no affect on domain-joined workstations or member servers, they only dictate which version of Windows Server you can run as DCs. Source can be found here (first paragraph): https://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(v=ws.10).aspx
What are the KDC errors saying specifically? Can you please post one of these error messages so we can investigate (remember to blank out any sensitive information)?
What are the KDC errors saying specifically? Can you please post one of these error messages so we can investigate (remember to blank out any sensitive information)?
ASKER
Hi there, sample error taken from the domain controller.
While processing a TGS request for the target server krbtgt/DOMAIN.LOCAL, the account COMPA@DOMAIN.LOCAL did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 8). The requested etypes were 18. The accounts available etypes were 23 -133 -128 3 1.
While processing a TGS request for the target server krbtgt/DOMAIN.LOCAL, the account COMPA@DOMAIN.LOCAL did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 8). The requested etypes were 18. The accounts available etypes were 23 -133 -128 3 1.
ASKER
From what I had seen we need to enable DES on the domain accounts, just wanted to check if anyone had any experience with this?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Can you do that at a global level do you know? Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thats superb thank you so much for your help! :)
No worries, always happy to help!
The following Windows client and Windows Server operating systems are supported for domain member computers with domain controllers that run Windows Server 2012:
Client operating systems: Windows 8, Windows 7, Windows Vista, Windows XP
Computers that run Windows 8 are also able to join domains that have domain controllers that run earlier version of Windows Server, including Windows Server 2003 or later. In this case however, some Windows 8 features may require additional configuration or may not be available. For more information about those features and other recommendations for managing Windows 8 clients in downlevel domains, see Running Windows 8 member computers in Windows Server 2003 domains.
Server operating systems: Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003 R2, Windows Server 2003