none
Windows AD 2003 and 2012 R2 is not compatible RRS feed

  • Question

  • I have problem with active directory when I joined to existing 2003 domain windows server 2012 R2 with AD role. Looks like new feature of windows server 2012 R2 is not compatible with old server. I already applied this KB:

    http://support.microsoft.com/kb/978055

    http://support.microsoft.com/kb/2976994

    without success.

    Problems is: sometime, for random users, they unable to unlock their computer. Windows tell user: Error: The security database on the server does not have a computer account for this workstation trust relationship.

    Do not need to reset computer password, only need to reboot this computer and it start working as it was...

    I need help :)

    Tuesday, March 24, 2015 8:01 AM

Answers

  • Try to configure this policy:

    https://technet.microsoft.com/en-us/library/jj852275.aspx?f=255&MSPPError=-2147217396

    From Vista fallback to NTLM is disabled for computer authentication, so check the SPN as well

    https://virtualcurtis.wordpress.com/2011/03/02/fix-the-security-database-on-the-server-does-not-have-a-computer-account-for-this-workstation-trust-relationship/

    It's aslo worth to read this even if it's not your scenario: http://support.microsoft.com/en-us/kb/2008039


    You wouldn't demand your Doctor a therapy just because you told him "I don't feel very well"
    You wouldn't expect your accountant to know how much your taxes are just because you told him "I have earned some money"
    Do not expect any IT Pro to suggest you a solution just because you said "It doesn't work"

    Friday, March 27, 2015 3:25 PM

All replies

  • > Windows tell user: Error: The security database on the server does not
    > have a computer account for this workstation trust relationship.
     
    What OS are your clients running?
     

    Greetings/Grüße, Martin

    Mal ein gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me - coke bottle design refreshment (-:
    Tuesday, March 24, 2015 8:51 AM
  • Windows 7
    Tuesday, March 24, 2015 9:14 AM
  • That seems to be describing your issue: http://blogs.technet.com/b/askds/archive/2014/07/23/it-turns-out-that-weird-things-can-happen-when-you-mix-windows-server-2003-and-windows-server-2012-r2-domain-controllers.aspx

    Try the recommended KB.

    Also, make sure that your DCs and AD replication are in healthy state using dcdiag and repadmin commands.


    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Tuesday, March 24, 2015 9:53 AM
  • KB2989971 not fixed an issues. Maybe will be more suggestions?

    Friday, March 27, 2015 3:05 PM
  • Try to configure this policy:

    https://technet.microsoft.com/en-us/library/jj852275.aspx?f=255&MSPPError=-2147217396

    From Vista fallback to NTLM is disabled for computer authentication, so check the SPN as well

    https://virtualcurtis.wordpress.com/2011/03/02/fix-the-security-database-on-the-server-does-not-have-a-computer-account-for-this-workstation-trust-relationship/

    It's aslo worth to read this even if it's not your scenario: http://support.microsoft.com/en-us/kb/2008039


    You wouldn't demand your Doctor a therapy just because you told him "I don't feel very well"
    You wouldn't expect your accountant to know how much your taxes are just because you told him "I have earned some money"
    Do not expect any IT Pro to suggest you a solution just because you said "It doesn't work"

    Friday, March 27, 2015 3:25 PM
  • I tried all solutions but they not made any sense. I know that the problem not related with machine password, because I increase password time and I didn't find any sense.
    Thursday, April 16, 2015 6:33 AM
  • try to set LmCompatibilityLevel to 2

    https://technet.microsoft.com/en-us/library/cc960646.aspx


    This post is provided AS IS with no warranties or guarantees, and confers no rights.
    ~~~
    Questo post non fornisce garanzie e non conferisce diritti

    Thursday, April 16, 2015 8:40 AM
  • try to set LmCompatibilityLevel to 2

    https://technet.microsoft.com/en-us/library/cc960646.aspx


    This post is provided AS IS with no warranties or guarantees, and confers no rights.
    ~~~
    Questo post non fornisce garanzie e non conferisce diritti


    We have windows server 2003 r2 sp2, how it can help me?
    Tuesday, April 28, 2015 3:01 PM
  • it applies to 2k3 as well

    This post is provided AS IS with no warranties or guarantees, and confers no rights.
    ~~~
    Questo post non fornisce garanzie e non conferisce diritti

    Tuesday, April 28, 2015 3:03 PM
  • I found that problem with encryption and found fix for this problem:

    https://support.microsoft.com/en-us/kb/948963

    But this this fix for Windows Server 2003, in my environment Windows Server is 2003 R2, maybe someone can help me in this case?

    Monday, June 22, 2015 10:11 AM
  • That is included in 2003 R2.

    I found this, you might want to try it



    This post is provided AS IS with no warranties or guarantees, and confers no rights.
    ~~~
    Questo post non fornisce garanzie e non conferisce diritti

    Monday, June 22, 2015 10:21 AM
  • That is included in 2003 R2.

    I found this, you might want to try it



    This post is provided AS IS with no warranties or guarantees, and confers no rights.
    ~~~
    Questo post non fornisce garanzie e non conferisce diritti

    This update already installed in our server 2012 R2.
    Monday, June 22, 2015 11:36 AM
  • When users unable to log on to computer in server 2003 event logs I see eventid 675:

    Service Name: krbtgt/domain

    Pre-Authentication Type: 0x0

    Failure Code: 0x19

    Monday, June 22, 2015 11:41 AM
  • Did you try to change the default encryption type on the clients?

    Changes in default encryption type for Kerberos pre-authentication


    This post is provided AS IS with no warranties or guarantees, and confers no rights.
    ~~~
    Questo post non fornisce garanzie e non conferisce diritti

    Monday, June 22, 2015 12:00 PM
  • I'm hoping to find solution without downgrade security, but thanks it will be plan B if I can't find plan A. :)
    • Edited by AGNLD Monday, June 22, 2015 3:07 PM
    Monday, June 22, 2015 3:07 PM