Announcement

Collapse
No announcement yet.

Cached credentials worked on W2K3 server but arn't working on new W2K8 R2 server

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cached credentials worked on W2K3 server but arn't working on new W2K8 R2 server

    Our office consists of 90+ machines that are joined to the "ABC" domain and about 20 that are joined to the "DEF" domain. The domains are not trusted and will not be. All the machines use servers on the "DEF" domain. User names and passwords are kept synchronized between the domains manually.

    Normally when a user logs into the "ABC" domain and tries to access a resource on a server in the "DEF" domain it checks the user name and password, which is identical, and allows access pretty much instantly. HOWEVER with W2K8 R2 this doesn't happen. A new W2K8 R2 server was added to the "DEF" domain and now when a user tries to browse a share they get a 30 - 40 second delay followed by a login prompt. If they type in "DEF\user" and their password it works fine and remembers the login for the remainder of the session (until logout or reboot). However with W2K3 it just worked without this additional prompt.

    Is there a way around this? Can I make W2K8 act like W2K3? I don't want my users to have to re-login a second time each morning.

    -Allan

  • #2
    Re: Cached credentials worked on W2K3 server but arn't working on new W2K8 R2 server

    Figured this out although it's not a great solution. If the member server of domain "DEF" is promoted to a AD GC then a user browsing resources who is logged into domain "ABC" can access the resources just fine.

    Yeah, you read that correctly. As long as the username and passwords on both domains match a user logged into domain "ABC" can access resources on a AD GC on domain "DEF" without having a login prompt but CANNOT access resources on a member server of "DEF".

    So in our situation we had a 2003 R2 AD GC that also did SQL and file sharing. We decided it would be best to split the roles and run three virtuals. But when a user accessed the new SQL or the new file server they got a login prompt. So to have a "seemless" system I had to promote the SQL and file servers up to AD GC's and everything works as before. I guess it's not horrible having 4 Ad GC's but still very odd. Not sure if this is a feature or a bug but hopefully it's never fixed as we use this to make it easier on our users.

    Comment


    • #3
      Re: Cached credentials worked on W2K3 server but arn't working on new W2K8 R2 server

      Thats normal pass-thru authentication, combined with a bad AD design.

      Whats the reason of syncing acounts between domains versus trusts?

      Comment

      Working...
      X