Announcement

Collapse
No announcement yet.

2008 R2 Member Server on a 2000 domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • 2008 R2 Member Server on a 2000 domain

    I have a Win 2000 PDC and I am trying to set up my first Win 2008 R2 member server on this domain. The domain does include Win 2003 servers as well. I was able to successfully install 2008 R2 on the server and rename the computer, but when I try to join the domain, I get the message:

    Changing the Primary Domain DNS Name of this computer to "" failed. The name will remain "mydomain.something.net". The error was: There are no more endpoints available from the endpoint mapper.

    If I try to sign on with my domain account, I get the message:

    The security database on the server does not have a computer account for this workstation trust relationship.

    Your assistance will be very much appreciated!
    Last edited by DiverSteve; 20th January 2010, 22:31.

  • #2
    Re: 2008 R2 Member Server on a 2000 domain

    I could be that you have a mismatch in LAN authentication level. You can check this in the local security policies on the member server or on the default domain controllers policy.

    This is an exerpt from that policy

    Network security: LAN Manager authentication level
    This security setting determines which challenge/response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers as follows:
    Send LM & NTLM responses: Clients use LM and NTLM authentication and never use NTLMv2 session security; domain controllers accept LM, NTLM, and NTLMv2 authentication.
    Send LM & NTLM - use NTLMv2 session security if negotiated: Clients use LM and NTLM authentication and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
    Send NTLM response only: Clients use NTLM authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
    Send NTLMv2 response only: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
    Send NTLMv2 response only\refuse LM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM (accept only NTLM and NTLMv2 authentication).
    Send NTLMv2 response only\refuse LM & NTLM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM and NTLM (accept only NTLMv2 authentication).

    Important
    This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP Professional, and the Windows Server 2003 family to communicate with computers running Windows NT 4.0 and earlier over the network. For example, at the time of this writing, computers running Windows NT 4.0 SP4 and earlier did not support NTLMv2. Computers running Windows 95 and Windows 98 did not support NTLM.

    Default:
    Windows 2000 and windows XP: send LM & NTLM responses
    Windows Server 2003: Send NTLM response only
    Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send NTLMv2 response only

    Comment


    • #3
      Re: 2008 R2 Member Server on a 2000 domain

      The answer turned out to be that I had to enter the FQDN when adding the computer to the domain instead of just the shortened version.

      Thanks for your help.

      Comment


      • #4
        Re: 2008 R2 Member Server on a 2000 domain

        Thanks for posting back with the solution to your problem Steve. It is greatly appreciated.
        1 1 was a racehorse.
        2 2 was 1 2.
        1 1 1 1 race 1 day,
        2 2 1 1 2

        Comment

        Working...
        X