+ Post New Thread
Results 1 to 7 of 7
Windows Server 2000/2003 Thread, Windows Server 2000 - Impersonate User Problem in Technical; Hi all, My first post on the EduGeek forums so firstly hello Now onto the problem we are having... :twisted: ...
  1. #1

    Join Date
    Mar 2007
    Posts
    5
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Windows Server 2000 - Impersonate User Problem

    Hi all,

    My first post on the EduGeek forums so firstly hello
    Now onto the problem we are having... :twisted:

    We currently have 2x RM DC's running Windows 2000 Server and CC3, in a totally seperate domain we have several DC's running Windows Server 2003.
    I'm currently in the process of trying to use the Active Directory Migration Tool from MS to migrate users from CC3 to our other domain, but the RM servers dont' want to play ball.
    I am receiving "access denied" messages when trying to get anything outside of the RM domain, I can however come in from our other domain onto the RM servers..
    I'm logged onto one of the CC3 servers with and identical username with and identical password to a user on the other domain, in both domains the user is part of Domain Admins, Local Admins, etc..
    Going TO the RM domain from the other one silently lets me into the Admin C$ share on the RM Servers, going OUT of the RM servers to one of the servers on the other domain prompts me with the username / password dialog, but even when trying username & password, domain\username & password, username@domain & password... none of them let me in. :?

    Each domain has its own DNS with the opposing domain setup as a secondary Forward lookup zone, I can ping sucessfully from all sides to the domain and the servers FQDN.
    Times on all servers are synced, DCDiag shows good on both domains..

    Anyone have any ideas on why this won't work.. do RM tweak any settings to not let me impersonate a user from a different domain ?

    Any help appreciated before the sledge hammer comes out :twisted:

  2. #2

    Join Date
    Mar 2007
    Posts
    5
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Windows Server 2000 - Impersonate User Problem

    Ok I've managed to sort this problem out now.
    For anyone that's interested it was due to Windows Server 2003 having the "Microsoft Network Server: Digitally Sign Communications (always)" policy set to Enabled.
    As the CC3 network didn't comply with this setting they didn't want to chat to each other - once the Policy is disabled I can browse the other domain without any problems.
    Well there goes about 10 hours of my life wasted figuring that one out!

  3. #3

    bossman's Avatar
    Join Date
    Nov 2005
    Location
    England
    Posts
    3,964
    Thank Post
    1,209
    Thanked 1,074 Times in 765 Posts
    Rep Power
    332

    Re: Windows Server 2000 - Impersonate User Problem

    welcome to our world Swifty and keep up the good work. BTW why are you migrating form CC3 just out of curiosity?

  4. #4

    Join Date
    Mar 2007
    Posts
    5
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Windows Server 2000 - Impersonate User Problem

    Hmmm where to start...

    Well its; Slow, Unreliable, Inflexible, expensive.. to name just a few

    We are currently migrating to a single domain for better managbility and consistency, the use of RM's little applications makes our machine crawl (and they aren't low spec.) For example if I take a look at the package list for a machine I can see;

    RM AppACLTool
    RM AppAgent
    RM AutoExNt
    RM CD Burning Helper
    RM Default Logon Settings_1_0
    RM Default Profile
    RM Desktop Agent
    RM Desktop Components
    RM Explorer
    RM Explorer Agent Quiet
    RM Explorer Schemes
    RM Font Controller
    RM Gatekeeper
    RM IDChecker
    RM KeepList_1_5
    RM Location Chooser
    RM Location Services
    RM Logoff
    RM Logon Provider
    RM LogSrv
    RM Offline
    RM Outlook Profile Setup
    RM Policy Merger
    RM Printer Credits Client Service
    RM Printer Credits Framework
    RM Printer Wrapper Service
    RM Privileged User Policy
    RM Privileged User Service
    RM Reglock
    RM Station Manager
    RM Station Rebuild BuildManager Resources
    RM Status Reporter
    RM StnDeliv
    RM User Help
    RM Volume Control
    RM Web Launch
    RM Work Connector

    Phew... can you say BLOAT !

    All of that junk and half of it doesn't work! The management console decides it won't load on even days of the week and when it does it takes 5 minutes to change a password.
    Printers dont allocate correctly and some decide they like a user so much they will follow them around the school.

    I think i've said enough

  5. #5

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,413
    Thank Post
    642
    Thanked 964 Times in 664 Posts
    Blog Entries
    2
    Rep Power
    327

    Re: Windows Server 2000 - Impersonate User Problem

    It's unfortunate you have the problems you do. We have a fully-functioning CC3 network that does exactly what we want, and we only paid for the original servers and the connect licenses thereafter, not really all that expensive. Have you thought about getting one of their engineers in to sort it out?

    The benefits we currently receive with CC3 (for us) far outweigh the costs and mountain of problems associated with a new vanilla network.

  6. #6

    Join Date
    Mar 2007
    Posts
    5
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Windows Server 2000 - Impersonate User Problem

    Sounds like your one of the lucky few, others I've spoken to also have similar problems with CC3. To be honest we're too far down the road now to consider staying with them, consider you spend a few grand a year (I think it was 4) on a support contract and one of the disks in your server fails.. ok no biggy just phone up support and get it replaced... WRONG!
    It took RM 3 WEEKS! to finally sort the server out, first they brought the wrong disks with them (one of their own servers!) attempt two, wrong disks AGAIN!... third time lucky ? NOPE.. the right disks this time but they can't get the data restored, so they give up and book a 'top dog' engineer to come back.
    Fourth visit... manage to get data restored but in the process of fitting the disks leaves DVD drive in server unplugged.
    Visit number 5.. to repair the DVD drive they broke..

    We have reported numerous issues we see on the network and they very rarely come back with a solution, to be honest the support (for the price we pay) is appauling, so for us the best solution is to move all students to the existing domain and lock them down with group policy etc..

  7. #7

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,413
    Thank Post
    642
    Thanked 964 Times in 664 Posts
    Blog Entries
    2
    Rep Power
    327

    Re: Windows Server 2000 - Impersonate User Problem

    Ah right... sorry to hear about those issues, it's very disappointing. I guess we are one of the lucky ones in that case.

SHARE:
+ Post New Thread

Similar Threads

  1. RIS Problem - XP on 2000 server
    By Pear in forum Windows
    Replies: 35
    Last Post: 6th May 2007, 02:36 AM
  2. What am I meant to do?! (Windows 98 user problem)
    By SteveB_NI in forum General Chat
    Replies: 10
    Last Post: 2nd May 2007, 08:14 AM
  3. Windows 2000 server & software deployment
    By iSteve in forum How do you do....it?
    Replies: 5
    Last Post: 18th April 2007, 08:25 AM
  4. Replies: 13
    Last Post: 13th September 2006, 07:42 AM
  5. Replies: 13
    Last Post: 7th November 2005, 10:05 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •