First 2008 DC kills logins!
I've just put in my first 2008 server into my 2003 DC domain and promoted it to a DC. (After all of the forestprep etc) and all seemed to go ok.
A day or so later we notice various random XP machines fail to login, hanging at a blank blue desktop (the same colour as the one we use in the group policy). You can still logoff using CTRL+ALT+DEL to get the dialogue though.
Also, we also have a batch of Windows 7 machines, most of these hang at the 'Preparing your desktop' stage, before staying at a blank black desktop (you can still logoff as above though)
This is only happening for Staff and Student users, i.e not admins like me so I thought it might be our software restriction policies. We use whitelists and all DCs are listed in there (i.e \\server\sysvol and \\server\netlogon are Allowed. Also allowed is \\domain.name\sysvol and \\domain.name\netlogon)
It seems to hit the Windows 7 machines a lot more, presumably because they will 'favour' the 2008 DC over the 2003 DCs (1 2008, 4 2003)
Nothing shows in the logs of the failing machines (the last message is that folder redirection was successful) so its tricky to work out whats going wrong. It has to be something to do with the new 2008 DC, because as soon as I demoted it, the logins all started to work ok (Windows 7 and XP clients)
Anyone any ideas? Is there another path I need to whitelist for 2008 DCs?