Saturday, September 06, 2014

Kerberos Authentication issue with Mixed Windows Server 2003 and Windows Server 2012 R2 Domain Controllers!!!

Windows Server 2003 is reaching its end of life soon which is a renowned topic, Most of the Organizations already started to prepare for the migration and there a plenty of resources, guideline and support published by Microsoft team to assist this migration. On the other hand its still not so easy to remove these Legacy servers from the environment if we still have some dependencies and most of the major Organization falls in to this category and to make things worse we have a new issue reported recently by multiple customers globally, which made a lot of environments who are already on their migration roadmap to get impacted and few to stop this migration, eventually caused when they have a mixture of Windows Server 2003 and 2012 R2 domain controllers co-exist in the environment.


When you have a mixture of Windows Server 2003 and Windows Server 2012 R2 Domain controllers in the environment serving the same domain causes Kerberos authentication to fail intermittently and users are unable to log on to the domain and it becomes bit difficult for the admins to troubleshoot as this issue occurs intermittently. Finally the bug was reported to Microsoft team and a fix was made available recently to address this issue.

Microsoft Active Directory team published a detailed information on the cause and workaround in their blog initially to update the Organizations on this new issue and to assist the Administrators who come across this issue in their environment and now its updated with the hotfix information. Reviewing this below post will provide you more insight on the issue.

Access the Blog post here: It turns out that weird things can happen when you mix Windows Server 2003 and Windows Server 2012 R2 domain controllers

Access the Hotfix here: Can't log on after changing machine account password in mixed Windows Server 2012 R2 and Windows Server 2003 environment

I am writing this post a bit late and this now become an known issue and reached the community, thought of updating this in my blog so that readers who reach here and new to this issue will get to know on this and utilize the available resources to take necessary action.

No comments:

Post a comment