Guest
|
 Posted: Wed Apr 19, 2006 5:17 pm Post subject: Server 2003 issues after SP1 with a 2000 DC |
 |
|
Hi List,
This is the answer to a problem not a question.
It took me a day to work this out after some intense googling and
searching of Microsoft KB. So I decided for the benefit of everyone I
would share my knowledge.
The scenario is:
Windows 2000 SBS domain controller
Windows 2003 Member Server
Apply SP1 to 2003 server, networking dies, unable to connect to domain,
Event ID 10016 DCOM / COM+ objects failing to start.
In simple terms, SP1 changes the way some of the security is handled
around loading these COM objects. This is "Impersonate a client".
If you 2003 server is already on, or you join a 2000 domain it will
recieve a 2000 domain group policy. The "Impersonate a client" rights
set in this policy are not sufficient to allow the 2003 server COM
objects to start.
To fix the problem, you will need to uninstall SP1 or remove the 2003
member server from the domain and reboot.
Your networking etc should be returned to normal.
Edit the default domain policy on the DC (access to this through
Administrative Tools / Active Directory users and computers).
Drill down to:
Computer configuration / Windows Settings / Local Policies / User
Rights Assignments / Impersonate a client after authentication
Add the following : Service IIS_WPG ASPNET Administrators and
Administrator
When done you can close the policy editor.
On your 2003 member server you can now rejoin the domain, or reapply
SP1. It will take a couple of reboots before you have the policy and
it is installed.
Apparently MS are aware of this little feature be don't publicly share
it.
As I say, it took me a day of scouring the net to work this out, if I
used some of your ideas or posts thank you!
I hope this is helpful to you.
Chris |
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Private messages
Log in
