OK, have a client whos LOB application keeps faling, locking, loads of errors etc etc.
The log for this app on the database server (Pervasive 2000i) basically says that database files could not be opened because an Invalid Security token was received. This seems to happen randomly.
The default domain security policy reads;
Enforce user logon restrictions - Disabled
Max lifetime for service ticket - 0
Max lifetime for user ticket - 0
Max lifetime for user ticket renewal - Not Defined
Max tolerance for clock sync - 5mins.
The databse server is a member server (windows 2003sp1)
There are 2 2003 DCs again 2003 sp1.
There is also another DC listed in the Domain controllers OU that does not seem to actually exist anymore and so the directory service event log is filled with errors about not being able to replicate to that DC.
So do I need to adjust the above security settings to the default settings? Or am I not seeing the true picture of whats going on becuase of this missing DC and in that case should I clean up the AD metadata first before changing anything else?
The IT guy at my client can't tell me why the above settings are like this either. He hasn't changed them apparently.
Domain and forest levels are 2000 mixed.
Thanks
All you need in this life is ignorance and confidence; then success is sure.
- Mark Twain
The log for this app on the database server (Pervasive 2000i) basically says that database files could not be opened because an Invalid Security token was received. This seems to happen randomly.
The default domain security policy reads;
Enforce user logon restrictions - Disabled
Max lifetime for service ticket - 0
Max lifetime for user ticket - 0
Max lifetime for user ticket renewal - Not Defined
Max tolerance for clock sync - 5mins.
The databse server is a member server (windows 2003sp1)
There are 2 2003 DCs again 2003 sp1.
There is also another DC listed in the Domain controllers OU that does not seem to actually exist anymore and so the directory service event log is filled with errors about not being able to replicate to that DC.
So do I need to adjust the above security settings to the default settings? Or am I not seeing the true picture of whats going on becuase of this missing DC and in that case should I clean up the AD metadata first before changing anything else?
The IT guy at my client can't tell me why the above settings are like this either. He hasn't changed them apparently.
Domain and forest levels are 2000 mixed.
Thanks
All you need in this life is ignorance and confidence; then success is sure.
- Mark Twain