Invalid security token

[pagy]

OK, have a client whos LOB application keeps faling, locking, loads of errors etc etc.

The log for this app on the database server (Pervasive 2000i) basically says that database files could not be opened because an Invalid Security token was received. This seems to happen randomly.

The default domain security policy reads;
Enforce user logon restrictions - Disabled
Max lifetime for service ticket - 0
Max lifetime for user ticket - 0
Max lifetime for user ticket renewal - Not Defined
Max tolerance for clock sync - 5mins.

The databse server is a member server (windows 2003sp1)
There are 2 2003 DCs again 2003 sp1.
There is also another DC listed in the Domain controllers OU that does not seem to actually exist anymore and so the directory service event log is filled with errors about not being able to replicate to that DC.

So do I need to adjust the above security settings to the default settings? Or am I not seeing the true picture of whats going on becuase of this missing DC and in that case should I clean up the AD metadata first before changing anything else?


The IT guy at my client can't tell me why the above settings are like this either. He hasn't changed them apparently.

Domain and forest levels are 2000 mixed.

Thanks





All you need in this life is ignorance and confidence; then success is sure.
- Mark Twain

 

[pagy]

OK, I've changed the domain security policy back to the defaults.

As for the missing DC ,this is what they have done;
They had a DC, lets call it DC3.
They then wiped 2003 off of DC3 without using dcpromo to demote it first.
Then they re-installed 2003, called it a different name and it is now a member server.

In a situation like this can I just clean up the AD metadata?


All you need in this life is ignorance and confidence; then success is sure.
- Mark Twain