Very odd problem. XP clients are unable to logon to the domain "domain not available". I found the problem to be with XP's default policy "Domain member: Digitally encrypt or sign secure channel data (always)is set to enabled. NT by default is set to disable but you can add the RequireSignOrSeal registry key and set it to one to enable this but that would cause a problem with 9x and 2k machines. Here is the odd thing. I can add that key to the PDC but not to any BDC because when I restart the netlogon service on a bdc I get an access denied. I set the PDC back to default 0 then XP computers cant logon unless I stop the the netlogon service on the PDC forcing clients to use a BDC which then have no problem authenticating the clients. odd. If I disable the policy on the XP clients then they authenticate no problem. How can the BDC authenicate the XP cleints but the PDC cant even though neither requires sign or seal? ...any ideas??
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
XP - NT logon
- Thread starter gl3n2k3
- Start date
supercoups
MIS
I had a similar problem. My XP clients could authenticate on my BDC but not my PDC. Turned out that the BDC was at SP6 and the PDC was only at SP3. You need to have a NT server at SP6 for a XP workstation to be able to authenticate.
- Status
Similar threads
- Locked
- Question