Microsoft KB Archive/272348

From BetaArchive Wiki
Knowledge Base


PSS ID Number: 272348

Article Last Modified on 11/20/2003


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional


This article was previously published under Q272348

SYMPTOMS

Windows 2000-based host computers that are joined to a Microsoft Windows NT 4.0-based domain may always establish a secure channel with the primary domain controller (PDC).

CAUSE

This problem can occur because when a Windows 2000-based computer is joined to a domain, the join process caches the domain controller (DC) that was used to join the domain. When the computer restarts for the first time after it joins the domain, the computer reads the cached information from the registry, and then uses that DC to set up a secure channel. This is done to make sure that the computer is communicating with the DC that has the correct account information. However, this cached information is not removed unless Kerberos authentication is used. Because of this, a Windows 2000-based host always uses the cached information to establish a secure channel with the PDC.

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack


The English version of this fix should have the following file attributes or later:

   File Name      Size     Time   Date       Version         Platform
   ------------------------------------------------------------------
   Netlogon.dll   366,352  09:12  2/8/2001   5.0.2195.2865   i386
   Ntdsa.dll      910,608  09:12  2/8/2001   5.0.2195.2864   i386
   Samsrv.dll     362,256  09:12  2/8/2001   5.0.2195.2864   i386
   Instlsa5.dll   521,488  09:11  2/8/2001   5.0.2195.2867   i386
   Kdcsvc.dll     140,560  09:12  2/8/2001   5.0.2195.2862   i386
   Kerberos.dll   198,928  18:19  1/29/2001  5.0.2195.2862   i386
   Ksecdd.sys      69,456  19:15  1/26/2001  5.0.2195.2862   i386
   lsasvr.dll     503,568  09:12  2/8/2001   5.0.2195.2867   i386
   Lsass.exe       33,552  18:04  1/30/2001  5.0.2195.2867   i386
   Msv1_0.dll     108,816  18:19  1/29/2001  5.0.2195.2862   i386
   Netapi32.dll   311,056  09:12  2/8/2001   5.0.2195.2808   i386
   Adsldpc.dll    130,320  09:12  2/8/2001   5.0.2195.2842   i386
   Dnsapi.dll     133,904  09:12  2/8/2001   5.0.2195.2785   i386
   Dnsrslvr.dll    90,896  09:12  2/8/2001   5.0.2195.2778   i386



WORKAROUND

To work around this problem, note that if the Netlogon service is stopped on the PDC before the Windows 2000 host starts, the host attempts to authenticate with the PDC, and then attempts authentication with a backup domain controller (BDC). After this occurs, the computer uses expected behavior to find a DC for authentication rather than using the cached information.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 2.

MORE INFORMATION

For additional information about how to install Windows 2000 and Windows 2000 hotfixes at the same time, click the article number below to view the article in the Microsoft Knowledge Base:

249149 Installing Microsoft Windows 2000 and Windows 2000 Hotfixes


Keywords: kbbug kbenv kbfix kbnetwork kbWin2000PreSP2Fix KB272348
Technology: kbwin2000AdvServ kbwin2000AdvServSearch kbwin2000Pro kbwin2000ProSearch kbwin2000Search kbwin2000Serv kbwin2000ServSearch kbWinAdvServSearch



Send feedback to Microsoft

© 2004 Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/272348&oldid=149581
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki