RE: [ActiveDir] Kerberos is Killing Me!

[Akomolafe, Deji]

I believe I recommended this early on in the thread. Sometimes, it's easier 
(wiser) to not fight the fire. Demote, clean it out of AD/DNS/Sites. If you 
have the luxury, wipe and reinstall the box, otherwise, just do a rename of the 
box. Renaming it is strongly recommended unless you have scripts and 
applications into which you have hard-coded the name.

Sincerely, 
  _____                                
 (, /  |  /)               /)     /)   
   /---| (/_  ______   ___// _   //  _ 
) /    |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/                             /)      
                              (/       
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? 
-anon



From: hboogz
Sent: Thu 11/16/2006 7:35 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Kerberos is Killing Me!


AD sites.

3 one including the DR-site.

regarding the question about demoting then promoting...if i have to go that 
route, should i keep the same server name ?


On 11/16/06, Laura A. Robinson <[EMAIL PROTECTED]> wrote: 
I apologize if I keep asking questions you've already answered, but how many sites are involved here?

Of course, by the time this hits the list, any replication that hasn't yet 
occurred probably will have. :-)

Laura




From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of hboogz
Sent: Thursday, November 16, 2006 5:49 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Kerberos is Killing Me!


**Update***

i changed the user account control attribute using the following direction:

Did you follow: 
When using adsiedit: 
* Connect to the domain NC 
* Navigate to the Domain Controllers OU 
* Right click on the DC for which you want to change the 
UserAccountControl value and select properties 
* Goto the UserAccountControl attribute 
* You should see a value (from what you have described): 536576 
* Change that value to: 532480 

i teh followed the instructions found here: Re: access denied

http://technet2.microsoft.com/WindowsServer/en/library/22764cb5-9860-4f8f-95e7-337df24edf741033.mspx?mfr=true

i did this from the phmaindc1 server 

net stop kdc

clear ticket cache

reset machine pawd 

open sites and services and forced replication with phprint -- which succeced

opened replmon and synchronized with phprint1.

net start kdc

ran: repadmin /showreps.

replication to phprint1 came up as succesfull 

however, i still get an error to the child domain indicating access denied.

should i wait for AD replication for this to work ?




--
No virus found in this outgoing message.
Checked by AVG Free Edition.





--
HBooGz:\>