On Wed, 1 Oct 2014, Ben H wrote:
I honestly believe that this is more of a bug/design problem in AD. When
the 2008 DC forwards the client request to the 2003 DC, it doesn't
negotiate a separate exchange to include enctypes or new keys - it simply
sends the client packet onto the DC only
On Tue, 30 Sep 2014, Ben H wrote:
Just discovered an issue in an environment with mixed Win 2003 and 2008 R2
servers that I'm surprised I haven't seen before, nor can find much of
anybody reporting it previously.
I would expect that people are trying to migrate off of Win 2003, since it
goes
Thanks Ben,
I don't know if its fair to label this is a misconfigured realm
scenario. That being said, there are certainly ways around this - at leas
one of which you mentioned:
1) Migrate off 2003 entirely
2) Move your PDC role (and all FSMO roles) onto your 2008+ servers. This I
believe is