Windows 7/2008 Kerberos Default Encryption and Windows 2003/2000

Reading Time: 2 minutes With the latest o/s release Microsoft modified the default encryption method from RC4 to AES when first attempt to commenicate with a Ticket Granting Ticket Service Request.  As long as the client whether it be Windows 7 or Windows 2008, communicates with a Windows 2008 R2 Domain Controller (DC) everything is all good.  However if the client … Continue reading "Windows 7/2008 Kerberos Default Encryption and Windows 2003/2000"

Invalid service type: RpcSs when running DCDIAG

Reading Time: < 1 minute After recently bringing up a RODC in my default site, all my 2003 RWDC's in all my sites flipped to a single process which is not a good thing for DC's.  I can't be absolutely certain this was the cause but the errors occured on the same day of the RODC promotion. The erorr in … Continue reading "Invalid service type: RpcSs when running DCDIAG"

RODC – Password Replication Policy and Password Cache Management

Reading Time: 4 minutes With the advent of Read Only Domain Controllers (RODC) remote offices no longer have to present a risk for your Active Directory (AD) enterprise secrets.  RODC's by default do not cache ANY user or computer passwords.  This can present a problem if there is a loss of connectivity between the remote site's RODC and a Read … Continue reading "RODC – Password Replication Policy and Password Cache Management"