Home > Hyper-V, Hyper-V R2, Microsoft, SCVMM, Tips&Tricks, Virtualization, VMM > VMM Tricks: VMM Domain Function Level … Why

VMM Tricks: VMM Domain Function Level … Why

So most of use already knows that VMM 2008 R2 required Windows 2003 Domain level for the installation and I already blogged about some error that you may face if VMM is connected and authenticated by windows 2000 domain controller in the installation phase.

But it was a new question when one asked me “Why Windows 2003 Domain Level?”

Kerberos authentication is a prerequisite for VMM. To configure your environment to allow users in one Active Directory Domain Services (AD DS) domain to access VMM resources in another domain, you can either ensure that both domains are in the same forest or configure a forest-level trust relationship and use Kerberos authentication. To set up a forest-level trust relationship, both domains must be in Windows Server 2003 forest mode. Windows 2000 Server does not support forest-level trusts.

Windows Server 2003 and Windows 2000 Server environments that contain complex group structures can encounter problems with an access token limitation during authentication.

The Kerberos Access Token in Windows 2000 native mode environment had many limitations and the resolution is just simply to raise domain function level to Windows 2003.

Check MS Addressing Problems Due to Access Token Limitation
http://download.microsoft.com/download/8/f/3/8f36dfe4-47d0-4775-ad5a-5614384921aa/AccessTokenLimitation.doc

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: