Statically Configured Site Name Value Is Not Enforced (293515)


The information in this article applies to:

  • Microsoft Windows 2000 Server SP1
  • Microsoft Windows 2000 Server SP2
  • Microsoft Windows 2000 Advanced Server SP1
  • Microsoft Windows 2000 Advanced Server SP2
  • Microsoft Windows 2000 Professional SP1
  • Microsoft Windows 2000 Professional SP2
This article was previously published under Q293515

SYMPTOMS

After you manually configure a computer that is running Windows 2000 Professional or Windows 2000 Server that is a client of a Windows 2000 domain with a static site name, that computer may not receive site-based policies or be able to form a secure channel with the proper domain controller.

CAUSE

A registry key is available (which is described in the Windows 2000 Distributed Systems Guide of the Windows 2000 Resource Kit) that an administrator can use to bypass the dynamic discovery of the site that a client computer is in and statically configure the site name value. Normally, when a domain controller receives a logon request from a client, the domain controller compares the source IP address of the client computer to information in Active Directory to determine which site the client is in.

This problem can occur if several sites have been created in Active Directory, but no subnet mappings are created that correspond to the sites; the Windows 2000 domain controller does not have enough information to determine a site name for the client. However, the domain controller does return to the client the name of the site that the domain controller is in. Because the client is attempting to find a "close" domain controller, the client uses the information that is sent back from the domain controller to determine whether the client should attempt to find an alternate domain controller. When this problem occurs, the site name is used properly for a short period of time before expiring.

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

The English version of this fix should have the following file attributes or later:
   Date        Time     Version          Size      File name
   -----------------------------------------------------------------
   4/10/2001   11:10a   5.0.2195.3481   501,520   Lsasrv.dll(56-bit)
   4/16/2001   05:20p   5.0.2195.3481   354,576   Advapi32.dll
   4/16/2001   05:20p   5.0.2195.3422   135,440   Dnsapi.dll
   4/16/2001   05:20p   5.0.2195.3422    94,992   Dnsrslvr.dll
   4/16/2001   05:17p   5.0.2195.3481   519,440   Instlsa5.dll
   4/16/2001   05:20p   5.0.2195.3422   142,096   Kdcsvc.dll
   3/30/2001   08:20p   5.0.2195.3432   207,920   Kerberos.dll
   4/10/2001   11:01a   5.0.2195.3481    69,456   Ksecdd.sys
   4/10/2001   11:10a   5.0.2195.3481   501,520   Lsasrv.dll
   4/10/2001   11:10a   5.0.2195.3481    33,552   Lsass.exe
   4/16/2001   05:20p   5.0.2195.3481   306,960   Netapi32.dll
   4/16/2001   05:20p   5.0.2195.3504   357,136   Netlogon.dll
   4/16/2001   05:20p   5.0.2195.3435   908,048   Ntdsa.dll
   4/16/2001   05:20p   5.0.2195.3441   382,224   Samsrv.dll
    4/5/2001   01:52p   5.0.2195.3458   128,784   Scecli.dll

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 3.

MORE INFORMATION

For additional information about how to obtain a hotfix for Windows 2000 Datacenter Server, click the article number below to view the article in the Microsoft Knowledge Base:

265173 The Datacenter Program and Windows 2000 Datacenter Server Product

For additional information about how to install multiple hotfixes with only one reboot, click the article number below to view the article in the Microsoft Knowledge Base:

296861 Use QChain.exe to Install Multiple Hotfixes with One Reboot

The fix that this article describes corrects the behavior of the client so that the computer attempts to find a domain controller in the configured site and, if the computer finds a domain controller, the computer considers the domain controller found as a "close" domain controller. This fix also has the added benefit of reducing network traffic because subsequent network traffic to find a "closer" domain controller is unnecessary.

For additional information about how to install Windows 2000 and Windows 2000 hotfixes at the same time, click the article number below to view the article in the Microsoft Knowledge Base:

249149 Installing Microsoft Windows 2000 and Windows 2000 Hotfixes

Modification Type:MinorLast Reviewed:9/26/2005
Keywords:kbHotfixServer kbQFE kbbug kbDirServices kbenv kbfix kbnetwork kbWin2000PreSP3Fix kbWin2000sp3fix KB293515
©2004 Microsoft Corporation. All rights reserved.