For those that are interested in this issue, and not receiving a single response here. I opened a ticket with Microsoft on this yesterday. Got an answer this morning. I built my AD controller and the 2003 member server from a VMWare Template. This means that both systems had the same computer SID, something I knew, but totally missed the boat on as being a possible issue in this case. The issue came down to the DC and the Member server having a SID conflict and 2003 recognizing this and locking out the login attempt as spoofed. I used SysInternals NEWSID to fix the issue. Dennis Parker, MCSE, CCA Senior Systems Analyst Fiserv EFT 4550 SW Macadam Ave, Ste 100 Portland, Or. 97239 Direct: 503-274-6785 Fax: 503-274-6619 This e-mail is confidential and may well be legally privileged. If you have received it in error, you are on notice of its status. Please notify us immediately by reply e-mail and then delete this message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other person. To do so could violate state and Federal privacy laws. Thank you for your cooperation. Please contact me if you need assistance. -----Original Message----- From: Parker, Dennis Sent: Tuesday, April 20, 2004 10:51 AM To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] OT: NT 4.0 to 2003 AD migration Before calling MS, I thought maybe someone out there can assist with this. Here's the situation: I have two domains. Domain A is NT 4.0 and contains a PDC (NT 4.0 obviously), an XP Pro workstation, a Windows 2003 Standard Server. Domain B is 2003 AD and contains an AD controller (2003 Standard), a 2000 Pro workstation. User A was migrated from Domain A to Domain B with SID History. User A logs in to the 2000 Pro Workstation with no issue. User A can connect to resources on the NT 4.0 domain like the XP Pro workstation and the PDC with no problem. User A can NOT connect to the Windows 2003 Standard Server in Domain A with the error: Designated SID inconsistent (Event ID 548). I'm certain this has to do with Windows 2003 SID filtering, but I can not figure out how to disable SID filtering for this one system. I have turned off SID filtering on the 2003 AD Domain, which allowed me access to the NT 4.0 PDC, so I'm sure I'm close. Thanks for your time! Dennis Parker, MCSE, CCA Senior Systems Analyst Fiserv EFT 4550 SW Macadam Ave, Ste 100 Portland, Or. 97239 Direct: 503-274-6785 Fax: 503-274-6619 This e-mail is confidential and may well be legally privileged. If you have received it in error, you are on notice of its status. Please notify us immediately by reply e-mail and then delete this message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other person. To do so could violate state and Federal privacy laws. Thank you for your cooperation. Please contact me if you need assistance. ******************************************************** This week's sponsor - Neoware Thin Clients Neoware makes computing open, secure, reliable, affordable, manageable and obsolete-free. Starting at $199! http://www.neoware.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This week's sponsor - Neoware Thin Clients Neoware makes computing open, secure, reliable, affordable, manageable and obsolete-free. Starting at $199! http://www.neoware.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm