The crux of the issue is that Windows Server 2012 (and above) introduce two new SIDs. The problem is that Windows 7 and Windows Server 2008 R2 clients do not know about these SIDs (SID S-1-18-1 and SID S-1-18-2) because when they were written these particular SIDs didn’t exist.
The Solution from Microsoft is to install the Patch KB2830145 in all that Servers and Clients. It seems simple, but when you try to install, you might have some errors or the patch can take some days (yes, I said days) to install.
To check if you have this issue on one of the servers, try to use the psgetsid.exe tool (downloaded from https://technet.microsoft.com/en-us/sysinternals/bb897417.aspx)
If you have this one, you are OK:
The patch can be downloded here (SID S-1-18-1 and SID S-1-18-2 can't be mapped on Windows 7 or Windows Server 2008 R2-based computers in a domain environment):
https://support.microsoft.com/en-us/kb/2830145
If you have issues instlling this hotfix, you can try this:
- Expand -f:* <file .msu> <msu_expand_folder>
- Expand -f:* <file KB#.cab> <cab_expand_folder>
- pkgmgr /ip /m:cab_expand_folder\update-bf.mum
- Reboot
- Check again with psgetsid.exe if it's all OK.
Thanks man! you are a lifesaver!
ReplyDelete