Select the product you need help with

Description of the Windows Server 2008 read-only domain controller compatibility pack for Windows Server 2003 clients and for Windows XP clients and for Windows Vista

Article ID: 944043 - View products that this article applies to.

INTRODUCTION

This article describes the Windows Server 2008 read-only domain controller (RODC) compatibility pack for Windows Server 2003 clients and for Windows XP clients. This update addresses compatibility issues that occur with down-level clients that do not support Windows Server 2008 RODC features. The information in this article also applies to Windows Server 2008 R2 RODC.

Back to the top | Give Feedback

MORE INFORMATION

You do not necessarily have to apply this update before you can deploy a read-only domain controller. Sometimes, compatibility issues do not affect your deployment. Or, you may be able to use a workaround instead of applying the update.

The following sections describe the following items:

The symptom that is associated with each compatibility issue
The RODC deployment scenario in which the issue occurs and the clients that are affected by the issue
The issue's influence
A workaround for the issue, if a workaround is available

Issue 1

Symptom

If a client can access only read-only domain controllers, Windows Management Instrumentation (WMI) filters that are configured for Group Policy are not applied. Additionally, the Gpsvc.log file contains the following information:

GPSVC(410.8ec) 15:17:45:808 FilterCheck: Found WMI Filter id of: filter ID
GPSVC(410.8ec) 15:18:21:838 FilterCheck: Filter doesn't exist. Evaluating to false
GPSVC(410.8ec) 15:18:21:838 ProcessGPO: CheckFilterAcess failed for <cn=GUID,cn=policies,cn=system,DC=name,DC=name,DC=name,DC=com>. Filter not found
GPSVC(410.8ec) 15:18:21:838 CGPAdminEventInitFailure::Initialize(): FormatMessage failed to look up error code (0x80041002) due to error 317. Can not log error description.
GPSVC(410.8ec) 15:18:21:838 ProcessGPO: The GPO does not pass the filter check and so will not be applied.

Scenario and affected clients

This issue affects clients in a site that has only read-only domain controllers available.

Influence

The Group Policy object to which the WMI filters are linked may not be applied.

Workaround

No workaround is available for this issue.

Issue 2

Symptom

Internet Protocol security (IPsec) policies cannot be applied, and Win32 error code 8219 (ERROR_POLICY_OBJECT_NOT_FOUND) is returned when only Windows Server 2008 read-only domain controllers are available.

Scenario and affected clients

This issue affects clients in a site that has only read-only domain controllers available. Typically, this issue occurs in a branch office scenario.

Influence

Computers that are running Windows 2000, Windows XP, or Windows Server 2003 do not receive IPsec policies that are applied by a read-only domain controller.

Workaround

No workaround is available for this issue.

Issue 3

Symptom

Windows Server 2003 member computers and Windows XP member computers do not synchronize Win32 time with Windows Server 2008 read-only domain controllers.

Scenario and affected clients

This issue affects clients in a site that has only read-only domain controllers available. Typically, this issue occurs in a branch office scenario or in a perimeter network scenario in which a writable domain controller cannot be contacted.

Note A perimeter network is also known as "DMZ," "demilitarized zone," and "screened subnet."

Influence

If the time of services is severely asynchronous, you may receive error messages when you try to access resources on the network.

Workaround

To work around this issue, configure the client computers to synchronize time from another domain controller that is available on the network.

Issue 4

Symptom

Computers in a perimeter network cannot join the domain.

Scenario and affected clients

This issue affects clients in a site that has only read-only domain controllers available. Typically, this issue occurs in a branch office scenario or in a perimeter network scenario.

Influence

Computers cannot join the domain even though the computer account and the password are pre-populated on the read-only domain controller.

Workaround

To work around this issue, create firewall rules to enable a writable domain controller to be contacted.

Or, bridge the perimeter network and intranet networks. Do this only when your organization's policies allow for this operation.

Issue 5

Symptom

In a site that has only read-only domain controllers available, users try to change their passwords on computers that are running Windows 2000, Windows XP, or Windows Server 2003. When the users do this, the password change operation fails.

Scenario and affected clients

This issue affects clients in a site that has only read-only domain controllers available. Typically, this issue occurs in a perimeter network scenario.

Influence

Users cannot change their passwords.

Workaround

To work around this issue, create firewall rules to enable a writable domain controller to be contacted. Or, have the users change passwords by using a computer that is running Windows Vista or Windows Server 2008.

Issue 6

Symptom

Windows Server 2008 read-only domain controllers cannot retrieve or create the public key certificate by using the LsaRetrievePrivateData function or the LsaStorePrivateData function.

The call to the LsaRetrievePrivateData function finishes. However, a NULL value is returned for the private data.

The call to the LsaStorePrivateData function fails, and error code 0xc0000034 is returned.

Scenario and affected clients

This issue affects clients in a site that has only read-only domain controllers available. Typically, this issue occurs in a branch office scenario or in a perimeter network scenario.

Influence

The Data Protection API (DPAPI) on clients that can access only read-only domain controllers cannot decrypt master keys unless these clients previously contacted a writable domain controller and retrieved a public key certificate. Even though a writable domain controller is available, the DPAPI still cannot decrypt master keys if the nearest domain controller is a read-only domain controller.

Workaround

When the DPAPI tries to decrypt master keys, make sure that the client has access to only a writable domain controller.

Note Typically, the DPAPI tries to decrypt master keys during password changes.

Issue 7

Symptom

When you try to publish a printer, the published printer may not work correctly.

Scenario and affected clients

This issue affects clients in a site that has only read-only domain controllers available. Typically, this issue occurs in a branch office scenario.

Influence

If a read-only domain controller receives a request to publish a printer, the read-only domain controller forwards the request to a writable domain controller. The spooler tries to read from the read-only domain controller immediately after the write action is implemented. However, the spooler does this before the printer publish information is replicated to the read-only domain controller. Therefore, the publish operation fails.

Workaround

No workaround is available for this issue.

Issue 8

Symptom

In a site that has only read-only domain controllers available, you use the Find Printer dialog box on a client computer that is running Windows 2000, Windows XP, or Windows Server 2003. When you do this, the Find Printer dialog box stops responding.

Scenario and affected clients

This issue affects clients in a site that has only read-only domain controllers available. Typically, this issue occurs in a branch office scenario.

Influence

Users cannot find printers that are published in Active Directory Domain Services.

Workaround

No workaround is available for this issue.

Issue 9

Symptom

Active Directory Service Interfaces (ADSI) API functions in Windows Server 2003 and in Windows XP always send requests to a remote writable domain controller instead of to a local read-only domain controller.

Scenario and affected clients

This issue affects clients in a site that has only read-only domain controllers available. Typically, this issue occurs in a branch office scenario.

Influence

This issue causes unnecessary network traffic and access latency.

Workaround

Make sure that all clients have connectivity to a writable domain controller when these clients call ADSI API functions. Do this even if the function calls make only read operations.

Issue 10

Symptom

Domain controllers that are running Windows Server 2003 perform automatic site coverage for sites that have read-only domain controllers.

Scenario and affected clients

This issue affects domain controllers that provide automatic site coverage for other branch office sites. Typically, this issue occurs in a branch office scenario.

Note This issue is unlike other issue that is listed in the article. For other issues, if you do not implement a suggested workaround, you apply a hotfix to clients that interact with an RODC. For this issue, if you do not implement a suggested workaround, you apply the hotfix to Windows Server 2003 domain controllers that perform automatic site coverage for sites that have an RODC. After you apply the hotfix, Windows Server 2003 domain controllers are able to detect RODC's in sites that would otherwise have been treated as empty. Additionally, the hotfix prevents Windows Server 2003 domain controllers publishing SRV records in the DNS of these sites, if this is required by automatic site coverage.

Influence

A domain controller that is running Windows Server 2003 may register its DNS SRV resource records for a site that contains a read-only domain controller. Therefore, the clients may not authenticate as expected with the local read-only domain controller. However, they may use DC's in other sites instead.

Workaround

To work around this issue, use one of the following methods:

Make sure that only domain controllers that are running Windows Server 2008 are present in the site that is closest to the read-only domain controller site.
Disable automatic site coverage on domain controllers that are running Windows Server 2003. Be aware that this affects the publication of SRV records for all sites that the Windows Server 2003 domain controller treats as empty. For more information about automatic site coverage, visit the following Microsoft web site:

http://technet.microsoft.com/en-us/library/cc732322(WS.10).aspx
(http://technet.microsoft.com/en-us/library/cc732322(WS.10).aspx)

Issue 11

Symptom

Domain controllers that are running Windows Server 2003 fail performing automatic site coverage, also for sites they should cover. The Netlogon.log contains the following information:

[CRITICAL] NlSitesUpdateSiteCoverage: Cannot DsGetDomainControllerInfoW 87 (=ERROR_INVALID_PARAMETER

Scenario and affected clients

This issue affects clients in sites that have no local domain controller available.

Influence

The Dc Locator on the client may not be able to find the closest site. This may slow down the logon process and GPO application.

Workaround

Disable AutoSiteCoverage and cover DC-less sites manually.

Update information

Note

The hotfix that is available in this Microsoft Knowledge Base article does not apply to Windows 2000 Server or to Windows 2000 Professional.
Windows Vista SP1 does not need any hotfixes. Therefore, only Vista RTM is affected.

For more information about known issues for deploying RODCs, visit the following Web site:
http://technet.microsoft.com/it-it/library/cc725669(WS.10).aspx

(http://technet.microsoft.com/it-it/library/cc725669(WS.10).aspx)

The following files are available for download from the Microsoft Download Center:

Update for Windows Server 2003

Collapse this imageExpand this image

Download the Update for Windows Server 2003 package now.

(http://www.microsoft.com/downloads/details.aspx?FamilyId=9AA16639-81A7-4CB4-B573-063CDE1C6AC3)

Update for Windows Server 2003 for Itanium-based systems

Collapse this imageExpand this image

Download the Update for Windows Server 2003 for Itanium-based Systems package now.

(http://www.microsoft.com/downloads/details.aspx?FamilyId=79870767-4B4C-4D05-8370-71CCACE66F03)

Update for Windows Server 2003 x64 Edition

Collapse this imageExpand this image

Download the Update for Windows Server 2003 x64 Edition package now.

(http://www.microsoft.com/downloads/details.aspx?FamilyId=9E20C893-9391-40EC-B47A-632DF6B5CDD1)

Update for Windows XP

Collapse this imageExpand this image

Download the Update for Windows XP package now.

(http://www.microsoft.com/downloads/details.aspx?FamilyId=7C1CB63F-7447-4DB3-AA3A-4C9DC9547B40)

Update for Windows XP x64 Edition

Collapse this imageExpand this image

Download the Update for Windows XP x64 Edition package now.

(http://www.microsoft.com/downloads/details.aspx?FamilyId=7A1F33EB-8206-4837-AB04-86A5AC8586B2)

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591

(http://support.microsoft.com/kb/119591/ )

How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Windows XP update information

Prerequisites

To apply this hotfix, you must have Windows XP Service Pack 2 or Windows XP Service Pack 3 installed.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

322389

(http://support.microsoft.com/kb/322389/ )

How to obtain the latest Windows XP service pack

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace a previously released hotfix.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

Windows XP with Service Pack 2, x86-based versions

Collapse this tableExpand this table

File name	File version	File size	Date	Time	Platform	SP requirement
Adsldp.dll	5.1.2600.3365	176,128	05-May-2008	11:08	x86	SP2
Adsmsext.dll	5.1.2600.3365	68,096	05-May-2008	11:08	x86	SP2
Dsuiext.dll	5.1.2600.3365	113,152	05-May-2008	11:08	x86	SP2
Gptext.dll	5.1.2600.3365	199,680	05-May-2008	11:08	x86	SP2
Localspl.dll	5.1.2600.3365	343,040	05-May-2008	11:08	x86	SP2
Lsasrv.dll	5.1.2600.3365	727,040	05-May-2008	11:08	x86	SP2
Msv1_0.dll	5.1.2600.3365	132,608	05-May-2008	11:08	x86	SP2
Netlogon.dll	5.1.2600.3365	407,040	05-May-2008	11:08	x86	SP2
Ntdsapi.dll	5.1.2600.3365	68,096	05-May-2008	11:08	x86	SP2
Policman.dll	5.1.2600.3365	92,672	05-May-2008	11:08	x86	SP2
W32time.dll	5.1.2600.3365	175,104	05-May-2008	11:08	x86	SP2
W32tm.exe	5.1.2600.3365	52,736	03-May-2008	10:15	x86	SP2
Wkssvc.dll	5.1.2600.3365	134,144	05-May-2008	11:08	x86	SP2

Windows XP with Service Pack 3, x86-based versions

Collapse this tableExpand this table

File name	File version	File size	Date	Time	Platform	SP requirement
Adsldp.dll	5.1.2600.5582	176,128	17-Apr-2008	14:50	x86	SP3
Adsmsext.dll	5.1.2600.5582	68,096	17-Apr-2008	04:50	x86	SP3
Dsuiext.dll	5.1.2600.5582	113,152	17-Apr-2008	04:50	x86	SP3
Gptext.dll	5.1.2600.5582	199,680	17-Apr-2008	04:50	x86	SP3
Localspl.dll	5.1.2600.5582	343,040	17-Apr-2008	04:50	x86	SP3
Lsasrv.dll	5.1.2600.5582	728,064	17-Apr-2008	04:50	x86	SP3
Msv1_0.dll	5.1.2600.5594	132,608	05-May-2008	11:06	x86	SP3
Netlogon.dll	5.1.2600.5582	407,040	17-Apr-2008	04:50	x86	SP3
Ntdsapi.dll	5.1.2600.5582	68,096	17-Apr-2008	04:50	x86	SP3
Policman.dll	5.1.2600.5582	92,672	17-Apr-2008	04:50	x86	SP3
W32time.dll	5.1.2600.5582	175,104	17-Apr-2008	04:50	x86	SP3
W32tm.exe	5.1.2600.5594	52,736	03-May-2008	11:57	x86	SP3
Wkssvc.dll	5.1.2600.5582	134,144	17-Apr-2008	04:50	x86	SP3

Windows Server 2003 update information

Prerequisites

To apply this hotfix, you must have Windows Server 2003 Service Pack 1 or Windows Server 2003 Service Pack 2 installed.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

889100

(http://support.microsoft.com/kb/889100/ )

How to obtain the latest service pack for Windows Server 2003

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace a previously released hotfix.

File information

Windows Server 2003 with Service Pack 1, x86-based versions

Collapse this tableExpand this table

File name	File version	File size	Date	Time	Platform	SP requirement
Adsldp.dll	5.2.3790.3123	178,176	21-Apr-2008	07:04	x86	SP1
Adsmsext.dll	5.2.3790.3123	69,632	21-Apr-2008	07:04	x86	SP1
Dsuiext.dll	5.2.3790.3123	119,808	21-Apr-2008	07:04	x86	SP1
Gptext.dll	5.2.3790.3123	235,008	21-Apr-2008	07:04	x86	SP1
Localspl.dll	5.2.3790.3123	348,672	21-Apr-2008	07:04	x86	SP1
Lsasrv.dll	5.2.3790.3123	822,784	21-Apr-2008	07:04	x86	SP1
Msv1_0.dll	5.2.3790.3123	144,896	21-Apr-2008	07:04	x86	SP1
Netlogon.dll	5.2.3790.3123	426,496	21-Apr-2008	07:04	x86	SP1
Ntdsa.dll	5.2.3790.3120	1,525,760	15-Apr-2008	10:20	x86	SP1
Ntdsapi.dll	5.2.3790.3123	73,728	21-Apr-2008	07:04	x86	SP1
Policman.dll	5.2.3790.3123	71,168	21-Apr-2008	07:04	x86	SP1
W03a2409.dll	5.2.3790.3090	29,696	14-Feb-2008	09:41	x86	SP1
W32time.dll	5.2.3790.3123	227,328	21-Apr-2008	07:04	x86	SP1
W32tm.exe	5.2.3790.3123	55,808	17-Apr-2008	11:22	x86	SP1
Wkssvc.dll	5.2.3790.3123	134,656	21-Apr-2008	07:04	x86	SP1

Windows Server 2003 with Service Pack 2, x86-based versions

Collapse this tableExpand this table

File name	File version	File size	Date	Time	Platform	SP requirement
Adsldp.dll	5.2.3790.4275	178,688	21-Apr-2008	06:52	x86	SP2
Adsmsext.dll	5.2.3790.4275	69,632	21-Apr-2008	06:52	x86	SP2
Dsuiext.dll	5.2.3790.4275	119,808	21-Apr-2008	06:52	x86	SP2
Gptext.dll	5.2.3790.4275	235,008	21-Apr-2008	06:52	x86	SP2
Localspl.dll	5.2.3790.4275	342,528	21-Apr-2008	06:52	x86	SP2
Lsasrv.dll	5.2.3790.4275	815,616	21-Apr-2008	06:52	x86	SP2
Msv1_0.dll	5.2.3790.4275	143,360	21-Apr-2008	06:52	x86	SP2
Netlogon.dll	5.2.3790.4272	437,248	15-Apr-2008	10:07	x86	SP2
Ntdsa.dll	5.2.3790.4272	1,526,784	15-Apr-2008	10:07	x86	SP2
Ntdsapi.dll	5.2.3790.4272	73,216	15-Apr-2008	10:07	x86	SP2
Policman.dll	5.2.3790.4275	71,168	21-Apr-2008	06:52	x86	SP2
W32time.dll	5.2.3790.4275	227,328	21-Apr-2008	06:52	x86	SP2
W32tm.exe	5.2.3790.4275	55,808	17-Apr-2008	11:39	x86	SP2
Wkssvc.dll	5.2.3790.4275	134,656	21-Apr-2008	06:52	x86	SP2

Windows Server 2003 with Service Pack 1, Itanium-based versions

Collapse this tableExpand this table

File name	File version	File size	Date	Time	Platform	SP requirement	Service branch
Adsldp.dll	5.2.3790.3123	516,096	09-May-2008	08:17	IA-64	SP1	Not applicable
Adsmsext.dll	5.2.3790.3123	208,384	09-May-2008	08:17	IA-64	SP1	Not applicable
Dsuiext.dll	5.2.3790.3123	247,808	09-May-2008	08:17	IA-64	SP1	Not applicable
Gptext.dll	5.2.3790.3123	567,808	09-May-2008	08:17	IA-64	SP1	Not applicable
Localspl.dll	5.2.3790.3123	967,680	09-May-2008	08:17	IA-64	SP1	Not applicable
Lsasrv.dll	5.2.3790.3123	2,163,200	09-May-2008	08:17	IA-64	SP1	Not applicable
Msv1_0.dll	5.2.3790.3123	390,144	09-May-2008	08:17	IA-64	SP1	Not applicable
Netlogon.dll	5.2.3790.3123	989,696	09-May-2008	08:17	IA-64	SP1	Not applicable
Ntdsa.dll	5.2.3790.3120	4,276,736	09-May-2008	08:17	IA-64	SP1	Not applicable
Ntdsapi.dll	5.2.3790.3123	211,968	09-May-2008	08:18	IA-64	SP1	Not applicable
Policman.dll	5.2.3790.3123	258,048	09-May-2008	08:18	IA-64	SP1	Not applicable
W03a2409.dll	5.2.3790.3090	28,672	09-May-2008	08:18	IA-64	SP1	Not applicable
W32time.dll	5.2.3790.3123	578,560	09-May-2008	08:18	IA-64	SP1	Not applicable
W32tm.exe	5.2.3790.3123	139,264	09-May-2008	08:18	IA-64	SP1	Not applicable
Wkssvc.dll	5.2.3790.3123	326,656	09-May-2008	08:18	IA-64	SP1	Not applicable
Wadsldp.dll	5.2.3790.3123	178,176	09-May-2008	08:18	x86	SP1	WOW
Wadsmsext.dll	5.2.3790.3123	69,632	09-May-2008	08:18	x86	SP1	WOW
Wdsuiext.dll	5.2.3790.3123	119,808	09-May-2008	08:18	x86	SP1	WOW
Wgptext.dll	5.2.3790.3123	235,008	09-May-2008	08:18	x86	SP1	WOW
Wmsv1_0.dll	5.2.3790.3123	144,896	09-May-2008	08:18	x86	SP1	WOW
Wnetlogon.dll	5.2.3790.3123	426,496	09-May-2008	08:18	x86	SP1	WOW
Wntdsa.dll	5.2.3790.3120	1,525,760	09-May-2008	08:18	x86	SP1	WOW
Wntdsapi.dll	5.2.3790.3123	73,728	09-May-2008	08:18	x86	SP1	WOW
Ww03a2409.dll	5.2.3790.3090	29,696	09-May-2008	08:18	x86	SP1	WOW
Ww32time.dll	5.2.3790.3123	227,328	09-May-2008	08:18	x86	SP1	WOW
Ww32tm.exe	5.2.3790.3123	55,808	09-May-2008	08:18	x86	SP1	WOW

Windows Server 2003 with Service Pack 2, Itanium-based versions

Collapse this tableExpand this table

File name	File version	File size	Date	Time	Platform	SP requirement	Service branch
Adsldp.dll	5.2.3790.4275	516,096	09-May-2008	08:24	IA-64	SP2	Not applicable
Adsmsext.dll	5.2.3790.4275	208,384	09-May-2008	08:24	IA-64	SP2	Not applicable
Dsuiext.dll	5.2.3790.4275	247,808	09-May-2008	08:24	IA-64	SP2	Not applicable
Gptext.dll	5.2.3790.4275	568,320	09-May-2008	08:24	IA-64	SP2	Not applicable
Localspl.dll	5.2.3790.4275	968,192	09-May-2008	08:24	IA-64	SP2	Not applicable
Lsasrv.dll	5.2.3790.4275	2,165,248	09-May-2008	08:24	IA-64	SP2	Not applicable
Msv1_0.dll	5.2.3790.4275	390,144	09-May-2008	08:24	IA-64	SP2	Not applicable
Netlogon.dll	5.2.3790.4272	989,696	09-May-2008	08:24	IA-64	SP2	Not applicable
Ntdsa.dll	5.2.3790.4272	4,279,808	09-May-2008	08:25	IA-64	SP2	Not applicable
Ntdsapi.dll	5.2.3790.4272	211,968	09-May-2008	08:25	IA-64	SP2	Not applicable
Policman.dll	5.2.3790.4275	258,048	09-May-2008	08:25	IA-64	SP2	Not applicable
W32time.dll	5.2.3790.4275	578,560	09-May-2008	08:25	IA-64	SP2	Not applicable
W32tm.exe	5.2.3790.4275	139,264	09-May-2008	08:25	IA-64	SP2	Not applicable
Wkssvc.dll	5.2.3790.4275	326,656	09-May-2008	08:25	IA-64	SP2	Not applicable
Wadsldp.dll	5.2.3790.4275	178,688	09-May-2008	08:25	x86	SP2	WOW
Wadsmsext.dll	5.2.3790.4275	69,632	09-May-2008	08:25	x86	SP2	WOW
Wdsuiext.dll	5.2.3790.4275	119,808	09-May-2008	08:25	x86	SP2	WOW
Wgptext.dll	5.2.3790.4275	235,008	09-May-2008	08:25	x86	SP2	WOW
Wmsv1_0.dll	5.2.3790.4275	143,360	09-May-2008	08:25	x86	SP2	WOW
Wnetlogon.dll	5.2.3790.4272	437,248	09-May-2008	08:25	x86	SP2	WOW
Wntdsa.dll	5.2.3790.4272	1,526,784	09-May-2008	08:25	x86	SP2	WOW
Wntdsapi.dll	5.2.3790.4272	73,216	09-May-2008	08:25	x86	SP2	WOW
Ww32time.dll	5.2.3790.4275	227,328	09-May-2008	08:25	x86	SP2	WOW
Ww32tm.exe	5.2.3790.4275	55,808	09-May-2008	08:25	x86	SP2	WOW

Windows Server 2003 with Service Pack 1, x64-based versions

Collapse this tableExpand this table

File name	File version	File size	Date	Time	Platform	SP requirement	Service branch
Adsldp.dll	5.2.3790.3123	342,016	09-May-2008	08:17	x64	SP1	Not applicable
Adsmsext.dll	5.2.3790.3123	105,472	09-May-2008	08:17	x64	SP1	Not applicable
Dsuiext.dll	5.2.3790.3123	149,504	09-May-2008	08:17	x64	SP1	Not applicable
Gptext.dll	5.2.3790.3123	326,656	09-May-2008	08:17	x64	SP1	Not applicable
Localspl.dll	5.2.3790.3123	750,080	09-May-2008	08:17	x64	SP1	Not applicable
Lsasrv.dll	5.2.3790.3123	1,566,720	09-May-2008	08:17	x64	SP1	Not applicable
Msv1_0.dll	5.2.3790.3123	260,608	09-May-2008	08:17	x64	SP1	Not applicable
Netlogon.dll	5.2.3790.3123	690,176	09-May-2008	08:17	x64	SP1	Not applicable
Ntdsa.dll	5.2.3790.3120	2,969,600	09-May-2008	08:17	x64	SP1	Not applicable
Ntdsapi.dll	5.2.3790.3123	132,608	09-May-2008	08:17	x64	SP1	Not applicable
Policman.dll	5.2.3790.3123	131,072	09-May-2008	08:17	x64	SP1	Not applicable
W03a2409.dll	5.2.3790.3090	30,208	09-May-2008	08:17	x64	SP1	Not applicable
W32time.dll	5.2.3790.3123	407,552	09-May-2008	08:17	x64	SP1	Not applicable
W32tm.exe	5.2.3790.3123	79,360	09-May-2008	08:17	x64	SP1	Not applicable
Wkssvc.dll	5.2.3790.3123	228,352	09-May-2008	08:17	x64	SP1	Not applicable
Wadsldp.dll	5.2.3790.3123	178,176	09-May-2008	08:17	x86	SP1	WOW
Wadsmsext.dll	5.2.3790.3123	69,632	09-May-2008	08:17	x86	SP1	WOW
Wdsuiext.dll	5.2.3790.3123	119,808	09-May-2008	08:17	x86	SP1	WOW
Wgptext.dll	5.2.3790.3123	235,008	09-May-2008	08:17	x86	SP1	WOW
Wmsv1_0.dll	5.2.3790.3123	144,896	09-May-2008	08:17	x86	SP1	WOW
Wnetlogon.dll	5.2.3790.3123	426,496	09-May-2008	08:17	x86	SP1	WOW
Wntdsa.dll	5.2.3790.3120	1,525,760	09-May-2008	08:17	x86	SP1	WOW
Wntdsapi.dll	5.2.3790.3123	73,728	09-May-2008	08:17	x86	SP1	WOW
Ww03a2409.dll	5.2.3790.3090	29,696	09-May-2008	08:17	x86	SP1	WOW
Ww32time.dll	5.2.3790.3123	227,328	09-May-2008	08:17	x86	SP1	WOW
Ww32tm.exe	5.2.3790.3123	55,808	09-May-2008	08:17	x86	SP1	WOW

Windows Server 2003 with Service Pack 2, x64-based versions

Collapse this tableExpand this table

File name	File version	File size	Date	Time	Platform	SP requirement	Service branch
Adsldp.dll	5.2.3790.4275	342,016	09-May-2008	08:24	x64	SP2	Not applicable
Adsmsext.dll	5.2.3790.4275	105,472	09-May-2008	08:24	x64	SP2	Not applicable
Dsuiext.dll	5.2.3790.4275	149,504	09-May-2008	08:24	x64	SP2	Not applicable
Gptext.dll	5.2.3790.4275	327,168	09-May-2008	08:24	x64	SP2	Not applicable
Localspl.dll	5.2.3790.4275	750,080	09-May-2008	08:24	x64	SP2	Not applicable
Lsasrv.dll	5.2.3790.4275	1,567,232	09-May-2008	08:24	x64	SP2	Not applicable
Msv1_0.dll	5.2.3790.4275	260,608	09-May-2008	08:24	x64	SP2	Not applicable
Netlogon.dll	5.2.3790.4272	690,176	09-May-2008	08:24	x64	SP2	Not applicable
Ntdsa.dll	5.2.3790.4272	2,971,136	09-May-2008	08:24	x64	SP2	Not applicable
Ntdsapi.dll	5.2.3790.4272	132,608	09-May-2008	08:25	x64	SP2	Not applicable
Policman.dll	5.2.3790.4275	131,072	09-May-2008	08:25	x64	SP2	Not applicable
W32time.dll	5.2.3790.4275	407,552	09-May-2008	08:25	x64	SP2	Not applicable
W32tm.exe	5.2.3790.4275	79,360	09-May-2008	08:25	x64	SP2	Not applicable
Wkssvc.dll	5.2.3790.4275	228,352	09-May-2008	08:25	x64	SP2	Not applicable
Wadsldp.dll	5.2.3790.4275	178,688	09-May-2008	08:25	x86	SP2	WOW
Wadsmsext.dll	5.2.3790.4275	69,632	09-May-2008	08:25	x86	SP2	WOW
Wdsuiext.dll	5.2.3790.4275	119,808	09-May-2008	08:25	x86	SP2	WOW
Wgptext.dll	5.2.3790.4275	235,008	09-May-2008	08:25	x86	SP2	WOW
Wmsv1_0.dll	5.2.3790.4275	143,360	09-May-2008	08:25	x86	SP2	WOW
Wnetlogon.dll	5.2.3790.4272	437,248	09-May-2008	08:25	x86	SP2	WOW
Wntdsa.dll	5.2.3790.4272	1,526,784	09-May-2008	08:25	x86	SP2	WOW
Wntdsapi.dll	5.2.3790.4272	73,216	09-May-2008	08:25	x86	SP2	WOW
Ww32time.dll	5.2.3790.4275	227,328	09-May-2008	08:25	x86	SP2	WOW
Ww32tm.exe	5.2.3790.4275	55,808	09-May-2008	08:25	x86	SP2	WOW

Windows Vista service pack information

To resolve this problem, you can install the latest Windows Vista service pack.

For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:

935791

(http://support.microsoft.com/kb/935791/ )

How to obtain the latest Windows Vista service pack

Windows Vista update information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

(http://support.microsoft.com/contactus/?ws=support)

Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

No prerequisites are required.

Restart Requirement

You must restart the computer after you apply this hotfix.

Hotfix Replacement Information

This hotfix does not replace a previously released hotfix.

File Information

Windows Vista, x86-based versions

Collapse this tableExpand this table

File name	File version	File size	Date	Time	Platform
Adsmsext.dll	6.0.6000.21027	76,288	14-Mar-2009	03:14	x86
Adsldp.dll	6.0.6000.21027	186,368	14-Mar-2009	03:14	x86
Ksecdd.sys	6.0.6000.16386	407,144	13-Dec-2007	19:56	x86
Lsa-ppdlic.xrm-ms	Not Applicable	2,998	14-Mar-2009	02:50	Not Applicable
Lsasrv.dll	6.0.6000.21027	1,234,432	14-Mar-2009	03:15	x86
Lsass.exe	6.0.6000.21027	7,680	14-Mar-2009	01:02	x86
Secur32.dll	6.0.6000.21027	72,704	14-Mar-2009	03:18	x86
Policman.dll	6.0.6000.21027	81,408	14-Mar-2009	03:18	x86
Policman.mof	Not Applicable	12,150	13-Mar-2009	22:37	Not Applicable
Wkssvc.dll	6.0.6000.21027	158,208	14-Mar-2009	03:18	x86
Workstationservice-ppdlic.xrm-ms	Not Applicable	2,990	14-Mar-2009	02:51	Not Applicable

Windows Vista, x64-based versions

Collapse this tableExpand this table

File name	File version	File size	Date	Time	Platform
Adsmsext.dll	6.0.6000.21027	105,472	14-Mar-2009	03:36	x64
Adsldp.dll	6.0.6000.21027	237,056	14-Mar-2009	03:36	x64
Ksecdd.sys	6.0.6000.16386	477,800	14-Dec-2007	21:35	x64
Lsa-ppdlic.xrm-ms	Not Applicable	2,998	14-Mar-2009	03:17	Not Applicable
Lsasrv.dll	6.0.6000.21027	1,662,976	14-Mar-2009	03:37	x64
Lsass.exe	6.0.6000.21027	9,728	14-Mar-2009	01:27	x64
Secur32.dll	6.0.6000.21027	95,232	14-Mar-2009	03:40	x64
Policman.dll	6.0.6000.21027	130,048	14-Mar-2009	03:40	x64
Policman.mof	Not Applicable	12,150	13-Mar-2009	22:38	Not Applicable
Wkssvc.dll	6.0.6000.21027	201,728	14-Mar-2009	03:41	x64
Workstationservice-ppdlic.xrm-ms	Not Applicable	2,990	14-Mar-2009	03:17	Not Applicable
Secur32.dll	6.0.6000.21027	77,312	14-Mar-2009	03:18	x86
Adsmsext.dll	6.0.6000.21027	76,288	14-Mar-2009	03:14	x86
Adsldp.dll	6.0.6000.21027	186,368	14-Mar-2009	03:14	x86
Policman.dll	6.0.6000.21027	81,408	14-Mar-2009	03:18	x86
Policman.mof	Not Applicable	12,150	13-Mar-2009	22:37	Not Applicable

About WMI filters

You can use a WMI filter to specify criteria that must be met before the linked Group Policy object is applied to a computer. The WMI filter can filter the computers to which you want to apply the Group Policy settings so that you do not have to subdivide your organizational unit.

How to enable logging in the Gpsvc.log file

To enable logging in the Gpsvc.log file, follow these steps.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756

(http://support.microsoft.com/kb/322756/ )

How to back up and restore the registry in Windows

Click Start, click Run, type regedit, and then click OK.
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
On the Edit menu, point to New, and then click Key.
Type Diagnostics, and then press ENTER.
Right-click the Diagnostics subkey, point to New, and then click DWORD Value.
Type GPSvcDebugLevel, and then press ENTER.
Right-click GPSvcDebugLevel, and then click Modify.
In the Value data box, type 0x30002, and then click OK.
Exit Registry Editor.
At a command prompt, type the following command, and then press ENTER:
gpupdate /force
View the Gpsvc.log file in the following folder:
%windir%\debug\usermode

Note - if the usermode folder does not exist under %WINDIR%\debug\ the gpsvc.log file will not be created. If the usermode folder does not exist, create it under %windir%\debug.

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684

(http://support.microsoft.com/kb/824684/ )

Description of the standard terminology that is used to describe Microsoft software updates

Back to the top | Give Feedback

Properties

Article ID: 944043 - Last Review: May 31, 2011 - Revision: 11.0

APPLIES TO

Microsoft Windows Server 2003 R2 Datacenter x64 Edition
Microsoft Windows Server 2003 R2 Datacenter Edition (32-Bit x86)
Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86)
Microsoft Windows Server 2003 R2 Standard x64 Edition
Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86)
Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
Microsoft Windows Server 2003, Standard Edition (32-bit x86)
Microsoft Windows Server 2003, Datacenter x64 Edition
Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
Microsoft Windows Server 2003, Enterprise x64 Edition
Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
Microsoft Windows Server 2003, Standard x64 Edition
Microsoft Windows Server 2003, Web Edition
Microsoft Windows XP Professional
Windows Vista Enterprise 64-bit Edition
Windows Vista Home Basic 64-bit Edition
Windows Vista Home Premium 64-bit Edition
Windows Vista Ultimate 64-bit Edition
Windows Vista Business
Windows Vista Enterprise
Windows Vista Home Basic
Windows Vista Home Premium
Windows Vista Starter
Windows Vista Ultimate
Windows Vista Business 64-bit Edition
Microsoft Windows Server 2003 R2 Enterprise x64 Edition

kbwinxppostsp3fix kbwinserv2003postsp2fix kbexpertiseinter kbbug kbfix kbqfe atdownload KB944043

Back to the top | Give Feedback

Give Feedback

Back to the top

Select the product you need help with

Description of the Windows Server 2008 read-only domain controller compatibility pack for Windows Server 2003 clients and for Windows XP clients and for Windows Vista

On This Page

INTRODUCTION

MORE INFORMATION

Issue 1

Symptom

Scenario and affected clients

Influence

Workaround

Issue 2

Symptom

Scenario and affected clients

Influence

Workaround

Issue 3

Symptom

Scenario and affected clients

Influence

Workaround

Issue 4

Symptom

Scenario and affected clients

Influence

Workaround

Issue 5

Symptom

Scenario and affected clients

Influence

Workaround

Issue 6

Symptom

Scenario and affected clients

Influence

Workaround

Issue 7

Symptom

Scenario and affected clients

Influence

Workaround

Issue 8

Symptom

Scenario and affected clients

Influence

Workaround

Issue 9

Symptom

Scenario and affected clients

Influence

Workaround

Issue 10

Symptom

Scenario and affected clients

Influence

Workaround

Issue 11

Symptom

Scenario and affected clients

Influence

Workaround

Update information

Windows XP update information

Prerequisites

Restart requirement

Hotfix replacement information

File information

Windows XP with Service Pack 2, x86-based versions

Windows XP with Service Pack 3, x86-based versions

Windows Server 2003 update information

Prerequisites

Restart requirement

Hotfix replacement information

File information

Windows Server 2003 with Service Pack 1, x86-based versions

Windows Server 2003 with Service Pack 2, x86-based versions

Windows Server 2003 with Service Pack 1, Itanium-based versions

Windows Server 2003 with Service Pack 2, Itanium-based versions

Windows Server 2003 with Service Pack 1, x64-based versions

Windows Server 2003 with Service Pack 2, x64-based versions

Windows Vista service pack information