After upgrading a domain with Server 2003 domain controllers to Server 2016, the forest functional level stays at 2003 by default.
When upgrading the forest functional level to 2016, one can get problems if there are still Windows XP machines on that domain (yes, one should not have any since long but this still happens).
Problems I have seen are:
- Cannot change domain password
- Cannot join a computer to a domain (or take off and rejoin)
- Cannot see a shared folder on new Server 2016 DC from an XP workstation
Any Windows 10 workstation on the domain has none of the problems while ALL of the XP workstations have them.
What is the reason for this and how does one solve that?
Best Answer
Found a solution after long hours of research and want to share this as it was not easy to find (not surprisingly with XP support long gone).
1. First of all, it is recommended to NOT upgrade the forest functional level beyond 2008 if you still have any XP workstation on your domain.
2. If you did make the upgrade, here is a solution.
The reason for these 3 problems is that Windows XP only supports SMB 1, i.e. version one of the Microsoft SMB networking protocol. By today's standards, it is considered insecure and later versions of Windows workstation and server OSes have SMB 2 or later versions.
When you upgrade the forest functional level, Windows will make some assumptions and remove deprecated services. Server 2012 and 2016 remove the support for SMB 1. (In fact, the feature is still installed by default as you can see in the Add/Remove Features screen but it is disabled.)
You can, however, enable SMB 1 via registry editing:
The driver names for SMB 1 is "srv.sys" and for SMB 2 it is "srv2.sys".
In the registry, this can be configured at:
For SMB 2 and later (this will NOT support XP), put following value into this key:
For SMB 1 (to support XP)
Reboot the server and you should be good to go. This needs to be done on every domain controller in the domain.
References:
SpiceWorks Server 2012 BPA
Spiceworks XP clients on 2012 domain