Environment
Novell Client for Vista 1.0.0

Situation
The Vista workstation name had been changed previously. The Novell client for Vista had been installed, and upon first login, an error message is displayed: “The Domain name is not correct”

“Net localgroup” on a vista domain member allows adding a domain local group from a trusted domain.

The membership is there but will never work as the SID will not appear in the access token of a user or computer connecting to the machine.

The GUI allows adding the group only when you focus on the GC.

The same behavior happens on Windows XP and Windows 2003,and Windows 2008.

Consider the following scenario:

• You have an Authorization Manager store in an Active Directory domain environment.
• You add a user to a role in Authorization Manager.
• You log on to and then you log off from the domain on a Windows Vista-based or Windows Server 2008-based client computer by using the user account to that you added the role.
• The administrator deletes the user from the role in the Authorization Manager.

In this scenario, the user still can access the role.

Consider the following scenario:

• In an Active Directory domain, you have member computers that are running Windows Vista Service Pack 1 or Windows Server 2008.
• You configure a file security policy to set file permissions on a folder.
• The path that you specified for the folder contains some environment variables. For example, you specify the following path for the folder:
  

  %ALLUSERSPROFILE%\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP

In this scenario, when you run the Resultant Set of Policy (RSoP) Microsoft Management Console (MMC) snap-in on a member computer, the security file policy is missing. Additionally, the following event is logged on the domain controllers and on the member computers:

Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: Date_Time
Event ID: 1091
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: ComputerName
Description:
Windows could not record the Resultant Set of Policy (RSoP) information for the Group Policy extension Security. Group Policy settings successfully applied to the computer or user; however, management tools may not report accurately.

Consider the following scenario that occurs in a domain environment:

• You configure the users in the domain to use roaming profiles.
• The folder redirection feature is enabled in the domain.
• The offline folder feature is enabled on the network share on which the users’ roaming profiles and the redirected folders are located.
• The values of all registry entries under the following registry subkeys have been set to the path of the network share:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

In this scenario, when you try to log on to the domain from a Windows Vista-based client computer or from a Windows Server 2008-based client computer, the computer may stop responding.

Consider the following scenario. In an Active Directory domain environment, you deploy a user logon script to client computers in the domain. The logon script contains calls to Active Directory Service Interfaces (ADSI), such as Lightweight Directory Access Protocol (LDAP) queries. However, every time that a user logs on to the domain from a Windows Vista-based client computer, the client computer takes a long time (about 10 minutes) to process the logon script. During this time, no other ADSI queries can be executed.

This issue occurs if the ADSI call in the logon script involves downloading a schema cache file.

Consider the following scenario:

• You have a computer that is running Windows Vista or Windows Server 2008 in a domain.
• You configure a scheduled task on the computer.
• You try to change the running user context from the default user account to another account in the domain.

In this scenario, you receive the following error message:

An error has occurred for task TaskName. Error message: The specified account name is not valid
This problem occurs if the NetBIOS domain name is not the default name.

Note: By default, a NetBIOS name is the leftmost part of the DNS domain name. For example, if the DNS name is “contoso.com,” the NetBIOS domain name is “CONTOSO.” However, an administrator may arbitrarily choose any valid NetBIOS name.

In an Active Directory directory service domain environment, you configure intrusion detection software (IDS) on the Key Distribution Center (KDC). This software can detect a replay attack in the network.

However, when you try to use a nonexistent domain user account to log on to the domain from a Windows-based client computer, you may receive a warning of a replay attack. This warning is triggered by the IDS.

Note: This behavior may occur in all versions of Windows. For example, it may occur in Windows XP, in Windows Server 2003, and in Windows Vista.

When you try to join a Windows Vista-based client computer to a top level domain (TLD) that has a purely numeric suffix, the Windows Vista-based client computer cannot join the domain. Additionally, you receive the following error message:

Computer Name/Domain Changes
An Active Directory Domain Controller for the domain could not be contacted. Ensure that the domain name is typed correctly. If the name is correct, click Details for troubleshooting information.

Note: An example of a purely numeric suffix is “contoso.2003.”

When you click Details, you receive the following error message:

An error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller of the domain domain name.

The error was: “The filename, directory name, or volume label syntax is incorrect.”

(error code 0×0000007B ERROR_INVALID_NAME)

The query was for the SRV record for _ldap._tcp.dc._msdcs.domain name.com

If you try to join the domain by using the NetBIOS name of the domain, you are prompted for domain credentials. In this case, the client computer still cannot join the domain. Additionally, you receive the following error message:

The following error occurred attempting to join the domain NetBIOS name of the domain Logon failure: unknown username or bad password.

Consider the following scenario:

• A domain member computer is running Windows Vista, Windows Server 2003, or Windows XP.
• On the domain member computer, an application calls the LsaLookupSids function to translate a security identifier (SID) to a user name.
• The user name has been changed on a domain controller.

In this scenario, the LsaLookupSids function may return the old user name instead of the new user name. This behavior may prevent the application from working correctly.