Win 2000 bug affects Active Directory
BY John Fontana
Network World RELATED STORIES
"Win 2000: No grand opening" [Federal Computer Week, Feb. 7, 2000]
"Active Directory may spark turf battles" [Federal Computer Week, Feb. 7, 2000]
"Windows 2000 Professional: a more manageable desktop [FCW.com, Feb. 9, 2000]
04/10/2000
Users have uncovered a bug in Microsoft Corp.�s Windows 2000 operating system that could leave them without the ability to access or manage Active Directory.
The bug is linked to the number of Internet Protocol addresses that are assigned to a single network interface card or multiple NICs in a Windows 2000 server that is acting as a domain controller.
On servers hosting more than 51 IP addresses, all of the objects in Active Directory will disappear. In addition, the server will return an error message saying it is not operational when administrators try to access Active Directory Users and Computers, Active Directory Domains and Trusts, and Active Director Sites and Services.
"Clients are locked out from authentication, and administrators are locked out from management," said Brian Bergin, president of Terabyte Computers, a consulting firm in Boone, N.C. Bergin brought the bug to Microsoft�s attention after it was discovered by another user.
Microsoft has confirmed the bug and is working on a hot fix. Until a fix is ready, Microsoft is advising users to remove enough IP addresses from the domain controller so the total number does not exceed 51.
The inclusion of 51 IP addresses on a single domain controller is not common, but it could be an issue in large enterprises with multiple subnets. The limitations seem odd, given that Unix and Linux systems can host hundreds of IP addresses on a single machine.
� For more information about enterprise networking, go to Network World Fusion. Story copyright 2000 Network World Inc. All rights reserved.
http://www.fcw.com/fcw/articles/2000/0410/web-bug-04-10-00.asp
-- Martin Thompson (mthom1927@aol.com), April 10, 2000