Win 2000 bug affects Active Directory
- By John Fontana
- Apr 10, 2000
Users have uncovered a bug in Microsoft Corp.'s Windows 2000 operating system
that could leave them without the ability to access or manage Active Directory.
The bug is linked to the number of Internet Protocol addresses that
are assigned to a single network interface card or multiple NICs in a Windows
2000 server that is acting as a domain controller.
On servers hosting more than 51 IP addresses, all of the objects in
Active Directory will disappear. In addition, the server will return an
error message saying it is not operational when administrators try to access
Active Directory Users and Computers, Active Directory Domains and Trusts,
and Active Director Sites and Services.
"Clients are locked out from authentication, and administrators are
locked out from management," said Brian Bergin, president of Terabyte Computers,
a consulting firm in Boone, N.C. Bergin brought the bug to Microsoft's attention
after it was discovered by another user.
Microsoft has confirmed the bug and is working on a hot fix. Until a
fix is ready, Microsoft is advising users to remove enough IP addresses
from the domain controller so the total number does not exceed 51.
The inclusion of 51 IP addresses on a single domain controller is not
common, but it could be an issue in large enterprises with multiple subnets.
The limitations seem odd, given that Unix and Linux systems can host hundreds
of IP addresses on a single machine.
For more information about enterprise networking, go to Network World
Fusion. Story copyright 2000 Network World Inc. All rights