I upgraded a DC from Windows Server 2008R2 to Windows Server 2012R2.
This was an in-place upgrade; not best practice I know but it avoids sooo much demote/promote and service interruption hassle.
Nothing else has changed, Domain and Forest functional levels are Windows Server 2008R2 as they were before.
Now I find that some authentications from third-party software don't work any more; specific examples are external ldap queries run by our cloud-based internet filtering service to sync passwords, and a Citrix Access Gateway which now thinks all passwords are wrong (ie can't connect to the DC).
I have not knowingly changed any security policies. UAC is turned off. Windows Firewall is turned off.
I am fairly sure this is the OS because if I reconfigure the CAG to point to a legacy Server 2008R2 DC, it works.
But I need to upgrade them all, so I need to find what setting has changed.
Thoughts anyone?
No sig is a good sig