We've recently promoted 3 new 2012 R2 domain controllers and still have 1 2003 domain controller on the network, which we're planning on demoting in the next week or two.
We seem to be having a problem relating to the transition though...
Group Policy is failing with 1030 and 1058 errors on Windows XP and Windows Server 2003 computers only. After some investigation, it would appear that the cause of these failures is because those computers cannot access the DFS namespace for our domain, where Group Policy files exist.
If I try to navigate to \domain.local from one of the affected computers, I see this message:
\\domain.local is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.
You were not connected because a duplicate name exists on the network. Go to System in Control Panel to change the computer name and try again.
I have no idea why this is broken... I used to be able to browse to \\domain.local before adding 2012 R2 servers as Domain Controllers to the domain.
According to https://workinghardinit.wordpress.com/tag/windows-xp/, the issue is caused by LanmanServer service having one of its dependencies set to SMB 2.0, not SMB 1.0 (which XP/2003 uses).
The solution was simple - manually edit the dependencies on each 2012 R2 domain controller for the LanmanServer service in regedit and reboot them.
In order to support XP clients and/or 2003 member servers, you need to ensure that the dependancies for LanmanServer service are set to SamSS, then Srv.
It's advised in the article to revert these dependancies back when you've removed the last XP/2003 machine from the network.
The registry entry can be found here: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\DependOnService"