When attempting to log on with a domain account on a computer joined to a domain that has both 2012R2 and 2003 domain controllers, you may encounter the following error:
Additionally, an Event ID 4 on Source: Kerberos is logged. You can only log on using local accounts.
Mixed 2012R2 and 2003 AD environments require hotfix 2989971 to be installed on every 2012R2 DC. See the KB for a full explanation.
The hotfix requires Update 1 (2919355) to be installed first. The hotfix is also included in update rollup 2984006.
