Ho do you connect Win 9x clients to an SBS 2008 Server
Trying to connect Win9x clients to a new SBS2008 Network. Cannot connect. Any help would be appreciated,
ASKER
Sorry, Had already seen the MS article and applied the changes to the Group Security policy outlined in the second article. No Joy. Keep getting asked for the IPC$ password and the user account does exist on the SBS2008 Domain with the same password.
Have you installed dsclient on the 98 machine?
http://download.microsoft.com/download/0/0/a/00a7161e-8da8-4c44-b74e-469d769ce96e/dsclient9x.msi
http://download.microsoft.com/download/0/0/a/00a7161e-8da8-4c44-b74e-469d769ce96e/dsclient9x.msi
ASKER
Yes installed dsclient for 98 machine off an old Win2000 Server disk.
This looks more like your issue
https://www.experts-exchange.com/questions/21786510/Windows-98-on-SBS-2003.html?sfQueryTermInfo=1+sb
https://www.experts-exchange.com/questions/21786510/Windows-98-on-SBS-2003.html?sfQueryTermInfo=1+sb
ASKER
Still No Joy...Note: all of these articles refer to SBS 2003. I am trying to get these clients to login to SBS 2008 (Two Thousand Eight) I assume you understood that, but just wanted to make sure. Does 2008 react the same as 2003?
All of these win 9x clients logged onto a windows 2000 Domain prior to this upgrade.
Here is what I have done:
- Installed DSClient
- Enabled Wins
- Enabled DNS
- Set logon to domain (note: when set not to logon to domain, I can browse the network and see the server but get a prompt to enter the IPC$ password. When set to logon to domain I am not able to browse network)
- Enabled NTLM 2
- Enabled SMB Signing
Not sure if I got these in the right place though, directions are confusing, For NTLM 2 It says to "Create an LSA registry key in the key listed above" The key listed above is "HKEY_LOCAL_MACHINE\System
This is starting to get old very quickly. Any help would be GREATLY appreciated!
All of these win 9x clients logged onto a windows 2000 Domain prior to this upgrade.
Here is what I have done:
- Installed DSClient
- Enabled Wins
- Enabled DNS
- Set logon to domain (note: when set not to logon to domain, I can browse the network and see the server but get a prompt to enter the IPC$ password. When set to logon to domain I am not able to browse network)
- Enabled NTLM 2
- Enabled SMB Signing
Not sure if I got these in the right place though, directions are confusing, For NTLM 2 It says to "Create an LSA registry key in the key listed above" The key listed above is "HKEY_LOCAL_MACHINE\System
This is starting to get old very quickly. Any help would be GREATLY appreciated!
you should disable smb signing
In Windows 95, Windows 98, and Windows 98 Second Edition, the Directory Services Client uses SMB signing when it authenticates with Windows Server 2003 servers by using NTLM authentication. However, these clients do not use SMB signing when they authenticate with these servers by using NTLMv2 authentication. Additionally, Windows 2000 servers do not respond to SMB signing requests from these clients. See item 10: "Network security: Lan Manager authentication level."
and yes REG_DWORD in "HKEY_LOCAL_MACHINE\System
did you?
Workaround for SMB signing We recommend that you install Service Pack 6a (SP6a) on Windows NT 4.0 clients that interoperate in a Windows Server 2003-based domain. Windows 98 Second Edition-based, Windows 98-based, and Windows 95-based clients must run the Directory Services Client to perform NTLMv2. If Windows NT 4.0-based clients do not have Windows NT 4.0 SP6 installed or if Windows 95, Windows 98, and Windows 98SE-based clients do not have the Directory Services Client installed, disable SMB signing in the default domain controller's policy setting on the domain controller's OU, and then link this policy to all OUs that host domain controllers.
The Directory Services Client for Windows 98 Second Edition, Windows 98, and Windows 95 will perform SMB Signing with Windows 2003 servers under NTLM authentication, but not under NTLMv2 authentication. Additionally, Windows 2000 servers will not respond to SMB Signing requests from these clients.
Although Microsoft does not recommend it, you can prevent SMB signing from being required on all domain controllers that run Windows Server 2003 in a domain. To configure this security setting, follow these steps: Open the default domain controller's policy. Open the Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options folder. Locate and then click the Microsoft network server: Digitally sign communications (always) policy setting, and then click Disabled.
ASKER
Really starting to feel stupid now... I want to disable SMB, but in order to do that, I have to edit the default Domain Group Policy correct?
Prior to 2008, I would have gone to Active Directory Users and Computers snap-in (Start - Programs - Administrative Tools - Active Directory Users and Computers) Right clicked on the domain and selected Properties, Selected the Group Policies tab, Selected the default domain policy and clicked Edit. But, Group Policy is not a tab in 2008. Any clues on how to get to it? In The Local Policy editor, the Items I need to change are not selectable (because they are controled by the Group I presume).
Thanks in advance for the help.
Prior to 2008, I would have gone to Active Directory Users and Computers snap-in (Start - Programs - Administrative Tools - Active Directory Users and Computers) Right clicked on the domain and selected Properties, Selected the Group Policies tab, Selected the default domain policy and clicked Edit. But, Group Policy is not a tab in 2008. Any clues on how to get to it? In The Local Policy editor, the Items I need to change are not selectable (because they are controled by the Group I presume).
Thanks in advance for the help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry for the delay getting back...Thank you for the GPMC.msc, Duh....
I have disabled SMB signing. and some things have changed, but I still cannot log onto the 2008 Server. I can see the server and all of the other machines on the network through Network Neighborhood. I can browse all of the workstations, but when I double click on the server the error I get says the "device does not exist on the network". I can Ping the server by name and get a reply, I can search for the server and find it by name, but when I DC on it I get the same error. I have tried mapping a drive from the command prompt and get the generic error 55 cannot connect...
I feel like I am getting closer, but I'm still not there.
Thanks for the help.
I have disabled SMB signing. and some things have changed, but I still cannot log onto the 2008 Server. I can see the server and all of the other machines on the network through Network Neighborhood. I can browse all of the workstations, but when I double click on the server the error I get says the "device does not exist on the network". I can Ping the server by name and get a reply, I can search for the server and find it by name, but when I DC on it I get the same error. I have tried mapping a drive from the command prompt and get the generic error 55 cannot connect...
I feel like I am getting closer, but I'm still not there.
Thanks for the help.
ASKER
Yes I have done all of that. And Checked it several times.
ASKER
I have disabled the Servers Windows Firewall for now to test. I have also verified that it is staying off. No other firewall on this brand new server.
ASKER
Fixed
What ended up being the kicker??
Is there a simple way, without installing, the DS client, to allow a Windows 98 client to access a share on an SBS 2008 server?
We do NOT want to join the clients to the domain, the customer simply needs a way to access and deposit files on a particular share on the server.
Thanks,
Daveinfla
ASKER
Funny this was posted today... I was going to repost today as a matter of fact, I thought this was fixed. I can now logon to the network with the one remaining win 98 client (we simply replaced the other two machines with XP machines). What is curious, is that I can browse the network, browse to the server, and see all of the shares on the server. If I try to open the main share on the server, it takes FOREVER to open. So, to solve that problem, I created a smaller share which contains the information that the win98 machine needs access to which are tiny text files (NC Programs for CNC Machines), and that opens immediately when double clicked. The problem is that opening a teeny tiny text file takes 5 mins. Once again I am Stumped! My gut tells me that this is a protocol timeout issue but I'm not sure. Any Ideas? I have disabled IPv6 on the server and that did not solve the problem.
To answer the question of "What ended up being the kicker??" I think eventually, it was the disabling of SMB, but, I think all of the other steps above also contributed.
Any help on the "New" issue would be Greatly appreciated.
To answer the question of "What ended up being the kicker??" I think eventually, it was the disabling of SMB, but, I think all of the other steps above also contributed.
Any help on the "New" issue would be Greatly appreciated.
I just went through all of this myself setting up a Win98 box to work with a Win2008SBS box. The "kicker" that suddenly started it working for me was in "HKEY_LOCAL_MACHINE\System
However, like 'pfleury1', I can connect and browse all I want, but any attempts to open/copy a file fail with an 'illegal operation, program must close' notice. I guess I'll have to start searching for an answer to that bug now.
However, like 'pfleury1', I can connect and browse all I want, but any attempts to open/copy a file fail with an 'illegal operation, program must close' notice. I guess I'll have to start searching for an answer to that bug now.
Anyone involved in this still active and able to respond? I am working through these issues myself, looking for "help" or "paid services" to resolve.
Thank you and please advise,
Joe
Thank you and please advise,
Joe
and
http://support.microsoft.com/kb/555038