Solved

Windows 98 clients on Windows 2003 Server Domain logon problems if users have a password

Posted on 2004-09-15
15
237 Views
Last Modified: 2008-02-01
The specific problem I have is that having set up a Windows 2003 Server with a variety of clients from Windows 98 to Windows 2000 to Windows XP, the Windows 98 clients seem unable to process a logon if the user has any password at all.

Win 2k and XP clients have no problem but trying to log on from Windows 98 results in the error message about your domain password being incorrect or access to logon server being denied.  If you then reset the user's password to blank you can successfully log on from any client including Windows 98.

I have tried the Microsoft solution in Community Solutions Article 555038 but to no avail.  So I have installed IE 6, Enabled NTLM2 Authentication, Enabled SMB Signing, installed DSClient etc.

Is it to do with the default policies that are put in place on a Windows 2k3 server?  If so what ones do I turn off? I step by step guide would be useful.
0
Comment
Question by:Phill_b1
  • 5
  • 4
  • 3
15 Comments
 

Expert Comment

by:dokpik
ID: 12066849
Do you have WINS installed, if not do so and this will fix the problem..
0
 

Expert Comment

by:dokpik
ID: 12066890
98 as well as 95 machines rely on netbios to communicate through the network and since 2003 utilizes DNS, these machines cannot communicate with the network even if DNS is configured properly on them....just make sure you install WINS and set it up correctly.......I went through the exact same problem during a migration after installing and configuring WINS the 95 machines even worked.

Good Luck,

dokpik
0
 

Author Comment

by:Phill_b1
ID: 12066954
WINS is installed on the 2k3 server and it appears to be running ok.  The Windows 98 clients point to the 2k3 server as the DNS server and the WINS server.  I noticed that the option to use NetBIOS over TCP/IP was greyed out in the Network properties of the 98 clients.

Should I follow the Microsoft solution at all?  Do I need to install DSClient?  I did all the reg fixes in 98 as per Microsoft instruction, couldn't find the article to do with hotfix Q323466.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 18

Expert Comment

by:crissand
ID: 12067446
Install DSclient. Configure all workstation to authenticate from the domain (I guess you've done that), and, when compouter starts to see:
User name:
Password:
Domain:
Use the netbios name of the domain here.

Run the next registry file on all workstation, to disable saving windows password:

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Network]
"HideSharePwds"=dword:00000001
"DisablePwdCaching"=dword:00000001

Restart wins service on the server.
0
 

Expert Comment

by:dokpik
ID: 12067471
Install the DSClient from a 2000 Pro CD not the one from the download site. Send me an email at administrator@sjhsnights.com with address and I will send you the client I utilized.
0
 

Author Comment

by:Phill_b1
ID: 12069945
dokpik, I tried sending you an email but it bounced back.

I've got a 2000 Server CD so I presume I have the correct DSClient.

Do I need to change any default Group Policy settings on the server?  Like setting LM and NTLM responses?
0
 
LVL 18

Expert Comment

by:crissand
ID: 12070222
As I remember the default is good enough.
0
 

Author Comment

by:Phill_b1
ID: 12099806
Thanks.  Will try it this week.
0
 

Author Comment

by:Phill_b1
ID: 12102626
Have tried just putting DSlient on the client computers on one of my customers' networks and its no different.  If the user has no password you can log straight in, but if they have any sort of password at all then you get the message and you can't log in!
0
 
LVL 18

Expert Comment

by:crissand
ID: 12107417
The user must have a domain password and the computer must get the user list from the domain. Do you have the logon screen:

User name
Password
Domain

Have you run the reg file I wrote?

How Windows starts, in the network properties there is Windows Logon or Network Logon? It must be Network logon.
0
 

Author Comment

by:Phill_b1
ID: 12171326
Yes I did everything you said but still the same problem.

I am sure it is server related as I connected some Win 98 clients to an existing Win 2k3 server successfully.  The installers of this server must have done something to allow them to connect because I didn't and I didn't do anything to the Win98 clients to get it to work.

I thought that there must be a policy somewhere that has been disabled.
0
 
LVL 18

Accepted Solution

by:
crissand earned 125 total points
ID: 12171455
Verify the nic of the server: The Firewall must be disabled and the Authetication to be disabled too. Go to TCP/IP properties and enable netbios over tcp/ip.

On windows 98 you don't have ipsec, so disable it on the server. If you enable it, download and install the client from microsoft: http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/l2tpclient.asp

The Group policy does not apply on Windows 98. The kerberos authetication does'n't work.

I think this is enough.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question