Solved

Windows 95 clients logging into 2003 Active Directory

Posted on 2004-09-23
8
11,438 Views
Last Modified: 2013-12-23
Hello,

I have searched high and low on this and many other sites for a resolution to this problem.  I have tried to use the registry fix mentioned on this and other sites, of course am using DSClient.  We have temporarily disabled SMB on the servers (roughly 20 servers acting as DC's in total in the domain).  We have created and removed AD sites, with no resolution.  Account Lockout has been increased (another temporary fix).

The scenario is that there are around 3000+ PC that cannot be upgraded to a new OS for another year.  These need to be able to log into the AD domain.  At each location which houses roughly 300+ Windows 95 computers there is a system running as a Global Catalog server.  When people try to logon, they will get, "The domain password you supplied is not correct, or access to your logon server has been denied."  After a few tries, they get locked out.  

It appears that they login to a primary DC that is housed in a central location in the MAN.  This is not a true WAN environment as they are all fiber connected with minimum bandwidth over ~30MB/sec.  

I am interested in any and all possible fixes people have tried for this scenario.  Please don't respond with "upgrade the OS" as that is not in the budget for a while.

Thanks!
0
Comment
Question by:trever_macpherson
8 Comments
 
LVL 16

Expert Comment

by:ahmedbahgat
ID: 12157251
but i'm sure that 95 os can not logon to active directory, i'm sure you get this message while setting up win2k3, possibly have an NT 4 machine as the domain controler to process the login and the 2k3 just stays as a member server until you have a budget for all the machines to be upgraded

cheers
0
 
LVL 1

Author Comment

by:trever_macpherson
ID: 12164262
Windows 95 can login to an Active Directory Domain.  DSClient is supposed to help with this.  In fact, many of the times we can log in from a Windows 95 system.  We have taken great pains to ensure that we can keep Windows 9x clients around until they meet their refresh cycle and still update to Active Directory.  This meant that we had to make a few changes, but in fact it is working.  The problem however is that login is erratic.  We can login at times, and at other times we cannot.  When we check an account that has failed login on the server,  it shows up as a bad login attempt and in fact that is typically the error we receive on the client side, however it has not been due to a bad username/password combination.  My thoughts on this have run everywhere from network pathing, hashing problems with passwords being sent via the network, improper synchronization between the 20+ Global Catalog servers, etc.  

I am really hoping for some assistance on this.  There has to be other people here that have run into similar circumstances.   The option to move to multiple domains based on NT4 is not an option, though it is not a bad idea.

If anyone knows where I can find a good document that discusses the differences in how Windows 95 and Windows 98 handles network login that might be of great help too, since the Windows 98 systems do not appear to have the same amount of difficulty, and those systems are often in the same area, on the same subnet, VLAN, even switch.  

For those that are interested, Microsoft has a document that covers Windows NT/Windows 98 network challenges in an Active Directory Domain titled, "The Microsoft Windows NT 4.0 and Windows 98 Threat Mitigation Guide".  Most of it reads very similar to a basic BS7799 document for small networks, however, it does have some ideas... unfortunately for me, I have tried all of the stuff in that guide.
0
 
LVL 16

Expert Comment

by:ahmedbahgat
ID: 12165365
thanks for the info, learning everyday

cheers
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 16

Expert Comment

by:ahmedbahgat
ID: 12165381
possibly 2k3 has the filtering feature activated and this may decline 95 requests "just an idea" i have seen this a couple of days with NT workstations can not access 2k3 server and by disabling filtering the machines managed to access it

cheers
0
 
LVL 1

Author Comment

by:trever_macpherson
ID: 12168346
By filtering what are you referring to?  IP filters?  As far as IPSEC and Kerberos is concerned, that does not come into play here as W9x does not support IPSEC or Kerberos, so those features have been removed.  
0
 
LVL 1

Expert Comment

by:alextesi
ID: 12181119
Check if your Server O.S. is able to be compatible with WinNT4.
On Win2K, if the O.S. is not in native mode it is possible.
I trought to do it and it run.

If your W2K3 have this facility you can try to do so, otherwise is it impossible.
0
 
LVL 2

Accepted Solution

by:
gavin_wickens earned 500 total points
ID: 12410704
I don't like it but disabling SMB appears to be the most effective method.  I have tried this on a small network, 1 DC 100ish clients (20ish win95) and all is OK.  No logon problems at all.  Dosen't answer your question but may be of use.
0
 
LVL 1

Author Comment

by:trever_macpherson
ID: 12410913
Unfortunately, disabling SMB was one of the first things we tried.  In the end to solve this problem we upgraded to Windows 98 which was a monumental task since over 2000 PCs had to be done.  Microsoft helped out with this in a combination of sales maneuvering, license changes and etc.  Kixtart was also deployed to force login server types, as well as registry hacks and a few other things.  The issue seems to be resovled for now, but now I have to roll this out over an additional 94 sites with several thousand other PC's.  Oh well... that is what they pay us the big bucks for :-).  
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
restore DAG configuration 1 43
Understanding Security Log Events 2 62
How computer Arp Table gets populated. 21 115
I'm wondering how windows server redirect perfomance 6 30
Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
Resolve DNS query failed errors for Exchange
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question