I have searched high and low on this and many other sites for a resolution to this problem. I have tried to use the registry fix mentioned on this and other sites, of course am using DSClient. We have temporarily disabled SMB on the servers (roughly 20 servers acting as DC's in total in the domain). We have created and removed AD sites, with no resolution. Account Lockout has been increased (another temporary fix).
The scenario is that there are around 3000+ PC that cannot be upgraded to a new OS for another year. These need to be able to log into the AD domain. At each location which houses roughly 300+ Windows 95 computers there is a system running as a Global Catalog server. When people try to logon, they will get, "The domain password you supplied is not correct, or access to your logon server has been denied." After a few tries, they get locked out.
It appears that they login to a primary DC that is housed in a central location in the MAN. This is not a true WAN environment as they are all fiber connected with minimum bandwidth over ~30MB/sec.
I am interested in any and all possible fixes people have tried for this scenario. Please don't respond with "upgrade the OS" as that is not in the budget for a while.