Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Windows 95 clients logging into 2003 Active Directory

Posted on 2004-09-23
8
Medium Priority
?
11,444 Views
Last Modified: 2013-12-23
Hello,

I have searched high and low on this and many other sites for a resolution to this problem.  I have tried to use the registry fix mentioned on this and other sites, of course am using DSClient.  We have temporarily disabled SMB on the servers (roughly 20 servers acting as DC's in total in the domain).  We have created and removed AD sites, with no resolution.  Account Lockout has been increased (another temporary fix).

The scenario is that there are around 3000+ PC that cannot be upgraded to a new OS for another year.  These need to be able to log into the AD domain.  At each location which houses roughly 300+ Windows 95 computers there is a system running as a Global Catalog server.  When people try to logon, they will get, "The domain password you supplied is not correct, or access to your logon server has been denied."  After a few tries, they get locked out.  

It appears that they login to a primary DC that is housed in a central location in the MAN.  This is not a true WAN environment as they are all fiber connected with minimum bandwidth over ~30MB/sec.  

I am interested in any and all possible fixes people have tried for this scenario.  Please don't respond with "upgrade the OS" as that is not in the budget for a while.

Thanks!
0
Comment
Question by:trever_macpherson
8 Comments
 
LVL 16

Expert Comment

by:ahmedbahgat
ID: 12157251
but i'm sure that 95 os can not logon to active directory, i'm sure you get this message while setting up win2k3, possibly have an NT 4 machine as the domain controler to process the login and the 2k3 just stays as a member server until you have a budget for all the machines to be upgraded

cheers
0
 
LVL 1

Author Comment

by:trever_macpherson
ID: 12164262
Windows 95 can login to an Active Directory Domain.  DSClient is supposed to help with this.  In fact, many of the times we can log in from a Windows 95 system.  We have taken great pains to ensure that we can keep Windows 9x clients around until they meet their refresh cycle and still update to Active Directory.  This meant that we had to make a few changes, but in fact it is working.  The problem however is that login is erratic.  We can login at times, and at other times we cannot.  When we check an account that has failed login on the server,  it shows up as a bad login attempt and in fact that is typically the error we receive on the client side, however it has not been due to a bad username/password combination.  My thoughts on this have run everywhere from network pathing, hashing problems with passwords being sent via the network, improper synchronization between the 20+ Global Catalog servers, etc.  

I am really hoping for some assistance on this.  There has to be other people here that have run into similar circumstances.   The option to move to multiple domains based on NT4 is not an option, though it is not a bad idea.

If anyone knows where I can find a good document that discusses the differences in how Windows 95 and Windows 98 handles network login that might be of great help too, since the Windows 98 systems do not appear to have the same amount of difficulty, and those systems are often in the same area, on the same subnet, VLAN, even switch.  

For those that are interested, Microsoft has a document that covers Windows NT/Windows 98 network challenges in an Active Directory Domain titled, "The Microsoft Windows NT 4.0 and Windows 98 Threat Mitigation Guide".  Most of it reads very similar to a basic BS7799 document for small networks, however, it does have some ideas... unfortunately for me, I have tried all of the stuff in that guide.
0
 
LVL 16

Expert Comment

by:ahmedbahgat
ID: 12165365
thanks for the info, learning everyday

cheers
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 16

Expert Comment

by:ahmedbahgat
ID: 12165381
possibly 2k3 has the filtering feature activated and this may decline 95 requests "just an idea" i have seen this a couple of days with NT workstations can not access 2k3 server and by disabling filtering the machines managed to access it

cheers
0
 
LVL 1

Author Comment

by:trever_macpherson
ID: 12168346
By filtering what are you referring to?  IP filters?  As far as IPSEC and Kerberos is concerned, that does not come into play here as W9x does not support IPSEC or Kerberos, so those features have been removed.  
0
 
LVL 1

Expert Comment

by:alextesi
ID: 12181119
Check if your Server O.S. is able to be compatible with WinNT4.
On Win2K, if the O.S. is not in native mode it is possible.
I trought to do it and it run.

If your W2K3 have this facility you can try to do so, otherwise is it impossible.
0
 
LVL 2

Accepted Solution

by:
gavin_wickens earned 1000 total points
ID: 12410704
I don't like it but disabling SMB appears to be the most effective method.  I have tried this on a small network, 1 DC 100ish clients (20ish win95) and all is OK.  No logon problems at all.  Dosen't answer your question but may be of use.
0
 
LVL 1

Author Comment

by:trever_macpherson
ID: 12410913
Unfortunately, disabling SMB was one of the first things we tried.  In the end to solve this problem we upgraded to Windows 98 which was a monumental task since over 2000 PCs had to be done.  Microsoft helped out with this in a combination of sales maneuvering, license changes and etc.  Kixtart was also deployed to force login server types, as well as registry hacks and a few other things.  The issue seems to be resovled for now, but now I have to roll this out over an additional 94 sites with several thousand other PC's.  Oh well... that is what they pay us the big bucks for :-).  
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question