NT4 workstations get access is denied when trying to browse a domain controller

When logged into a Windows NT4 sp6 workstation (as Administrator) and using Network Neighborhood to browse the network, I am unable to browse the domain controllers (all 3 of them).  The domain controllers are Windows2000.  On one of the domain controllers there are printer shares that the XP and 2000 computers can see.  The only ones having issues seeing the printer shares are the NT4 boxes.  

This is what I have seen.

The NT4 boxes can browse all non domain controller boxes at my location.  The reason I say my location is because there are some domain controllers that are located in the UK and I am able to browse thoes servers on the same NT4 box.  I think it has to be a security setting that was changed unknowingly.  I just find it strange it would effect all the controllers here.  The other guy here thinks it has to do with me adding back in the Default group policies for domain and domain controllers.  If that was the case I would think I would have the same issue browsing the UK domain servers as I do here, but I dont want to rule that out as I had to create them from scratch as someone went into the sysvol and deleted them from there and I might have missed a setting or enabled a setting that shouldnt have been done.  But like I said, if it was a group policy that stopped all NT4 boxes from browsing the domain controllers, it would have happened to the UK servers also.

I also did find something on here that sounds like the same issue as mine, but it didnt work out plus the topic ended with something about SMB signing and that isnt the answer for me.

Who is Participating?

Improve company productivity with a Business Account.Sign Up

CharliePete00Connect With a Mentor Commented:
Make sure the time is correct on the problem machines and the DCs.  You also may want to try resetting the computer (not user) account passwords.  To do this execute the following from the command-line of the problemed machines:

netdom resetpwd /server:<Server> /userd:<Domain>\<Domain Admin Account> /passwordd:*

Where <Server> = The name of a DC (PDC Emulator is best)
<Domain> = The name of your domain
<Domain Admin Account> = A member of the Domain Admins group


netdom resetpwd /server:MyServer /userd:MyDomain\Administrator /passwordd:*
Check the NIC properties on your DCs to see if NetBIOS support is enabled.
Also, look in the event logs of the NT 4 systems for Master Browser election notifications.

If you ping your DCs by computer name so you get name resolution?

If you try to connect the DCs directly through the command-line with "\\<server>" are you able to connect?  If not, how about with "\\<ip address>"?

Try running "ipconfig /all" from the command-line and see if your WINS and DNS server info is correct
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

x30nAuthor Commented:
NetBIOS is enabled
I can ping
WINS isnt installed (I was just hired here so...)
command-line I still get access denied.
found browser election saying:

The browser has forced an election on network \Device\NetBT_EI90x1 because a master browser was stopped.
x30nAuthor Commented:
I will let you know how that works out tomorrow when I get back in.
hstilesConnect With a Mentor Commented:
We have encountered some similar(ish) problems on MAC clients attaching to shares on a DC.  Best way to troubleshoot would be to do the following

Examine your domain security policy and compare it to your domain controller security policy.  It may be that the domain controller security policy is insisting on a much higher level of security.  Check the security log on the DC as well

x30nAuthor Commented:
Ok will, netdom isnt in the workstation so I downloaded the support tools and netdom isnt included also.  I tried nltest /bdc_query:(mydomain) and it showed both bdcs  but I got a I_NetLogonControl failed: Status = 5 0x5 ERROR_ACCESS_DENIED

Right now for giggles I am downloading sp6a for it to reinstall it.  Man, before comming here I havnt touched a NT4 box in like 6 years so I am so out of touch with it.  I am also going to google that error to see what I get.

hstiles: I guess if there was something in the group policys that was blocking nt4 from browseing DC's then it would have effected my UK controllers also.  I can browse the UK dc's on the same nt4 box so....

If there is something you need to know that I might not a mentioned ask.
x30nAuthor Commented:
Ok I am going to start thowing things out.  Maybe it will help


nt4 sp6a High Encryption insalled.
Disk format: FAT
used to see printer shares on domain controllers but no longer can.
used to be able to browse domain controllers in the US, but not longer can
still able to browse domain controllers in the same domain in the UK and also see the printer shares on the domain controllers.


Win2k (upgraded from nt4, not clean install)
RID Operations Master is the 'PDC'
PDC Operation Master (emulates) is the 'PDC'
Infrastructure Master is a 'BDC'
DNS is the 'PDC' and I am starting to notice some name resolution issues, but that is something I will tackle later.

If I think of anything or come across anything I will post it.
x30nAuthor Commented:
Oh, all three DCs here are mulit-homed.  (I remember something about that being an issue, but what I hear is well it worked in the pasted.)
gidds99Connect With a Mentor Commented:
Has there been any changes to the US network or US security policies which may account for this change in behaviour?
x30nAuthor Commented:
other then adding in the default domain controller and default domain group policy back in, no.

I even removed them to see if that was the issue, but it wasnt. Also if it was an issue, it should have affected the UK's DC and not allow the workstation to browse them also, but it didnt.
x30nAuthor Commented:

Friday there was an issue with AD and needed to restart the DC and one of the BDCs.  

Now that I am back working on this issue, I am able to connect and browse the DC and the BDC I had to reboot.  However, the BDC I really need to browse for the printer shares I still dont have access too.   So I am thinking a reboot might be in order for that one also, but it will be something I have to take care of after hours and test it.

I hate to have to reboot a server for no reason, so I hope this is all that was needed for the NT boxes to see the printer shares once again.

I will let you know as soon as I get it done.  
x30nAuthor Commented:
OK, rebooting it worked.
x30nAuthor Commented:
I will split the points up between the three of you for trying to help.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.