• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 571
  • Last Modified:

NT 4 will not resolve and can’t access UNC on 2008 network

We had a 2003 domain (DNS, DHCP, DC), domain controllers were 2003.
We have one NT 4 standalone server that is running old statistic software, and some Intranet pages.
We added two 2008 R2 Domain controllers and made them DNS server (integrated)
I Transferred the FMOS rolls from single 2003 DC to 2008 server
Also transferred DHCP roll to one of the new 2008 servers.

Everything has work fine for last week or so. This Wednesday I shut down the old 2003 server to see if any problems would pop up before demoting and retiring the server. The standalone NT 4 box immediately when trying to log on, you would get:
“There are currently no logon servers available to Authenticate to”, so it is using cache credentials.
 
You could not access the NT 4 box from a UNC path (name or IP). You could not access some web pages or links. Went trying to access UNC path I get:  “There are currently no logon servers available to service the logon request”.

I can, access the NT 4 box using VNC software from any other computer (name or IP).

From the NT 4 box, I do a nslookup and it is the new DNS server, all the settings on the network card are set to static and pointing to the new DNS server. (only thing changed on NIC was DNS server, pointing to new DNS)

All records look right in DNS (new DNS (NS), and NT box is static in forward and reverse zones

Doing a IPCONFIG /all on NT box, gives all the right information (pointing to new DNS)
(see enclosed)

From the NT 4 box I can access any other computer via run box, UNC path (name or IP), Ping anyone …etc.

I don’t remember how to flush the DNS on NT 4 box, but I have shut down the NT box and restarted 4 times since I took the old server offline (I would think that would flush any caches).

Was wondering if there is some WINS setting or something I might need to add/change…???

Definitely need some help or advice to point me in the right direction. Can’t find any errors on new 2008 servers that might help me pinpoint the issue, so I am kind of leaning towards some setting on the NT box not refreshing or needs changed. Got to be something simple… HELP Experts.



Thanks in advanced!!

Fubr


0
Fubr
Asked:
Fubr
  • 3
1 Solution
 
FubrAuthor Commented:
0
 
jrhelgesonCommented:
This problem occurs because of the default behavior of the Allow cryptography algorithms compatible with Windows NT 4.0 policy on Windows Server 2008-based domain controllers. This policy is configured to prevent Windows operating systems and third-party clients from using weak cryptography algorithms to establish NETLOGON security channels to Windows Server 2008-based domain controllers.

http://support.microsoft.com/kb/942564

Solution:
1.  Log on to a Windows Server 2008-based domain controller.
2.  Click Start, click Run, type gpmc.msc, and then click OK.
3.  In the Group Policy Management console, expand Forest: DomainName, expand DomainName, expand Domain Controllers, right-click Default Domain Controllers Policy, and then click Edit.
4.  In the Group Policy Management Editor console, expand Computer Configuration, expand Policies, expand Administrative Templates, expand System, click Net Logon, and then double-click Allow cryptography algorithms compatible with Windows NT 4.0.
5.  In the Properties dialog box, click the Enabled option, and then click OK.
0
 
FubrAuthor Commented:
jrhelgeson you are the BOMB!!
"Bam, Bam, BAMITY BAM"

I would have never figure that out!
Thanks a million!!

Any other catch 12s for older hardware with 2008??
(evil grin)

 Fubr
0
 
FubrAuthor Commented:
Rock on "Big Guy"!!

Thanks again
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now