Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

How to enable Windows 98/ME/NT clients to logon to Windows 2003 based Domains


Author: Yuval Sinay MVP

View products that this article applies to.

Symptoms

Most companies have legacy operating system like - Windows 98, that give them backward compatibility for legacy applications.The default settings of Windows 2003 domains prohibit the logon of these clients,�to overcome this limitation, a change of behavior is needed.

↑ Back to the top


Cause

By default, security settings on domain controllers�running Windows Server 2003 are configured to help prevent domain controller communications from being intercepted or tampered with by malicious users. For users to successfully negotiate communications with a domain controller that runs Windows Server 2003, these default security settings require that client computers use both server message block (SMB) signing and encryption or signing of secure channel traffic. Clients that run Windows NT 4.0 with SP2 or earlier installed and clients that run Windows 95 do not have SMB packet signing enabled and cannot authenticate to a Windows Server 2003 domain controller.

↑ Back to the top


Resolution

Clients Side:

Windows NT4

1. Install Windows NT4 Service Pack 6a.

2. Install Internet Explorer 6 with Service Pack 1 or higher.

3. Install DSCLIENT utility from Windows 2000 Server installation disk or from

������ http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/adextension.asp

Note: For additional information about Active Directory Client extensions for Windows 95, Windows 98, and Windows NT 4.0,
������� �visit the following Microsoft Web� site:
������ � http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/adextension.asp

4. Enable NTLM 2 Authentication (please see "More Information" section for details).

5. Configure the workstation to use local WINS server.

6. Consider installing hotfix 275508:

���� SMB Session Credentials Are Not Updated After Password Change Resulting in Account Lockout

���� http://support.microsoft.com/kb/275508/�

7. Configure�the local DNS domain as�DNS under TCP/IP properties.


Windows 98/ME

1. Install Internet Explorer 6 with Service Pack 1 or higher.

2. Install DSCLIENT utility from Windows 2000 Server installation disk or from

���� http://support.microsoft.com/default.aspx?scid=kb;en-us;288358

Note: Please review the knowlagebase: "Directory Services Client Update for Windows 98" 323455:

���� http://support.microsoft.com/default.aspx?scid=kb;en-us;323455
���
3. Enable NTLM 2 Authentication (please see "More Information" section for details).

4. Enable SMB Signing (please see "More Information" section for details).

5. Configure the workstation to use local WINS server.

6. Consider installing the hotfixes that descrive in:

��� Service Packs and Hotfixes That Are Available to Resolve Account Lockout Issues

�� http://support.microsoft.com/default.aspx?scid=kb;en-us;817701

7. Configure the local DNS domain as DNS under TCP/IP properties.


Note: If you are using Windows 95, please follow the knowlagebase bellow:
http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;811497

Note: If the logon problem�is'nt resolved, please review the following knowlagebase:

Problems logging on to a Windows 2000-based server or a Windows 2003-based server
http://support.microsoft.com/default.aspx?kbid=272594


DOS/Windows 95:

You may need to disable SMB sign in the domain.
The methood can create security bridge, and�is'nt supported.

Modify Security Policies

http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=/resources/Documentation/WindowsServ/2003/all/deployguide/en-us/dssbe_upnt_omte.asp


Servers�side:

1. Configure�each server in the domain to use local WINS server.

2. If you are using Windows 2000 or higher DHCP server, make sure that the DHCP can register old clients.

3. Review: KB 898060

����� http://support.microsoft.com/default.aspx/kb/898060

Note: Some articles recommend to disable SMB sign in the domain controller OU. Please avoid changing�domain
��������� controllers policy, and specialy dont disable �SMB sign.

Note:�Windows 98/ME clients have problem�with computer�names largers then eight�characters. Please avoid
����������using long computer names.


↑ Back to the top


More information

Error Message When Windows 95 or Windows NT 4.0 Client Logs On to Windows Server 2003 Domain

http://support.microsoft.com/default.aspx?scid=kb;en-us;811497&FR=1&PA=1&SD=HSCH

How to Enable NTLM 2 Authentication

http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q239/8/69.ASP&NoWebContent=1

Overview of Server Message Block signing

http://support.microsoft.com/default.aspx?scid=kb;en-us;887429

Active Directory Client Extensions for Windows 95/98 and Windows NT 4.0

http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/adextension.asp

How Windows 95 and Windows 98 Directory Services Client Uses Active Directory Site Information

http://support.microsoft.com/default.aspx?scid=kb;en-us;249841

Windows 98/Me Client Cannot Change Password

http://support.microsoft.com/default.aspx?scid=kb;en-us;230059

Windows 2000 DNS White Paper

http://www.microsoft.com/windows2000/techinfo/howitworks/communications/nameadrmgmt/w2kdns.asp

Windows Server 2003 Server and Macintosh

http://www.macwindows.com/Win2003.html

User Cannot Log On for 45 Seconds After DSClient Is Installed

http://support.microsoft.com/default.aspx?scid=kb;en-us;306651

↑ Back to the top


Properties

COMMUNITY SOLUTIONS CONTENT DISCLAIMER
MICROSOFT CORPORATION AND/OR ITS RESPECTIVE SUPPLIERS MAKE NO REPRESENTATIONS ABOUT THE SUITABILITY, RELIABILITY, OR ACCURACY OF THE INFORMATION AND RELATED GRAPHICS CONTAINED HEREIN. ALL SUCH INFORMATION AND RELATED GRAPHICS ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT AND/OR ITS RESPECTIVE SUPPLIERS HEREBY DISCLAIM ALL WARRANTIES AND CONDITIONS WITH REGARD TO THIS INFORMATION AND RELATED GRAPHICS, INCLUDING ALL IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, WORKMANLIKE EFFORT, TITLE AND NON-INFRINGEMENT. YOU SPECIFICALLY AGREE THAT IN NO EVENT SHALL MICROSOFT AND/OR ITS SUPPLIERS BE LIABLE FOR ANY DIRECT, INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF USE, DATA OR PROFITS, ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OF OR INABILITY TO USE THE INFORMATION AND RELATED GRAPHICS CONTAINED HEREIN, WHETHER BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE, EVEN IF MICROSOFT OR ANY OF ITS SUPPLIERS HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES.

↑ Back to the top


Community solutions content disclaimer

Microsoft corporation and/or its respective suppliers make no representations about the suitability, reliability, or accuracy of the information and related graphics contained herein. All such information and related graphics are provided "as is" without warranty of any kind. Microsoft and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information and related graphics, including all implied warranties and conditions of merchantability, fitness for a particular purpose, workmanlike effort, title and non-infringement. You specifically agree that in no event shall Microsoft and/or its suppliers be liable for any direct, indirect, punitive, incidental, special, consequential damages or any damages whatsoever including, without limitation, damages for loss of use, data or profits, arising out of or in any way connected with the use of or inability to use the information and related graphics contained herein, whether based on contract, tort, negligence, strict liability or otherwise, even if Microsoft or any of its suppliers has been advised of the possibility of damages.

↑ Back to the top


Keywords: KB555038, kbhowto, kbpubmvp, kbpubtypecca

↑ Back to the top

Article Info
Article ID : 555038
Revision : 1
Created on : 5/4/2005
Published on : 5/4/2005
Exists online : False
Views : 870