Re: Security log chaos - could not get dsclient.exe to install on any 9x boxes
From: Travis Kwekkeboom (totoro_orotot_at_hotmail.com)
Date: 07/29/04
- Next message: Lanwench [MVP - Exchange]: "Re: Integrated Anti Virus Protection"
- Previous message: Barry: "Re: Installing Backoffice Small Business Server 4.5"
- Maybe in reply to: Travis Kwekkeboom: "Re: Security log chaos - could not get dsclient.exe to install on any 9x boxes"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 29 Jul 2004 09:30:48 -0400
Thanks Erik,
Yes, the WinXP Home of 9x kernel. I knew it had crippled
capabilities, I didnt know that this dsclient.exe would not install
SOME of them and allow me to get into AD. Anyways, it is all in the
past now. I have 3 WinXP Pro boxes here, 1 2k box, 2 2k servers, 1
redhat box and 7 (yes seven) ME boxes. I have had all the ME boxes on
the domain for about 4 years now (back in sbs4.5 too) and I never
really had any issues with them. Recently, however, they have been a
nightmare. I implemented a stronger password policy (basically just
upping their already old short/bad PW policy) increasing characters,
controlling the amount of logins, times of, etc.. and I started
getting people locked out of the network. Now, approx 8 mnths before
that I had tried some VPN connecting, which brought in M$ support and
they did some registry changes that I am convinced change some backend
security items maybe causing my ME boxes to no longer meet the
requirements for some services and being locked out. The ME clients
get locked out of using printers, seing the shared folders etc.. but
do NOT get locked out immediately, however, when presented with a
password prompt, no matter WHAT they put in for password, they are
locked out. HEHE
As you can see this is a little frustrating for me. I am A+
Certified, use IIS and apache a bit, have been a Mild SBS "admin" for
5 years now. Sat for the Win2k Pro exam and did not pass. So you can
see my level of knowledge. I am the technical support person here for
5 years now, I can keep clients running fine but I have never had much
support from the company or my knowledge base to implement proper
items.
I will be upgrading the OS on the ME boxes to XP Pro in the near
future, problem is, PIII machines and some of them only have 192MB of
ram. Upgrading the OS AND the ram at the same time is not cost
effective for us at the present. We are a small company and I do what
I can with the limited resources I have.
My background is graphic design and I work a lot with Adobe Premiere.
Thanks for the help,
Travis Kwekkeboom
On Wed, 28 Jul 2004 23:50:41 +0200, "Erik Veenhuijsen"
<erikv70@hotmail.com> wrote:
>About the two kernels you are correct, except that microsoft for some
>twisted reason has indeed decided to bring out WinME, which has just been a
>plain stuppid move. WinME is based on a win9x kernel, but just doesn't have
>the support build-in to logon to domains. That's why probably all of us,
>avoid this OS like hell.
>They probably did this to push bussiness networks towards Win2000 and XP Pro
>and you can hate them for it, but i must say i'm glad they did otherwise we
>would still be dealing with a lot more old win95 and 98 machines, which are
>just completely hell compared to win xp pro.
>
>I have no experience with ripping out the dsclient installed on winme, so
>best advice i can give you on this is follow the instructions in the KB
>article i send you in a previous post and try to delete or at least copy the
>mentioned files in the article from an unaffected winme machine to the
>"infected" box.
>
>Good luck reOSsing.
>
>
>"Travis Kwekkeboom" <totoro_orotot@hotmail.com> wrote in message
>news:l15gg0hjub7cndmm1d7out65c0jpalb39s@4ax.com...
>> Well in the kernel end of things .. I know two kernels.
>> NT kernel (NT, win2k, XP Home, and XP Pro) and 9x kernel
>> (95,98/se,WinME) Usually it is assumed that 9x consists of
>> 95/98,se/WinME. So, the ME box is dead. Dandy, well we are pushing
>> the ME boxes towards XP Pro, so that will help. I will re-OS this box
>> and everything should be happy, cept me. heheh.
>>
>> See, the only boxes that were giving me trouble were the WinME boxes,
>> I thought I had put that in a previous post, however, if I did not I
>> apologize. Any ideas how I can rip that DSclient.exe out?
>>
>> On Wed, 28 Jul 2004 20:21:53 +0200, "Erik Veenhuijsen"
>> <erikv70@hotmail.com> wrote:
>>
>> >Travis, i don't know how big your knowledge is, but you really created a
>> >problem with this one.
>> >
>> >In your post you spoke about Win9x machines, not about WinME machines
>(you
>> >know that ME cannot be used in a domain environment? adclient or not.)
>> >If all your machines are WinME, then no adclient or WINS will help you,
>> >cause you have to wrong OS for a network domain. You should use win98se
>or
>> >higher (expect WinME and WinXP Home edition).
>> >
>> >See also:
>>
>>http://support.microsoft.com/default.aspx?scid=kb;en-us;276472&Product=winm
>e
>> >
>> >One positive thing, probably your SBS box is ok, but the OS on the client
>> >absolutly isn't. Hopefully it's on just one box and all others are ok.
>> >
>> >See also:
>> >http://support.microsoft.com/default.aspx?kbid=288358
>> >
>> >Greets,
>> >Erik.
>> >
>> >
>> >
>> >"Travis Kwekkeboom" <totoro_orotot@hotmail.com> wrote in message
>> >news:15idg0p6l6mh47oq06vjl6hkvvemu9rprc@4ax.com...
>> >> Well I installed the dsclient9x.exe on the one WinME box and now I
>> >> can't log into the domain. I tried uninstalling the client, it says it
>> >> completes, restart then I get the SAME non-network login and I can't
>> >> access anything. Dandy client there. ruined everything.
>> >>
>> >> Anyways, I am out of the office tomorrow all day and I will have to
>> >> RE-OS THAT box, probably the SBS2000 server and set everything up this
>> >> weekend .. not a task I was prepared to do. I am a little peeved over
>> >> this.
>> >>
>> >> Travis Kwekkeboom
>> >>
>> >> On Mon, 26 Jul 2004 23:33:03 +0200, "Erik Veenhuijsen"
>> >> <erikv70@hotmail.com> wrote:
>> >>
>> >> >Strange error, did you make sure you used the dsclient.exe in the
>win9x
>> >> >directory?
>> >> >Also you should setup a WINS server on your network and put the ip
>adress
>> >of
>> >> >your WINS server in the TCP/IP protocol on your workstations,
>otherwise
>> >they
>> >> >won't be able to find a Domain Controller for account logon.
>> >> >
>> >> >
>> >> >"Travis Kwekkeboom" <totoro_orotot@hotmail.com> wrote in message
>> >> >news:vvrag0lvpdnvgranj252sdabii12sl6lic@4ax.com...
>> >> >>
>> >> >> run the dsclient and I get a message telling me that the application
>> >> >> has not found WinNT SP6a and will exit. That is it.
>> >> >>
>> >> >>
>> >> >> On Mon, 26 Jul 2004 11:23:04 -0400, Travis Kwekkeboom
>> >> >> <totoro_orotot@hotmail.com> wrote:
>> >> >>
>> >> >> >This one has been bugging me for quite some time. I have people on
>> >> >> >Win9x boxes who keep getting their accounts locked out for reasons
>> >> >> >beyond me. 1st I thought it might be a timing server issue (which
>it
>> >> >> >might still be)
>> >> >> >
>> >> >> >Event Type: Failure Audit
>> >> >> >Event Source: Security
>> >> >> >Event Category: Account Logon
>> >> >> >Event ID: 681
>> >> >> >Date: 7/20/2004
>> >> >> >Time: 1:09:28 PM
>> >> >> >User: NT AUTHORITY\SYSTEM
>> >> >> >Computer: SLS-SERVER
>> >> >> >Description:
>> >> >> >The logon to account: XXXX XXXXXXXXX
>> >> >> > by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
>> >> >> > from workstation: \\XXXXXXXXXXXXXXX
>> >> >> > failed. The error code was: 3221225578
>> >> >> >
>> >> >> >and then
>> >> >> >
>> >> >> >Event Type: Failure Audit
>> >> >> >Event Source: Security
>> >> >> >Event Category: Logon/Logoff
>> >> >> >Event ID: 529
>> >> >> >Date: 7/20/2004
>> >> >> >Time: 1:09:28 PM
>> >> >> >User: NT AUTHORITY\SYSTEM
>> >> >> >Computer: XXXXX-SERVER
>> >> >> >Description:
>> >> >> >Logon Failure:
>> >> >> > Reason: Unknown user name or bad password
>> >> >> > User Name: SSSSSSSSSSSSSSSSSS
>> >> >> > Domain: DomainName
>> >> >> > Logon Type: 3
>> >> >> > Logon Process: NtLmSsp
>> >> >> > Authentication Package: NTLM
>> >> >> > Workstation Name: \\XXXXXXXXXXXX
>> >> >> >
>> >> >> >and then
>> >> >> >
>> >> >> >Event Type: Success Audit
>> >> >> >Event Source: Security
>> >> >> >Event Category: Account Management
>> >> >> >Event ID: 644
>> >> >> >Date: 7/20/2004
>> >> >> >Time: 1:14:53 PM
>> >> >> >User: Everyone
>> >> >> >Computer: XXXXX-SERVER
>> >> >> >Description:
>> >> >> >User Account Locked Out:
>> >> >> > Target Account Name: XXXXXXXXXXXXXX
>> >> >> > Target Account ID: XXXXXXXXXXXX\XXXXX
>> >> >> > Caller Machine Name: \\XXXXXXXXXXXXXXXX
>> >> >> > Caller User Name: XXXXXX-SERVER$
>> >> >> > Caller Domain: DomainName
>> >> >> > Caller Logon ID: (0x0,0x3E7)
>> >> >> >
>> >> >> >
>> >> >> >and then
>> >> >> >
>> >> >> >Event Type: Success Audit
>> >> >> >Event Source: Security
>> >> >> >Event Category: Account Management
>> >> >> >Event ID: 642
>> >> >> >Date: 7/20/2004
>> >> >> >Time: 1:14:53 PM
>> >> >> >User: Everyone
>> >> >> >Computer: XXXX-SERVER
>> >> >> >Description:
>> >> >> >User Account Changed:
>> >> >> > Account Locked.
>> >> >> > Target Account Name: XXXXXXXXXXXXXXXX
>> >> >> > Target Domain: Domain Name
>> >> >> > Target Account ID: XXXXXXXX\XXXXXXXX
>> >> >> > Caller User Name: XXXXXXX-SERVER$
>> >> >> > Caller Domain: Domain Name
>> >> >> > Caller Logon ID: (0x0,0x3E7)
>> >> >> > Privileges: -
>> >> >> >
>> >> >> >then the account has to be unlocked.
>> >> >> >
>> >> >> >Anyone have any ideas?
>> >> >> >It is a bothersome event.
>> >> >> >
>> >> >> >TK
>> >> >> >
>> >> >> >Follow-up: ******************
>> >> >> >
>> >> >> >I have scanned the server for viruses from MANY sources and have
>come
>> >> >> >up with negatives everywhere. This only happens to 9x series
>> >> >> >machines. I have a time script running on startup to synch the
>time
>> >> >> >to the server, that is about all I have done to these things
>besides
>> >> >> >stock and SP's.
>> >> >> >
>> >> >> >Help.
>> >> >> >
>> >> >> >TK
>> >> >>
>> >> >
>> >>
>> >
>>
>
- Next message: Lanwench [MVP - Exchange]: "Re: Integrated Anti Virus Protection"
- Previous message: Barry: "Re: Installing Backoffice Small Business Server 4.5"
- Maybe in reply to: Travis Kwekkeboom: "Re: Security log chaos - could not get dsclient.exe to install on any 9x boxes"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
