Re: Win 98 logon problems in 2000 domain

From: Ed A. (anonymous_at_discussions.microsoft.com)
Date: 09/01/04 

Date: Wed, 1 Sep 2004 14:24:42 -0700

Thanks Steve. I went to the sites you listed in your
first post and noted some of the things that I thought
might be interfering with the logon. I went to the server
and changed those properties in the DC group policy. The
two 98 clients I was working with are able to log on now.
I'm going to see if the others will follow suit. I still
have a problem with DNS though. When I ran dcdiag, it
failed the connectivity test because the GUID didn't
resolve. I'm reading the knowledge base about what to
do. Something I've done in the last 2 days has messed it
up. Before I could ping every name in the DNS list from
any workstation, but now my fqdn won't ping.
>-----Original Message-----
>Only NT type operating systems such as NT4.0/W2K/XP
Pro/W2003 can actually "join" a
>domain. Users on Windows 98 can logon to the domain as a
domain user and access
>domain resources however. The advantage of having a
computer that can join the domain
>is better security and configuration of options centrally
such as security policy,
>user rights, and Group Policy in Windows 2000 and newer
operating systems. You can
>add computer accounts to the AD container but that does
no mean the computer is
>"joined" to the domain. Reasons to add the computer
account ahead of time would be to
>permit computers to be joined to the non default
container and for users to join the
>computer that actually do not have the user right to add
workstations to the domain
>or create computer objects. To join a Windows 2000
computer to the domain you use
>System Properties [right click My
Computer/properties] /computer name/change and you
>have the option to join a domain. --- Steve
>
>
><anonymous@discussions.microsoft.com> wrote in message
>news:43cb01c49036$8550df40$a301280a@phx.gbl...
>> Steve, if I can't add the computer accounts by adding
them
>> to computer container in AD, how do I do it? Don't they
>> have to have and account to logon?
>> Ed
>>>-----Original Message-----
>>>Make sure that netbios over tcp/ip is enabled on the
>> domain controller as shown in
>>>tcp/ip properties/advanced/wins. That is a prime suspect
>> since it does not show in My
>>>Network Places. If you run nbtstat -n on the domain
>> controller it should show at
>>>least three entries and probably more including master
>> browser. Since you are using
>>>downlevel clients, you should be running wins in the
>> domain and the domain
>>>controllers need to be wins clients. The domain
>> controllers should not be multihomed
>>>or rras servers if at all possible or problems may
occur.
>> If any are make sure that
>>>in network connections/advanced settings that the nic
for
>> the internal lan is at the
>>>top of the priority list. Additionally I would run first
>> netdiag and then dcdiag on
>>>the domain controller looking for any failed tests that
>> may indicate the problem and
>>>check Event Viewer for any reported problems that may be
>> a clue.
>>>
>>>http://support.microsoft.com/default.aspx?scid=kb;en-
>> us;321708
>>>
>>>In Domain Controller Security Policy I would configure
>> the following security
>>>options, at least until the problem is resolved. Set the
>> lan manager authentication
>>>level to "send ntlmV2 responses only" and there are four
>> options for digitally sign
>>>communications. Set the two that include "always" to
>> disabled. Then run [ secedit
>>>/resfrshpolicy machine_policy /enforce ] on the domain
>> controller. If you still have
>>>no luck see the KB article in the link below and review
>> the sections on "examples of
>>>compatibility problems". I don't know exactly what you
>> did but you can not join
>>>Windows 98 computer accounts to the domain even though
>> you may have added the
>>>computer names to the computers container in Active
>> Directory.--- Steve
>>>
>>>http://support.microsoft.com/default.aspx?scid=kb;en-
>> us;823659
>>>
>>
>
>
>.
>

Relevant Pages

  • Re: Windows 2000 users accounts get locked out
    ... > These failed logons ... >>account logon events enabled in Domain Security Policy ... > and Domain Controller ...
    (microsoft.public.win2000.security)
  • Re: Win 98 logon problems in 2000 domain
    ... and Group Policy in Windows 2000 and newer operating systems. ... add computer accounts to the AD container but that does no mean the computer is ... > controller it should show at ...
    (microsoft.public.win2000.networking)
  • Windows 2003 member server with Windows 2000 Domain Controller
    ... If anyone is having a Windows 2003 member server with a Windows 2000 Domain ... Windows cannot obtain the domain controller name for your computer network. ... There are currently no logon servers available to service the logon request. ...
    (microsoft.public.win2000.security)
  • Re: How to find out what computer a user logged in on.
    ... For a domain your best bet is to enable auditing of logon events in Domain ... Controller Security Policy and for domain computers enable auditing of logon ... security log quite a bit on your domain controllers to sat at least 10MB. ...
    (microsoft.public.win2000.security)
  • Re: How to find out what computer a user logged in on.
    ... > For a domain your best bet is to enable auditing of logon events in Domain ... > Controller Security Policy and for domain computers enable auditing of logon ... > events in Domain Security Policy. ... If you have at least one Windows 2003 domain controller you ...
    (microsoft.public.win2000.security)