Re: DOS client access denied to Windows 2003 SP1
- From: "Arek Iskra [MVP]" <NoSpam_arek@xxxxxxxxxxxxx>
- Date: Mon, 23 May 2005 17:45:58 +0800
"TimF" <twf_news@xxxxxxxxx> wrote in message news:1116775681.715629.271860@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Arek Iskra [MVP] wrote:to"TimF" <twf_news@xxxxxxxxx> wrote in message news:1116732102.340785.271930@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > Thank you for response, Arek. > I should have mentioned previously that I had also set that option> allow for LAN Manager and NTLM. I.e., on "Network Security: LANManagerhave> authentication level" under > Computer Configuration -> Windows Settings -> Security Settings -> > Security > Options, I had set: > > Send LM & NTLM - use NTLM v2 session security if negotiated. > > I had tried several of the selections under this setting, but none> allowed the DOS client access. > > Are there other settings that I should check? > > Tim >
NTLM v2 is too strong for DOS client. Try with LM only.
-- Arek Iskra MVP for Windows Server - Software Distribution
For "Network Security: LAN Manager authentication level", there was no "LM only" setting available, so I tried "LM & NTLM". Still unsuccessful.
I have the computer on which the DOS client runs set to boot into either Windows 98 or the DOS client mode, depending on the user's requirement. In Windows 98, the computer logs on successfully to the server. Until I applied SP1, when user re-started into DOS client, she was consistently successful in logging onto the server.
This is a simple LAN with just one Windows 2003 SP1 server. I have the following settings in the Local Policies/Security Options:
Domain member: Digitally encrypt or sign secure channel data (always) Disabled Domain member: Digitally encrypt secure channel data (when possible) Disabled Domain member: Digitally sign secure channel data (when possible) Disabled Domain member: Require strong (Windows 2000 or later) session key Disabled Microsoft network client: Digitally sign communications (always) Disabled Microsoft network client: Digitally sign communications (if server agrees) Enabled Microsoft network server: Digitally sign communications (always) Disabled Microsoft network server: Digitally sign communications (if client agrees) Disabled Network security: LAN Manager authentication level LM & NTLM responses
Network security: Minimum session security for NTLM SSP based (including secure RPC) clients No minimum Network security: Minimum session security for NTLM SSP based (including secure RPC) servers No minimum
With the simple LAN, all of the above settings are "Not defined" in both the Domain Controller Security Policies and the Default Domain Security Policies configurations.
Is there any other configuration setting required?
Tim
Hmm... interesting... one more thing to check: is Windows Firewall enabled?
-- Arek Iskra MVP for Windows Server - Software Distribution
.
- Follow-Ups:
- References:
- DOS client access denied to Windows 2003 SP1
- From: TimF
- Re: DOS client access denied to Windows 2003 SP1
- From: Arek Iskra [MVP]
- Re: DOS client access denied to Windows 2003 SP1
- From: TimF
- Re: DOS client access denied to Windows 2003 SP1
- From: Arek Iskra [MVP]
- Re: DOS client access denied to Windows 2003 SP1
- From: TimF
- DOS client access denied to Windows 2003 SP1
- Prev by Date: rpcSs failure causes windows to shut down
- Next by Date: Re: Win 2003 SP1 and FTP
- Previous by thread: Re: DOS client access denied to Windows 2003 SP1
- Next by thread: Re: DOS client access denied to Windows 2003 SP1
- Index(es):
Relevant Pages
|
