Article ID: 163949 - Last Review: December 6, 2003 - Revision: 3.0

Workstation Using LMHosts Fails to Logon if Domain Controller Unavailable

View products that this article applies to.
This article was previously published under Q163949

On This Page

Expand all | Collapse all

SYMPTOMS

Windows 95 workstations that log on to a Windows NT account domain that has no domain controllers located in the local subnet using LMHOSTS name resolution may only select one domain controller to perform logon validation.
Back to the top

CAUSE

The Windows 95 workstation will fail to be validated if the remote domain controller cannot be accessed or fails to respond. When an LMHOSTS file is configured with a #PRE #DOM entry, NetBIOS over TCP/IP (NetBT) resolves the name successfully using its cache. The Windows 95 workstation will not fall back to other name resolution methods including Domain Name System (DNS) or Windows Internet Name Service (WINS). If the Domain Controller (DC) is unavailable, this results in a single point for client logon failure.
Back to the top

RESOLUTION

To work around the LMHOSTS #PRE #DOM functionality, entries can be added to the LMHOSTS file to provide access to more than one Domain Controller by adding two unique names; one for the 1C name (the domain name), and one for each 00 #DOM entry (the other Domain Controllers that you want to use for domain logon validation). This provides fault tolerance for clients during the logon process, because the clients can locate more than one domain controller. It is also deterministic, because domain controllers are explicitly listed by address in the LMHOSTS file. Those with the shortest available path can be selected for logon validation.

The LMHOSTS file in this example contains the following information:
  • The IP address and NetBIOS name of the Domain Controller (Primary Domain Controller or Backup Domain Controller)
  • The domain name is preceded by the #PRE #DOM: tag. For example: 
    200.1.1.1   <PDC computer name> #PRE  #DOM:Domain_name
NOTE: Multiple #DOM entries pointing to DCs will provide additional names that can be resolved.

In addition to the above line, you also need to add the following line in the LMHOSTS file: 
<IP address><tab>"DOMAIN NAME  \0x1C" <tab> #PRE


Add one LMHOSTS entry to provide access to the domain controllers by adding the 1C name. This will enable name resolution at the workstation so that the Domain Name will be resolved successfully to the listed domain controllers.

NOTE: The Domain name is limited to 15 characters. If the Domain name is less than 15 characters, use spaces to fill it up to 15 characters, then type the backslash ('\') and the 0x1C value. The hexadecimal value 1C is appended following the Domain name and starts with the sixteenth character (20 characters overall). The Domain name must be all upper-case letters and must be inside quotation marks. You can verify that the entry has loaded into cache correctly by running the nbtstat -c command. You should see the domain name <1C> entry in the NetBIOS name cache.
Back to the top

Example LMHOSTS File

In the following example, each IP address is either the PDC or a BDC of MYDOMAIN. The first entry lists a Domain Controller not by its machine name, but by its domain name with a <1C> in the sixteenth position indicating a domain controller. Each subsequent line lists an additional Domain Controller by its computer name, with a #DOM entry that links it back to the 1C entry. All lines must have the #PRE entry to preload them into the NetBIOS name cache. 
123.45.101.20  "MYDOMAIN    \0x1C"  #PRE                   #Domain Name
123.45.101.21  "A-THIRD-DC"         #PRE  #DOM:MYDOMAIN    #Domain Name
123.45.220.15  "ANOTHERDC"          #PRE  #DOM:MYDOMAIN    #Domain Name

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
119495  (http://support.microsoft.com/kb/119495/EN-US/ ) List of Names Registered with WINS Service
150800  (http://support.microsoft.com/kb/150800/EN-US/ ) Domain Browsing with TCP/IP and LMHOSTS Files
Back to the top

MORE INFORMATION

WINS can be used for client name resolution when clients are located on a subnet that has no domain controller. This provides fault tolerance for name resolution (unlike the LMHOSTS solution, where a #PRE #DOM entry is typically used for a single domain controller) because the WINS server provides the Windows 95 client with a group name list registered under the "domain <1C>" name in response to the name resolution requests. The first domain controller to respond to the name query will log the user on to the Windows NT domain. However, this is not a deterministic method for name resolution, and it is not possible to select a preferred logon Domain Controller. As a result, a distant DC located multiple router hops away from the workstation could be selected. This may result in significant WAN traffic and extended logon delays.

Back to the top
APPLIES TO
  • Microsoft Windows NT Workstation 3.5
  • Microsoft Windows NT Workstation 3.51
  • Microsoft Windows NT Workstation 4.0 Developer Edition
  • Microsoft Windows NT Server 3.5
  • Microsoft Windows NT Server 3.51
  • Microsoft Windows NT Server 4.0 Standard Edition
  • Microsoft Windows for Workgroups 3.11
  • Microsoft Windows 95
Back to the top
Keywords: 
KB163949
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations