You are currently offline, waiting for your internet to reconnect

How to enable Windows 98/ME/NT clients to logon to Windows 2003 based Domains

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

Author:
Yuval Sinay MVP
COMMUNITY SOLUTIONS CONTENT DISCLAIMER
MICROSOFT CORPORATION AND/OR ITS RESPECTIVE SUPPLIERS MAKE NO REPRESENTATIONS ABOUT THE SUITABILITY, RELIABILITY, OR ACCURACY OF THE INFORMATION AND RELATED GRAPHICS CONTAINED HEREIN. ALL SUCH INFORMATION AND RELATED GRAPHICS ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT AND/OR ITS RESPECTIVE SUPPLIERS HEREBY DISCLAIM ALL WARRANTIES AND CONDITIONS WITH REGARD TO THIS INFORMATION AND RELATED GRAPHICS, INCLUDING ALL IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, WORKMANLIKE EFFORT, TITLE AND NON-INFRINGEMENT. YOU SPECIFICALLY AGREE THAT IN NO EVENT SHALL MICROSOFT AND/OR ITS SUPPLIERS BE LIABLE FOR ANY DIRECT, INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF USE, DATA OR PROFITS, ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OF OR INABILITY TO USE THE INFORMATION AND RELATED GRAPHICS CONTAINED HEREIN, WHETHER BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE, EVEN IF MICROSOFT OR ANY OF ITS SUPPLIERS HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES.
SYMPTOMS
Most companies have legacy operating system like - Windows 98, that give them backward compatibility for legacy applications.The default settings of Windows 2003 domains prohibit the logon of these clients, to overcome this limitation, a change of behavior is needed.
CAUSE
By default, security settings on domain controllers running Windows Server 2003 are configured to help prevent domain controller communications from being intercepted or tampered with by malicious users. For users to successfully negotiate communications with a domain controller that runs Windows Server 2003, these default security settings require that client computers use both server message block (SMB) signing and encryption or signing of secure channel traffic. Clients that run Windows NT 4.0 with SP2 or earlier installed and clients that run Windows 95 do not have SMB packet signing enabled and cannot authenticate to a Windows Server 2003 domain controller.
RESOLUTION
  Clients Side:
 
Windows NT4
 
1. Install Windows NT4 Service Pack 6a.

2. Install Internet Explorer 6 with Service Pack 1 or higher.

3. Install DSCLIENT utility from Windows 2000 Server installation disk or from
 
      
 
Note: For additional information about Active Directory Client extensions for Windows 95, Windows 98, and Windows NT 4.0,
         visit the following Microsoft Web  site:
        
 
4. Enable NTLM 2 Authentication (please see "More Information" section for details).

5. Configure the workstation to use local WINS server.
 
6. Consider installing hotfix 275508:
 
     SMB Session Credentials Are Not Updated After Password Change Resulting in Account Lockout
 
      
 
7. Configure the local DNS domain as DNS under TCP/IP properties.
 
 
Windows 98/ME
 
1. Install Internet Explorer 6 with Service Pack 1 or higher.

2. Install DSCLIENT utility from Windows 2000 Server installation disk or from
 
    
 
Note: Please review the knowlagebase: "Directory Services Client Update for Windows 98" 323455:
 
    
   
3. Enable NTLM 2 Authentication (please see "More Information" section for details).
 
4. Enable SMB Signing (please see "More Information" section for details).

5. Configure the workstation to use local WINS server.
 
6. Consider installing the hotfixes that descrive in:
 
    Service Packs and Hotfixes That Are Available to Resolve Account Lockout Issues

  
 
7. Configure the local DNS domain as DNS under TCP/IP properties.
 
 
Note: If you are using Windows 95, please follow the knowlagebase bellow:

 
Note: If the logon problem is'nt resolved, please review the following knowlagebase:
 
Problems logging on to a Windows 2000-based server or a Windows 2003-based server

 
 
DOS/Windows 95:
 
You may need to disable SMB sign in the domain.
The methood can create security bridge, and is'nt supported.
 
Modify Security Policies
 

 
 
  Servers side:
 
1. Configure each server in the domain to use local WINS server.
 
2. If you are using Windows 2000 or higher DHCP server, make sure that the DHCP can register old clients.
 
3. Review: KB 898060
 
     
 
Note: Some articles recommend to disable SMB sign in the domain controller OU. Please avoid changing domain
          controllers policy, and specialy dont disable  SMB sign.
 
Note: Windows 98/ME clients have problem with computer names largers then eight characters. Please avoid
          using long computer names.
 
 
MORE INFORMATION
Error Message When Windows 95 or Windows NT 4.0 Client Logs On to Windows Server 2003 Domain
 

 
How to Enable NTLM 2 Authentication
 

 
Overview of Server Message Block signing
 

 
Active Directory Client Extensions for Windows 95/98 and Windows NT 4.0
 

 
How Windows 95 and Windows 98 Directory Services Client Uses Active Directory Site Information
 

 
Windows 98/Me Client Cannot Change Password


 
Windows 2000 DNS White Paper
 

 
Windows Server 2003 Server and Macintosh
 

 
User Cannot Log On for 45 Seconds After DSClient Is Installed
 

Properties

Article ID: 555038 - Last Review: 05/04/2005 16:27:00 - Revision: 1.0

Microsoft Windows Server 2003, Enterprise Edition, Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems, Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems, Microsoft Windows Server 2003, Datacenter Edition, Microsoft Windows Server 2003, Enterprise Edition, Microsoft Windows Server 2003, Standard Edition

  • kbpubtypecca kbpubmvp kbhowto KB555038
Feedback
/html>