You are currently offline, waiting for your internet to reconnect

Your browser is out-of-date

You need to update your browser to use the site.

Update to the latest version of Internet Explorer

Error Message When Windows 95 or Windows NT 4.0 Client Logs On to Windows Server 2003 Domain

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

SYMPTOMS
When you log on to a Windows NT 4.0 computer that has Service Pack 2 (SP2) or earlier installed, you may receive the following error message:
The system could not log you on. Make sure your username and domain are correct, then type your password again. Letters in passwords must be typed using the correct case. Make sure that Caps Lock is not accidentally on.
When you log on to a client computer that runs Windows 95, you may receive the following error message:
The domain password you supplied is not correct, or access to your logon server has been denied.
CAUSE
By default, security settings on domain controllers that run Windows Server 2003 are configured to help prevent domain controller communications from being intercepted or tampered with by malicious users. For users to successfully negotiate communications with a domain controller that runs Windows Server 2003, these default security settings require that client computers use both server message block (SMB) signing and encryption or signing of secure channel traffic. Clients that run Windows NT 4.0 with SP2 or earlier installed and clients that run Windows 95 do not have SMB packet signing enabled and cannot authenticate to a Windows Server 2003 domain controller.
RESOLUTION

Windows NT 4.0

To resolve this behavior, upgrade the operating system (the recommended resolution), or install Service Pack 4 (SP4) or later. Service Pack 3 (SP3) provides support for SMB signing, but it does not support encryption or signing of secure channel traffic. Although SP4 and Service Pack 5 (SP5) do enable the client for SMB signing and encryption or signing of secure channel, Microsoft recommends that you install Service Pack 6a (SP6a) on Windows NT 4.0 clients that interoperate in a Windows Server 2003 domain.

Windows 95

To resolve this behavior, upgrade the operating system (the recommended resolution), or install the latest Active Directory client.
WORKAROUND
Although Microsoft does not recommend it, you can prevent SMB signing from being required on all domain controllers that run Windows Server 2003 in a domain. To configure this security setting, follow these steps:
  1. Open the Default Domain Controllers Policy.
  2. Open the Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options folder.
  3. Locate the Microsoft network server: Digitally sign communications (always) policy setting, and then click Disabled or Do Not Configure.
MORE INFORMATION
For additional information about Active Directory client extensions, visit the following Microsoft Web site:
Properties

Article ID: 811497 - Last Review: 12/03/2007 04:55:42 - Revision: 9.6

  • Microsoft Windows Server 2003, 64-Bit Datacenter Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Small Business Server 2003 Premium Edition
  • Microsoft Windows Small Business Server 2003 Standard Edition
  • kbprb KB811497
Feedback