(Includes DOS even though the title doesn't say so)
811497 - Error Message When Windows 95 or Windows NT 4.0 Client
Logs On to Windows Server 2003 Domain
http://support.microsoft.com/default...b;en-us;811497
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
"TimF" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Windows 2003 server SP1 installation appears to have caused a problem:
>
> - DOS client (Microsoft networking client v3.0) had consistently logged
> in to a simple domain controlled by a Windows 2003 server.
> - Same computer was also connecting to Windows 2003 server when booted
> into Windows 98 SE.
> - Immediately after installation of SP1 on the Windows 2003 server, the
> DOS client on this computer could not login to the domain, though the
> Windows 98 SE client on the same computer is still able to connect and
> logon. The error message that the DOS client receives is "#5: Access
> denied".
>
> Current configuration/settings of the LAN:
>
> The LAN consists of this Windows 2003 SP1 Server as the sole server on
> a domain with 30 user licenses and 8 PC's, most of which are Windows 98
> SE, some Windows XP Home/Pro, one Windows 2000 Pro. Periodically, one
> of the Windows 98 SE computers needs to be re-started into DOS to run
> an application that requires a pure DOS environment. This computer was
> logging into the domain via the Microsoft DOS networking client v3.0
> until the installation of SP1 on the Windows 2003 server. No other
> known changes were made at the server or the DOS client.
>
> The Windows Firewall is disabled on the Windows 2003 SP1 server and no
> other firewalls are loaded on it.
>
> On the Windows 2003 SP1 server, the following Local Policies/Security
> Options are set:
>
> Domain member: Digitally encrypt or sign secure channel data
> (always) Disabled
> Domain member: Digitally encrypt secure channel data (when
> possible) Disabled
> Domain member: Digitally sign secure channel data (when
> possible) Disabled
> Domain member: Require strong (Windows 2000 or later) session
> key Disabled
> Microsoft network client: Digitally sign communications
> (always) Disabled
> Microsoft network client: Digitally sign communications (if server
> agrees) Enabled
> Microsoft network server: Digitally sign communications
> (always) Disabled
> Microsoft network server: Digitally sign communications (if client
> agrees) Disabled
> Network security: LAN Manager authentication level
> LM & NTLM
> responses
> Network security: Minimum session security for NTLM SSP based
> (including secure RPC) clients No minimum
> Network security: Minimum session security for NTLM SSP based
> (including secure RPC) servers No minimum
>
> In both the Domain Controller Security Policies and the Default Domain
> Security Policies: All items corresponding to the above Local Policies
> are set to "Not Defined'.
> Except for the LAN Manager authentication level, I have tried making
> these to "Disabled" on the domain policies, with no success.
>
> Are there any other settings that I should try?
>
> Tim
>
Similar Threads
Linear Mode
