98 losing connection with w2k dc 2

[quell]

Hi,
I have 2 problems. 1. I have a few 98 machines on my network. After lunch the machines lose connection with the dc. (can not access shared dir's etc..) People then reboot the machine and then try to log back in but find out their account is locked out. I have went through the DNS settings on the dc to make sure the name matches the assigned static IP. WINS is enabled on the dc servers and the correct settings are on the pc's for dns and wins. I have also tried to remove the 98 pc's from the domain, rebooted and readded them with the same results. I also made sure their pc name is in the AD. problem 2. A few weeks back I changed the bad logon attempts to 3 in the ad. This was locking the 98 pcs out with only one attempt. So I changed it to 5...same result. So I changed it again to no limit and same thing. Is there a registry setting or something that 98 makes to do this? How can I change it.
Please help

 

[quell]

ugh...installed the dsclient on the 98 pc's last week and installed all hotfixs..same problem. I've had to change the lockout time to 1 min so they won't bother me as much but its still happening. I've given everyone a static ip, went through dns settings, went through wins settings and made sure ip matches name, scavege both databases, installed he latest hotfixs, installed the lastest dsclient, deleted pc from domain rebooted then readded them, made sure correct settings were in AD, set it so that pc's won't go into sleep mode. I'm out of ideas.

 

[EntilzaSte]

Okay then, Youve probably already answered these questions or thought these thoughts but....

Are you in native mode? If not then why not add a windows nt bdc onto the network. This at least would allow the 98/95 machines to authenticate at something they know.

Also you could try to put an entry into the hosts table of each machine of "domain name ip address of bdc".

This may or may not help BUT it cant hurt.

Also if you are now in a static address mode, install wins on the bdc, point the pc's at that machine for name resolution and manually keep it upto date, until your last 9x machine dies.

Failing all this, go to your MD and ask for some new machines......

Ste

 

[zoeythecat]

Quell,

A suggestion would be to go back to the DHCP server and set your clients up to get an IP Address from the DHCP server. There is probably something not set right on the DHCP server to pull in Windows98 clients. Let DHCP do the work for you. Much easier than going around to each worksation and inputting a static IP (How many 98 workstations do you have?).

On the DHCP Server check this:

* I will assume your DHCP Server is authorized and handing out IP addresses to your other clients and this is just a problem for your Windows98 clients?
(1) Make sure you have the option "Enable updates for DNS Clients that do not support dynamic updates" checked. This is for non-windows2000 clients
(2) Make sure you have your DNS (OPTION 015) setup and configured properly in DHCP (Via Properties of DNS). This needs to be setup as Dynamic DNS (DDNS). Check the DNS tab and have When your Windows98 clients connect via DHCP they will hit that DNS entry which will connect them to domain resources. If this is not setup correctly they will not be able to connect. So have the following checked:
* Automatically update DHCP client information in DNS
* Always UPDATE DNS
* Discard forward (Name -to-address) lookups when lease expires
* Enable updates for DNS cients that do not support dynamic update (This is the most important check as this is for non-2000 clients as I noted in step1)
(3) Make sure your Wins is setup correctly in DHCP. You need the options 044 and 046
(4) change back your win98 clients to obtain an IP Address from a DHCP Server.

Hope this helps

 

[quell]

Thank you zoey for your advice. I did make the changes in the dhcp server that you recommended. Although I'm not sure how to edit option 46 in the dhcp server. Its set at 0x0 All the DNS settings you mentioned were already set. The reason I gave everyone a static ip was to elimunate the possabilities of the problem. I have about 30 98 pc's on my network. I'm not sre waht native mode is. How and were do I check that?

 

[zoeythecat]

(1) I believe you want the Wins node set to 0x8 which is for hybrid mode.
(2) To verify if you are in "Mixed Mode" or "Native Mode"
* Open up "Active Directory Domains and Trusts". You see an icon labeled with the name of your domain. Right click on this and choose "Properties". From here you should be able to see what your domain is set at.

 

[quell]

ok verified that I'm in mixed mode. Should I be in Native mode?

 

[zoeythecat]

I wouldn't want to make that decision for you but just as long as you do not have anymore NT4 domain controllers to upgrade. If all your servers have been upgraded to Windows2000 then you can switch to "Native". You just have to make sure because once you are in "Native" you cannot switch back.

I'm not sure if switching to "Native Mode" will resolve this problem though.

 

[quell]

Will have to read up on whats the difference before I make that move but yes all servers are w2k.

 

[Seaspray0]

Switching to native mode will not affect operations as long as all the DC's are 2000. It will enable the ability to use features that are specific to 2000 and won't work with NT such as remote access policies and universal groups.
As for those DHCP settings, I don't recommend having the "always update DNS" checked if you have 2000 or XP clients. You will get conflicts since both will attempt to update DNS. The conflict resides in the ownership of the record in DNS.

 

[quell]

I went through my security settings and changed them to audit bad logon attemps. The account krbtgt has neumerous bad attempts. So do all others on 98 pc's. After doing a lookup on MS support this account is used for Kerberos authentication. It says to resolve this issue DL the latest service pac. I am up to date on this. These events only pop up in the morning and after lunch. Could this be a possable issue with the 98 clients authentication with AD?