Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cannot connect to SBS 2003 server from Windows 98 workstations 1

Status
Not open for further replies.
robinnorth

robinnorth

Technical User
Dec 15, 2004
14
GB
Since I installed a VPN connection on our SBS 2003 server our Windows 98 clients can no longer connect to the domain and get the message "No domain server was available to validate your password. You may not be able to gain access to some network resources."

No problem with our XP Pro machines. It's as if I've changed a setting from mixed to native mode, but can't see where.

I've removed the VPN, but still cannot logon.

Thanks for any ideas.

Rob
 
Sort by date Sort by votes
I'm having the same issue described here. Any resolution???
 
Upvote 0 Downvote
Are you guys running WINS? I would suspect that you are not. Install the WINS server and add it to the DHCP scope of your server. Win9x clients should have a WINS server available to them while NT based OS's do not require that service.
 
Upvote 0 Downvote
WINS is added and working fine. The few Win98 systems that we have on the LAN work perfectly, but if you configure one to VPN, no go. They validate through RRAS fine but won't log onto the domain. We migrated from NT to SBS2003 last week & all XP machines are working perfectly through the VPN. I just have a few contractors left that I need to get reconnected from accross the country. One is still using Win98 & the other is on WinME. They were on our NT based VPN for a long time with no issues. Have tried all kinds of things posted on the web with no luck. Called Microsft support yesterday and worked with them for 7 hours & they have yet to solve.
 
Upvote 0 Downvote
I would have them specify the servers IP in the VPN DNS settings.

I'd also suggest that you have them install DSCLIENT.

[green][stepping up on soap box][/green]
On a final note, I'd say good riddance! Tell the contractors to pony up and get themselves a modern OS that still has security hotfixes being written for it! 98 is not secure and as such connecting it to your network represents a security risk. As professionals they should know better and should stay more current. Anything less than Windows 2000 in business just does not make sense. I would not want 98 boxes attaching to my network.
[green][/stepping down][/green]

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
Thank you for the suggestion and advice. DSClient is installed & have already tried the servers IP in DNS.

It's just one share that they must have access to. They have no rights to anything else. It is NOT a security risk if one knows how to configure security properly. For me to tell a contractor that they have to upgrade their personal system because we changed something on our end is just bad customer service & bad business!
 
Upvote 0 Downvote
I tried that too & the MSoft support engineer wrote one too and sent it over. No go.
 
Upvote 0 Downvote
It is NOT a security risk if one knows how to configure security properly.
Click to expand...

User connects to the ONE share you have given them access to. He copies confidential data to his local PC. He disconencts from the VPN. The PC is then stolen. The thief starts up the PC is prompted to login to the box. He offers his middle finger, hits escape and has total access to the users data which included YOUR data.

The security risk is there, it is beyond your control because it is a system not governed by your domain security. An administrator can minimize the risks by requiring all system that access the network to have NTFS partitions to ensure that SOME level of security exists. On 98 machines there is none!

To say you can't set rules on what connects to your system is a foolish notion. Set minimum guidlines to ensure your data remains safe.

Some common rules are:

1. Require that any PC is up to date on patches
2. Require up to date and running AV
3. Require anti-spyware software
4. Require NTFS partitions
5. Require encryption for highly classified information
6. Require home wireless networks to use a minimum of WEP







I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
What Small Business do you work for? This would not fly in the real world in our business. We have many contractors that we work very closely with & are key to our business. If their Win98/me/2000/xp system were to get stolen it would not matter much, this isn't nuclear science we're doing here. We are trying to do what is best for our clients, employees & contractors. We will take the hit & make sure that the secuity which is required is in place on our end & not put restrictions on them.

I have 20 yeas in IT working in the mainframe, AS400, Novell, DOS, Win3X, Win9x, win200x, WinXp, etc. enviroments. I know what I'm doing.

If you have anymore helpful suggestions please direct them toward a solution to the post. Thanks!
 
Upvote 0 Downvote
For me to tell a contractor that they have to upgrade their personal system because we changed something on our end is just bad customer service & bad business!
Click to expand...

I do it all the time. Whether a staff member or one of our clients I require that they follow the same rules as Mark suggested. I also insist on a HARDWARE firewall. I also don't take the users' word for it. If they want remote access to our network I make a house call and check out the computer they will be using myself.

Cheers.
 
Upvote 0 Downvote
Trust me... I hear you, but not an option. I will not go into the details here.

I have used 2000 & 2003 server RRAS (not in a SBS environment) with 98/ME VPNs in the past & they worked fine. Microsoft support says it should work & are working on it, but it appears there is a disjoint between the 2003 NOS & SBS2003 group. So that is why I tried here. If there is anyone who has 98/ME VPN clients working with SBS 2003 or has any other ideas how to resolve, let me know.
 
Upvote 0 Downvote
Thanks for backing me up on this one cmeagan656.

Kyros I've worked for both large and small enterprises and was part of the team that helped to write prescriptive architecture for small businesses. My last employer was a Microsoft Certified Partner that specialized in SBS. The docs are available for download
Every step of the way in documenting the recommendations, security was a top concern. This is a modern day requirement.

I'm not trying to bash you or make this personal, only point out that this is a real concern. If you determine that in your environment it is an exceptable risk so be it. Just don't discount that there is risk. No matter what business you work for, there is always some form of confidential information that needs to be kept safe. Whether it is information that could be used to benefit a competitor or if it is the protection of customer billing information or employee personal data. An employee or customer that experiences identity theft would also argue that it isn't rocket science, and that access to information should be as secure as is reasonably possible.

Everyone is entitled to their own opinion. I feel strongly that any professional that makes their living from their PC should ensure they have an up to date, safe and secure system to ensure that they themselves are not going to adversely affect THEIR customers. For you to require certain minimum levels of security to protect your network/data is (or should be) totally acceptable by anyone in the industry.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
Sounds like you may have turned off SMB on your DNS server. NT4.0 and don't need it, but WIN 95 & 98 do in order to connect.

Mike, The IT Guy. [morning]



Life is too short to drink warm beer....
 
Upvote 0 Downvote
Thank you Mike. We have tried with and without, but it does not make a difference. Can authenticate on RRAS but not on the domain. One thing new that has just been discovered (with MSoft support on the phone) & is really odd is that once you are authenticated via RRAS you can connect to the exchange server with outlook & send/recieve email even though not authenticated on the domain. Just can't get to those darn shares.
 
Upvote 0 Downvote
kyros,
Start on this page:
Susan has covered this somewhere and you should be able to resolve the trouble either using a link on that page or a link off that page.

I'd certainly add my voice about Windows 98 / contractors / security risks too.

Dumb question - have you tested sharing the folders to everyone to see if that resolves it. That would at least rule out some issues. Obviously it is a single share test for a few minutes whilst on the phone to a contractor. Once tested, remove the everyone group as it is even more of a security risk.
 
Upvote 0 Downvote
I had not tried that, thanks! But just tried it and it didn't work better than what I have recently discovered. The real problem here is that they don't authenticate on the domain over RRAS. However, since my last post when I discovered that you can connect to the exchange server I have found that when it responds that "no domain controller available to vaildate password if you click "ok" & not cancel you can still get to the share by mapping a network drive or using start/run. But now that has led to the next bit of wierdness. Once one pre-win2000 connects another one can't connect. But at least RRAS is giving a GRE packet warning in the event log that I can research.
 
Upvote 0 Downvote
Thanks to all that helped. Here is the solution for anyone else heading down the same path.

Since my last post it turned out there was a bigger problem with browsing and getting to shares over RRAS/VPN. It turned out there were also very intermittent issues getting to shares for 2000 & XP clients too. The Win98 & ME clients were actually more sensitive to the problem.

This post ( finally lead me to the solution. The resolution is in these 2 somewhat conflicting KB articles: 292822 & 830063. The first article will take care of all the intermittent issues & step 3 (Delete DisableNetBIOSoverTcpip registry value) in the second article will take care of most of the Win98/ME/NT connection issues.

I have since re-added the DisableNetBIOSoverTcpip registry entry back to the SBS and have thrown in a separate Win2000 server box to handle RRAS/VPN. I recommend taking this route or using another 3rd party VPN as the more permanent solution. After having done a lot of testing myself on this issue & working with Microsoft support, it is very obvious that Microsoft doesn't know how to properly integrate all their own technologies into a single box & make it ALL work right.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
266
Aquiles Vidal
Aquiles Vidal
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
314
suncit
suncit
MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
216
MaioMaio
MaioMaio
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
225
antonio_dsanchez
antonio_dsanchez
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
276
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top