win9x machines unable to login to win2000 domain

[juniorsamples]

Please help...When I attempt to login to the domain of a 2000 server via a win9x pc, I receive the error domain unable to validate password. I can login fine on a 2000 desktop, just win9x pc's giving me this problem. I have reinstalled win9x, ip stacks. I can ping the network, just can't login to the domain. If I hit cancel, I am able to login to the desktop and have access to the NT network drives, I am just not logging into the domain. The NIC cards are using 10/100 on the win9x machines. Can anybody help???

Thanks!

 

[TechMerlin]

When pinging the domain controller can you ping it by name..?? and what version of Win98 are you using..??

Mark Morton, MCSA, MCP, SNA, CCA

 

[xevious2k]

I recently went through the same thing with one of my clients. The only way that we solved the problem was to do a complete reinstall of windows 98 from scratch.

 

[juniorsamples]

I did reinstall win98 SE and that did not help.

 

[juniorsamples]

Yes, I can ping the domain with no timeouts. Could it be the mode on which the server itself is set to? Like Max mode?

 

[quell]

Did you install dsclient.exe on the 98 pc? This needs to be installed to allow communication between a windoes 98 pc's and AD.
You may also need to check and see if WINS is installed on a server.
Here is a link for dsclient

http://www.its.caltech.edu/win/ad9x.html

 

[juniorsamples]

I installed dsclient.exe from the server disk and did the manual config of the registry as suggested, but still having the same problem. Win9x machin cannot login to the 2000 domain, only 2000 clients can login. This seems to be a wide problem with others as I have read in these chat forums. Any more help would be GREATLY appreciated!

 

[quell]

TechMerlin mentioned before about ping. Can you ping the servers from the 98 pc by server name and by server IP address?
Also there is a more up to date version of dsclient out. You can try installing that.
Also is there a WINS server on the network?

 

[karlisi]

To use Win9x in Win2000 AD you dont need AD client on Win9x boxes.
Check these on Win9x clients:
1)connectivity to DC (ping) - both by IP and by netbios name, if you have more than one DC, test connectivity to PDC emulator;
2)Client for MS networks installed and configured to logon in domain and correct domain name (netbios name, not FQDN);
3)Client for MS networks as primary logon in Network properties;
4)netbios over TCP/IP enabled (in TCP/IP Properties WINS page);
If all this is OK, you should see MS Network logon screen after you start Win9x with your domain name in 'Domain name' field.
And dont disable annonymous access on DC because Win9x connects to DC as annonymous before user authentication.

===
Karlis
ECDL; MCP

 

[ricpinto]

This was posted before,hope will help
-------------------------------------------


Adding Win 98 Clients to the domain


Win 98 clients need ‘Microsoft client for networks’ installing to join/logon to a domain
To see if you have it installed

Start> Settings >Control Panel
Double click ‘Network’
You should now see your network adaptor (NIC or modem)
If ‘Client for Microsoft Networks’ is not listed add it as follows
Click Add
Select Client and click Add
Select Microsoft (on the left)
Select ‘Client for Microsoft Networks (on the right)
You may be asked to insert the Windows 98 CD, do so.

Ensure the Primary network logon is set to ‘client for Microsoft networks’
Than double click ‘‘client for Microsoft networks’ in the list above.
In the Logon Validation section tick ‘Logon to Windows NT Domain’
Type the domain name in the Box (don’t need the extension i.e. mysite.co.uk would be MYSITE)
In the Network logon options section ensure ‘logon and restore network connections’ is ticked.
Click OK and ensure ‘Client for Microsoft Networks’ is still the primary network logon.
Double click TCP/IP and ensure you have a valid IP address or its set to ‘Obtain an IP address automatically’
If you have a WINS server enter its details on the WINS tab (Make sure you click add)
If you have a Default Gateway enter its details on the Gateway tab (Make sure you click add)
Click the DNS tab, (THIS is where most mistakes occur!!) Tick ‘Enable DNS’
In the host box type ‘YOURCOMPUTERNAME’
In the Domain box put the domain name (i.e. oursite.org.uk)
If you have a lot of domain namespaces (i.e. north.oursite.org.uk south.oursite.org.uk etc) you can put them in the search order (Main site at the TOP!)
Click OK

Now you need to set up the Network Identification

Start> Settings >Control Panel
Double click ‘Network’
Select the Identification tab
Enter or check the ‘computer name’ is THE SAME as he one on the DNS ‘host’ above
In the workgroup box type the domain name in the Box (don’t need the extension i.e. mysite.co.uk would be MYSITE)
Computer description (i.e. my desktop PC)

Reboot the machine! ! !

You should now be able to logon to the domain
**********
Policies

To lock down the Win98 PC 9which has little or no security you can specify that unless its authenticated to the domain you cant login there are two methods of doing this

Method one
Open your registry and go to the following key:
HKEY_LOCAL_MACHINE\Network\Logon
Create a new DWORD value, or modify the existing value called "MustBeValidated" and set it to equal "1" to require successful authentication.
Restart Windows for the change to take effect.
When the PC has rebooted if the user dosnt enter a correct password for the domain they will see this warning

“The Network could not validate your username. You cannot use windows unless your username, is validated by the network. Make sure you typed everything correctly or contact you administrator”


**********

Method Two

On the Windows 98 setup CD look for the following file.
D:\tools\reskit\netadmin\poledit\poledit.exe (where d:\is your CD drive)
Click Options >Policy Templates
If the Windows.adm template is not listed add it in,
Click File >New Policy
Double click “default computer”
Drill down to Win98 Network >Logon
Tick ‘require validation from the network to logon’
Collapse the tree you are working in and expand ‘update’
Tick the ‘remote update’ box ENSURE the update mode is set to ‘automatic’
Collapse the tree
Click File >Save As.. And save as ‘config.pol’
Copy config.pol to the following location on your domain controller
%systemroot%\system32\repl\scripts\export

 

[Seumas13]

OK, these are simple things, and I'm sure you've already confirmed them, but...

1) Do the Username and Password on the PC EXACTLY match the the user profile in AD? (JSmit vs JSmith)

2) Remember that Win2K passwords are CaSe SeNsItIvE.

3) I've found that if the user profile on the Server has no password, then we can't logon from a Win9X box.

4) Is the Domain Name setup as a Domain or a Workgroup in your Win9X client?

5) Does the Domain Name EXACTLY match the AD Domain Name on the Server?

Like I said, I'm sure you've checked these things, but sometimes basics are so basic that you forget them and it's helpful to have a reminder.

Good Luck!

Seumas.

 

[dhaywood]

I don't know if you managed to sort your problem out or not but I have the same situation with my last few 98 machines to our 2K server.

One thing I have noticed is that immediately after a new instal without windows updates there are no problems. After you complete all the windows updates the login process becomes very tempremental. I'm sure it's just one of the update that causes the problem. We update all our machines one weekend a month and after one of these ALL our 98 machines developed the problem.

I plan on re-installing a machine and then applying the updates one at a time to try and fid the culprit. I'll post on here whn I find it.

Hope this helps

Duncan