Re: URGENT! Legacy clients logon and connection unstable problem
From: Rumen Yonov (supervisor_at_wss-lovech.bg)
Date: 06/02/03
- Next message: Compstorm: "Network and Dial-up Folder Permission Error"
- Previous message: Shane: "Stand Alone Root Certification Authorities"
- In reply to: Zak Humphries: "Re: URGENT! Legacy clients logon and connection unstable problem"
- Next in thread: Conrad Pfleging: "Re: URGENT! Legacy clients logon and connection unstable problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 2 Jun 2003 23:42:41 +0300
VERY UNHELPFULL AND USELESS AND LIMITED [MSFT] SUPPORT !!!
******** If you belIeve that MSFT can help and support *********
******** through these newsgroups......... *********
******** NOT A HOPE!? *********
I WAS MISUNDERSTOOD FROM ALL [MSFT] EXPERTS!!!
BUT ALMOST ALL (NOT FROM MSFT) COLLEGUES UNDERSTOOD
THE PROBLEM I DESCRIBED VERY CLOSE !?
I THINK THE CORE REASON IS THE LACK OF REAL EXPERIENCE
IN REAL WORLD SITUATIONS FOR [MSFT] SUPPORT :-(((
WHERE I CAN FIND COMPETENT [MSFT] SUPPORT WHEN
NEXT TIME I NEED IT ???
I SOLVE THE PROBLEM I HAVE, JUST READING VERY CAREFULLY
ALL DOCUMENTATION AVAILABLE FROM microsoft.com - VERY
HARD WORK FOR SMALL BUT CRITICAL PROBLEM.
THE DECISION IS: (FOR ALL COLLEGUES WHO DO NOT HAVE
UNLIMITED BUDGET TO UPGRADE ALL NETWORK TO WIN2K
AND ABOVE)
IF ALL YOU DO CERAFULLY AND FALLOW ALL THE NECESSARY
RECOMENDATIONS WHEN CREATE WIN2003 DOMAIN YOU STIIL
CAN NOT USE LEGACY CLIENTS IN YOUR DOMAIN !
NOT DC MODE NOR DHCP NOR WINS NOR ANY CORE DC SERVICE
IS A CAUSE OF PROBLEM !!!
JUST THE SECURITY INNOVATIONS OF [MSFT] IN WIN2K3 DOMAIN
ARE REASONS THAT LEGACY CLIENTS WORK UNSTABLE AND
MS-DOS CLIENTS DOES NOT LOGON AT ALL !!!
ALL YOU NEED TO DO IS TO CHANGE SEVERAL LOCAL SECURITY
POLICIES FOR THE DOMAIN AND APPROPRIATE DC:
I TRIED SOME COMBINATIONS AND THIS WORKS:
DISABLE
Domain member: Digitally encrypt or sign secure channel data (always)
DISABLE
Microsoft network client: Digitally sign communications (always)
DISABLE
Microsoft network server: Digitally sign communications (always)
SET TO "Send LM & NTLM - use NTLMv2 session security if negotiated"
Network security: LAN Manager authentication level
THAT'S ALL!
IN ADDITION IT IS NOT REQUIRED TO INSTALL DSCLIENT.EXE JUST
TO HAVE NECESSARY FOR LOGON AND SHARE DOMAIN RESORCES
ACCESS FUNCTIONALITY!
I BELIEVE THAT THERE IS BETTER WAY TO ACHIEVE THE SAME
EFFECT WITHOUT SECURITY DISADVANTAGES FOR DC ITSELF AND
NEWEST (WIN2000/XP/2003) CLIENTS.
IF YOU KNOW IT, PLEASE LET ME KNOW, TOO!
"Zak Humphries" <ZHumphries@springboardha.org.uk> wrote in message
news:#uoi$eSKDHA.2188@TK2MSFTNGP09.phx.gbl...
| Hmm.. Youve now told about 4 people they are totally incorrect, but
offered
| NO reason why.... Not very useful are you.
|
"Rumen Yonov" <supervisor@wss-lovech.bg> wrote in message
news:#aB1uVJKDHA.2232@TK2MSFTNGP11.phx.gbl...
> According (NT4domtoad.doc)
> Migrating Windows NT Server 4.0 Domains to Windows Server 2003 Active
> Directory
> Page 21:
> "
> Raising Domain Functional Levels
> Domains can operate at three functional levels: Windows 2000 mixed, the
> default setting (which includes domain controllers running Windows 2000,
> Windows NT Server 4.0, and Windows Server 2003), Windows 2000 native
> (which includes domain controllers running Windows 2000 and
> Windows Server 2003), and Windows Server 2003 (which only includes
> domain controllers running Windows Server 2003).
>
> "
> I have 2 years experience with Windows 2000 domain in NATIVE mode,
> and there are NO eny problems with MS-DOS and Windows 9X machines!
>
> Please answer in essence!
>
"Wajihy [MSFT]" <wajihy@online.microsoft.com> wrote in message
news:OusNZKJKDHA.1024@TK2MSFTNGP10.phx.gbl...
| this is the problem , if you have machines in the network running win9x
you
| need to have a mixed mode domain not a native ( windows 2003 level)
| you have 2 options:
| either upgrade all the 9x clients to windows 2000 and higher
| or rebuild the domain as a mixed mode domain ( once you installed the
domain
| as native you can not go back , sorry
"Sam Salhi [MSFT]" <samers@online.microsoft.com> wrote in message
news:ezWq$RSKDHA.2148@TK2MSFTNGP12.phx.gbl...
| What are you talking about? Cross forest trust (the new cross forest trust
| and other WS2K3 domain/forest features) Will not work for Win9x & NT4,
| please check the help before posting
| --
| ===========================================================
| This posting is provided "AS IS" with no warranties and confers no rights
| ===========================================================
|
| Ya, I'm going to jump on with Conrad here. Let's take a new direction.....
| Some clarification on earlier-mentioned posts: domain functionality level
is
| a function of your DC's and their OS's, not the clients. I can point
| everyone to some documentation if everyone is interested in that.
|
| Back to the issue in question......
| This smells of a WINS issue. Can you give us some information about how
| WINS is set up in your environment?
|
| Thanks!
|
| ~Eric
|| --
| Eric Fleischman [MSFT]
| Directory Services
| This posting is provided "AS IS" with no warranties, and confers no rights
| "Conrad Pfleging" <cj@NOSPAMpflpfarm.com> wrote in message
| news:O6M33iJKDHA.2052@TK2MSFTNGP11.phx.gbl...
| All those distinctions between native and mixed are nice, but what I think
| the poster is trying to say is that he's talking about clients, not DC's.
| A native mode domain can have pre win2k clients. It just can't have pre
| Win2K domain controllers. Native v. Mixed is really not relevant to the
| clients.
| My domain is native mode, and I have several Win 98SE clients with no
| problems.
|
I know absolutely nothing about SQL so I really can't help him, but I
| think
| you all are misunderstanding his situation and letting the native/mixed
| thing lead you in the wrong direction.
|
> "Rumen Yonov" <supervisor@wss-lovech.bg> wrote in message
> news:OPbh7gIKDHA.1216@TK2MSFTNGP11.phx.gbl...
> <<<PLEASE REPLY TO SENDER'S ADDRESS>>>
>
> Hi,
>
> I just migrated from Windows 2000 Server PDC to Windows 2003 Server
> (Enterprise)
> I build the domain from scratch - i.e. enter computer & user accounts
> manualy.
>
> It works in Windows 2003 Server functional level - the upper one.
>
> I found several disadvantages with shared folders -
> I think because of new domain identity (in spite of the same
> NetBIOS name)
> and new accounts identities (in spite of the same NetBIOS names)
> it is impossible to use previous shared permissions -
> I ReCreated them again on every mashine :-(((
>
> I read that it is a must to install DSCLIENT.EXE on every legacy client
> machine to make possible to logon on to domain.
> OK - it was done!
>
> The MAIN PROBLEM is:
> Windows 9x clients do NOT enter domain every time - sometime enter
> but sometime do not (then in logon dialod box do not appear domain
> name)!?
> When I restart the machine - generally logon screen apperars with domain
> name.
>
> BUT THEN FOLLOWS MOST CONFUSE situation:
> Most of applications when try to make trusted (Windows authenticated)
> connection to an SQL Server 2000 (SP3) - installed on the same PDC,
> DO NOT succeed to open connections - BUT It is NOT permanent situation -
> sometimes the can, sometimes - do not :-(((
>
> I found that several minutes after the client machine starts I can
> browse it from the PDC, if and if only if user can logon the domain!?
> But when all looks OK, after several minutes and several successful
> connections, client application is constantly refused from future
> connections
> and the only way to get access again to shared resources (SQL Server is
> only one of problems) on the network -
> looks like it is not still in the domain!? The machine remains
> unaccessable from PDC, too - when try to access asks for
> password for \\HOST\IPC$ !?
>
> Please help me to solve this problem with legacy clients in the
> Windows 2003 Server domain. Are there any special features with
> WINS, DNS and other services configuration?
>
> May help to say that LAN is 10MB/s Ethernet BUS topology
>
> Thank you in advance for cooperation,
> Rumen Yonov
>
> PS: Please include some directions for MS-DOS 6.2 cleints - I have :-(((
>
- Next message: Compstorm: "Network and Dial-up Folder Permission Error"
- Previous message: Shane: "Stand Alone Root Certification Authorities"
- In reply to: Zak Humphries: "Re: URGENT! Legacy clients logon and connection unstable problem"
- Next in thread: Conrad Pfleging: "Re: URGENT! Legacy clients logon and connection unstable problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
