the domain password you supplied is not correct ...

M

Martin

Really weird problem...

Up until a week ago (looks like before we installed a gig
nic onto our w2k/sp3 domain controller) windows 98
clients did not have a problem logging on.

now, from time to time, they are getting the error
"the domain password you supplied is not correct, or
access to your logon server has been denied."

doesn't matter if the user is an admin or not

usually happens in the morning, but then again that's the
time when everybody tries to log on and nobody logs off
during the day

i have tested with a window s98 machine and it may happen
if i leave the machine idle for some time (20 min ???)

two DC, w2k/sp3 in the main site and another DC in
another site. the one with the gig card holds all the
roles but it is not a GC
 
S

Shilpa Sinha [MSFT]

Hi

Maybe this will help:

In this case we needed to remove the following registry key under LSA:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\NoLmHash]
NOTE: NoLMHash is a key not a value
Reboot the DCs.
Change the user passwords on the server and let replication proceed.

The following KB has details on the problem:
299656 How to Prevent Windows from Storing a LAN Manager Hash of Your
Password
http://support.microsoft.com/?id=299656

NOTE: The registry value is a bit different in Windows XP and Windows 2003.
Refer to KB299656 for details.

It is also a good idea to install the latest DS client from KB323466 so as
to have a new version of the vredir.vxd file:
272594 Problems Logging On to a Windows 2000-Based Server
http://support.microsoft.com/?id=272594

ALTERNATE SOLUTION
=======================
If you do not want to remove NoLMHash for the sake of security, the
following client-side fix can be implemented:

1. Install the Directory Service client - 323466 hotfix has the latest
version.
2. Add the following registry key on the Windows 98 clients to force them
to use NTLMv2:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa (you may need to
create the Lsa key)
Value Name: LMCompatibility
Data Type: REG_DWORD
Value: 3

You may prefer to do this since storing the LMHash could be a security
issue.

Let me know if this helped.


Shilpa Sinha
This posting is provided "AS IS" with no warranties, and confers no rights.
 
G

Guest

Thank you Shilpa for your reply

I have checked our servers, we don't have that key,
NoLMHash, anywhere (something we may need to think about,
eh? :)

I have already configured one windows 98 machine with the
LMCompatibility registry value so I will wait a few days
to see if this helps

I didn't install the latest DSClient though, seems to be
working with the one I downloaded two months ago

Cheers
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

The domain password you supplied is not correct,or access to your logon server h 7
[Long] Clearing GC check box caused child domain to be deleted! 5
2K/NT trust relationship failed on the domain 4
Configuration information could not be read from the domain controller 3
Domain not available 1
isolated DC fails to work 5
XP can not browse the network: "You might not have permission ..." 1
Slow Logon if old server is offline 1

Top