Replacing Win2000 DC by Win2003 DC causes problems for Win98 workstations

[Sergey Bychkow]

Hi!

I have made the following thing:

1. Installed Win2003 server on new computer
2. Made DC on it (with new domain name)
3. Replaced logon domain name on all Win98 workstations
4. Demoted old Win2000 DC to simple server, and then join it to new domain

Now one can login into new domain from Win98 workstations (and from Win2000
too) and can use "shares" on DC and on other workstations.
But periodically some Win98 looses connection to DC and user can not use net
resources nor another users can use resources of such computer.
Reboot only helps to solve this problem but it reappears after some minutes.
Sometimes the problem appears before login and user can not login into
domain. Win98 says that no DC available at this time.

All computers use TCP/IP protocol only.
I even thought to install NetBEUI, or IPX

 

[Marina Roos]

Got WINS installed on the server?

Marina

 

[Sergey Bychkow]

Got WINS installed on the server?

Yes. It's good or bad? And how it could affect this network?

In this network there is another 2000 server, with DHCP, WINS and DialUp, in
another domain. (Two organizations share one network and one internet
connection).
Oh, may be it's good idea to remove new WINS server.

 

[Marina Roos]

Hi Sergey,

If you have W9x/ME/NT4-clients, you need WINS. Also make sure you have
options 044 and 046 (0x8) set in DHCP-server, Scope options.
Don't use Netbuie or IPX. You don't need it.
Can you give the ipconfig/all from a client?

Marina

 

[Sergey Bychkow]

If you have W9x/ME/NT4-clients, you need WINS. Also make sure you have
options 044 and 046 (0x8) set in DHCP-server, Scope options.
Don't use Netbuie or IPX. You don't need it.

Only if Your recomendations didn't help

Can you give the ipconfig/all from a client?

Oh! I've thought, that Win98 has only winipcfg
Here it is (config of host1 of DOM2 domain):

IP Settings for Windows 98

Host: . . . . . . . . . : host1.dom1.local //this is because the only DHCP
in network is DC of DOM1
DNS . . . . . . . . . . . . : 10.0.0.1 //this is DC of DOM1
Node type . . . . . . . . . . . . . : Hybrid
Scope NetBIOS ID . . . . . . :

0 Ethernet: Card :

Desc. . . . . . . . . . . . . . : Realtek RTL8029(AS) Ethernet Adapt
Is DHCP. . . . . . . . . . . : Yes
IP- Address. . . . . . . . . . . . . . : 10.0.0.21
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway. . . . . . . . . . :
DHCP Server . . . . . . . . . . . . : 10.0.0.1
Primary WINS . . . . . . . : 10.0.0.1
Secondary WINS . . . . . . . : 10.0.0.1 //I've thied to set both addresses
to one address. It didn't help
Lease obtained-. . . . . . . . . . . : 27/11/03 21:00:03
Lease expired . . . . . . . . . . : 05/12/03 21:00:03
===
There is one server 10.0.0.1 that is DHCP, WINS, DNS (for domain dom1.local)
and RRAS to the outside
Our new server is 10.0.2.1 has DNS for domain dom2.local (another
organization in the same network)
Now I completely remove WINS from this server.
Its settings are the following:
===
Windows IP Configuration

Host Name . . . . . . . . . . . . : serv01
Primary Dns Suffix . . . . . . . : dom2.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : dom2.local
dom1.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : dom2.local
Description . . . . . . . . . . . : 3Com 3C900COMBO-based Ethernet
Adapter (G
eneric)
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.2.1
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 10.0.2.1
10.0.0.1
Primary WINS Server . . . . . . . : 10.0.0.1
===
Now I have investigated that if I reboot Win98 client, then quickly login,
then network is accessible for some period of time. But if I reboot client,
then try to use its shares without logging in locally -- it forgets about
domain immediately.
===
BTW: Maybe removing policy 'Domain member: Digitally encrypt or sign secure
channel data (always)' will help? Win2000 doesn't have that policy.
===

DialUp,

Sergey Bychkow, Miensk, Belarus

 

[Marina Roos]

Hi Sergey,

Yeah, winipcfg for W9x. I don't see a gateway in the ipsettings of that W98
though.
Do you have options 003, 006, 015, 044 and 046 (0x8) set in DHCP-server,
Scope options?
How does the server connect to the internet?

Marina

 

[Sergey Bychkow]

Yeah, winipcfg for W9x.

I were surprised when have found ipconfig on Win98 too.

I don't see a gateway in the ipsettings of that W98 though.

They (all workstations) don't need it. They work with internet only through
proxy at server.

Do you have options 003, 006, 015, 044 and 046 (0x8) set in DHCP-server,
Scope options?

As You can see in client configuration , DHCP server has no 003 option
(default router), and has all other:
006: 10.0.0.1, 10.0.0.1
015: dom1.local
044: 10.0.0.1, 10.0.0.1
046: 0x8

How does the server connect to the internet?

With leased line, BUT - it was connected so yesterday and year ago. That
server wasn't changed. Was changed server of second domain. (That has plain
network connection with first domain). And win9x clients in this domain have
problems with network.

Now I've tried to minimize default restrictions in policies about encrypted
and signed connections. Will see tomorrow, what result it will give.

Sergey Bychkow, Miensk, Belarus

 

[Marina Roos]

Hi Sergey,

If you have the clients set to obtain an IP and DNS automatically from your
DHCP-server, they would get the gateway which they definitely need.
003 should point to your router (or if you have 1 nic in your server that is
connecting to the internet, than it should point to the IP of the gateway on
that nic) (this will set the gateway on the clients)
006 should only have 1 IP

Marina

 

[Sergey Bychkow]

If you have the clients set to obtain an IP and DNS automatically from your
DHCP-server, they would get the gateway which they definitely need.
003 should point to your router (or if you have 1 nic in your server that is
connecting to the internet, than it should point to the IP of the gateway on
that nic) (this will set the gateway on the clients)
006 should only have 1 IP

Sorry, but I think that You aren't right here. The problem was resolved by
minimizing requirements for encryption and sighning for sessions (in
policy).
Policy: Require encryption and signing (always) must be turned off. In
windows 2003 server it is on by default even in local policy.