Windows 98 Domain Logon

[steve]

I am setting up a network with 2K advanced server with 8 windows 98 clients,
i have added all of the machines to the Computers group in AD users and
computers and have been trying to logon to the AD Domain but it tells me
that there are no logon servers. i can ping, see it in network neighborhood
and browse it but since that doesnt work i try to use poledit to change
some settings and i try and add a user it shows all of the groups and users
on the domain...so i can access the server, and another thing, when i used
dcpromo, it didnt create the netlogon and sysvol shares

 

[Cary Shultz [A.D. MVP]]

Good morning, Steve!

Looks like you have several things going on here. Let's look at them one
'issue' at a time.

Issue 1: win9x computers do not actually create a computer account in AD.
It has been a while since I have dealt with win9x in an AD Domain (
typically the are in a workgroup ). What I usually do is join all of the
win9x clients to a workgroup that has the same name as the NetBIOS domain
name. I am not sure how you added the computer accounts to a group. Am I
overlooking / forgetting something? Side note: this probably has nothing to
do with your issues but you might want to consider installing the DSClient
extension on each of the eight win98 computers. This gives them a little
bit of 'AD-aware' functionality - such as being Site-aware. Did you also
configure the 'logon' information?

Issue 2: Do you have wins installed? Down-level clients ( aka win9x and
winnt 4.0 ) typically relay on win for name resolution. Do you have dhcp
configured to issue all of the pertinent information to the dhcp clients via
making use of the various "options" in dhcp? You might be interested in
options 003, 006, 015, 044 and 046...options 044 and 046 would be the
wins-related options.

Issue 3: What settings are you trying to change with poledit?

Issue 4: Not having a netlogon and a sysvol share could be a problem!
Please take a look at the following MSKB Article to start troubleshooting
this issue:

http://support.microsoft.com/?id=257338

I would suggest that you install the Support Tools on your DC and run both
netdiag /v and dcdiag /c /v. The Support Tools can be located on the
win2000 Server CD as well as on the win2000 Service Pack CD in the Support |
Tools folder.

Now, a little bit of information might help us to help you. At what service
pack is the advanced server running? SP3? SP4? Dumb question but I have to
ask: you installed win2000 on an ntfs partition, correct? With plenty of
hdd space? How much hdd space is available on the C:\ partition? On the
partition that holds the SYSVOL share ( typically C:\WINNT\SYSVOL\sysvol )?
on the partition that holds the NETLOGON share ( typically
C:\WINNT\SYSVOL\sysvol\<domain.com>\scripts )? What happens when you run
'net share'? You have no netlogon or sysvol shares in the output, correct?

You installed dns when you ran dcpromo or you had dns installed on the
win2000 advanced server before it was dcpromo'd? Is you server pointing to
itself in the tcp/ip configuration for the dns entry? All win2000 + clients
( win2000 Pro, win2000 Server and win xp pro ) *must* point *ONLY* to an
internal DNS that supports srv records ( win2000 dns or bind v8.2.1+ ).

Let's start here.

HTH,

Cary

 

[Steve Marcoux]

Thank you for replying to my message...

Issue 1: What I mean by grouped them is adding them into the AD but I don't
think all of the clients are in the same workgroup as the server so that
could very well be an issue. I have the same netBIOS domain as the server on
all of the clients.

Issue 2: WINS is not installed, but when I do install WINS do I add just the
server name or the server name and the NetBIOS name?

Issue 3: I wasn't trying to change any settings with poledit, I was just
saying that when I add a user to modify it shows me all of the groups and
users in the domain but I cannot logon.

The server is running SP4 with all windows updates loaded on a NTFS 5.0
partition with plenty of space, no shares at all on the computer besides c$
and admin$. Before I ran dcpromo I had the machine name and DNS domain name
added to the DNS server. The DNS config on the server has itself pointing to
itself only with no forwarders, since this network is not on the internet.

Steve

 

[Cary Shultz [A.D. MVP]]

Steve e-mailed me privately but I asked him to post it to the NG as I am
going to be tied up the next three days and might not have the time to
respond to him. Don't want to keep him hanging!

Here is my response...just so that we all are not doing the work twice!

See in-line....

Thank you for replying to my message...

Issue 1: What I mean by grouped them is adding them into the AD but I don't
think all of the clients are in the same workgroup as the server so that
could very well be an issue. I have the same netBIOS domain as the server on
all of the clients.

Still not sure how you can create a computer account object for a WIN98
computer. How did you do this?

Issue 2: WINS is not installed, but when I do install WINS do I add just the
server name or the server name and the NetBIOS name?

For WIN98 clients you might want to install WINS on the server. This will
help those clients to better find services/servers etc.

Issue 3: I wasn't trying to change any settings with poledit, I was just
saying that when I add a user to modify it shows me all of the groups and
users in the domain but I cannot logon.

Not really sure what you mean by this. Are you trying to modify a user's
attributes? Sorry, but this is confusing sentence structure. Are you
saying that you can go to the user account object's Member Of tab and it
shows you all of the groups to which it is a member? Or are you saying that
when you look in the ADUC that you can see all of the user account objects
and all of the group account objects? Or are you trying to say something
else? The not able to logon part is clear.

The server is running SP4 with all windows updates loaded on a NTFS 5.0
partition with plenty of space, no shares at all on the computer besides c$
and admin$. Before I ran dcpromo I had the machine name and DNS domain name
added to the DNS server. The DNS config on the server has itself pointing to
itself only with no forwarders, since this network is not on the internet.

So, if you do a net share there is no IPC$, no NETLOGON and no SYSVOL? Did
you follow the MSKB Article that I posted on the NG? Did you install the
Support Tools and run a dcdiag /c /v and netdiag /v? I might suggest that
you do this. You might want to post a an ipconfig /all so that we can see
what your tcp/ip configuration set up is.

What do you mean that you had the machine name and dns domain name added to
the DNS Server? Is there a separate machine that is running DNS on your
network? Or is this WIN2000 Server ( DC ) your internal DNS Server? Does
your dns name match exactly what is shown in the ADUC MMC

Also, are the appropriate services running?

 

[Steve Marcoux]

I added the win9x computer by going into ADUC and adding a
computer to the 'Computers' OU..I used poledit to show to
you that there is access to the domain, because when you
add a user to the window it pops up a box of all of the
groups and users in that domain. What i say by adding the
machine and domain name to the DNS server is that i added
all of the information, then dcpromo'd the server. This is
the only server on the network, so it will be doing
everything. All of the services are running and the
support tools came out that the AD is healthy. I read that
MSKB article and now IPC$ NETLOGON, SYSVOL, C$ and Admin$
are being shared. I havent been able to try the win9x
machines yet but i am hoping that they will finally logon

 

[Diane McCorkle]

Steve,

Win9x clients do not get Computer accounts, so you should not have them in
the Computers OU, I'm not sure what the ramifications of having them there
improperly are.

We run about 50% Win9x clients.

You should have user accounts for all your users and the Win9x machines
should have the Client for MS networks installed and set to join your
domain, they should also have "Client for MS networks" as the primary logon.

You should be running WINs on the server.. as much as I hate it, the Win9x
machines like seeing it.

In a single site the DS client is not a huge issue since your only DC is the
PDC emulator and that's the machine the Win9x clients will go to for user
authentication, however the DS client is a good idea for the site aware
issues that Cary refers to, think of the future..

In a domain with 25 sites and a DC in each, without the DS client, they will
all try and logon to the PDC emulator VS the DC in their local site. ( and
frequently fail )

These items should help you a bit..

Diane

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Diane McCorkle
Systems Administrator
ATC Associates MIS Department
781.404-1364
Fax 781.933.4954
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^


I added the win9x computer by going into ADUC and adding a
computer to the 'Computers' OU..I used poledit to show to
you that there is access to the domain, because when you
add a user to the window it pops up a box of all of the
groups and users in that domain. What i say by adding the
machine and domain name to the DNS server is that i added
all of the information, then dcpromo'd the server. This is
the only server on the network, so it will be doing
everything. All of the services are running and the
support tools came out that the AD is healthy. I read that
MSKB article and now IPC$ NETLOGON, SYSVOL, C$ and Admin$
are being shared. I havent been able to try the win9x
machines yet but i am hoping that they will finally logon