Logon from W95 again

Discussion in 'Active Directory' started by Elton Pimentel, Mar 29, 2005.

  1. I wrote :
    Hi Elton,

    Probably an NTLM 2 authentication level issue. See the following:

    If not, have a look at this link:

    Todd J Heron, MCSE
    Windows Server 2003/2000/NT; CCA
    This posting is provided "as is" with no warranties and confers no rights

    I have done all the steps but still have a problem.
    I have turned on the auditing security options and have the following events
    on my security log :

    Date: 3/29/2005
    Time: 9:10:10 AM
    Type: Success A
    User: GMAG\tstad2003
    Source: Security
    Category: Account Logon
    Computer: MAGTST232
    Event ID: 680

    Logon account: TSTAD2003
    Source Workstation: \\MIC-320
    Error Code: 0x0

    Date: 3/29/2005
    Time: 9:10:10 AM
    Type: Failure Aud
    Source: Security
    Category: Logon/Logoff
    Computer: MAGTST232
    Event ID: 533
    Logon Failure:
    Reason: User not allowed to logon at this computer
    User Name: TSTAD2003
    Logon Type: 3
    Logon Process: NtLmSsp
    Authentication Package: NTLM
    Workstation Name: \\MIC-320
    Caller User Name: -
    Caller Domain: -
    Caller Logon ID: -
    Caller Process ID: -
    Transited Services: -
    Source Network Address:
    Source Port: 0

    Does anybody have a clue ?

    Elton Pimentel.
    Elton Pimentel, Mar 29, 2005
    1. Advertisements

  2. That error looks like a workstation restriction. Look at the properties of
    the user account that is attempting to log on, and make sure that the "Log
    on to..." section of the Account tab is not restricting them from logging
    onto that particular workstation.
    Laura E. Hunter \(MVP\), Mar 29, 2005
    1. Advertisements

  3. I have already checked this option and this user is allowed to log on all
    Thanks anyway.
    Elton Pimentel, Mar 29, 2005
  4. The user has a valid password.
    Thanks anyway.

    Elton Pimentel, Mar 29, 2005
  5. Elton Pimentel

    Al Mulnick Guest

    What have you done so far to allow W95 into your environment?
    Can you restate the original problem? I believe it was that a domain user
    could NOT login to the W95 workstation but that a domain admin member could.

    Is that correct?
    Al Mulnick, Mar 29, 2005
  6. Dear Al Mulnick,

    I have already applied the following suggestions:

    Probably an NTLM 2 authentication level issue. See the following: You are 100% correct. A user who is memeber of domain admins can logon, but
    a user that is only member of Domain Users can not. The error messages on the
    server (security log) are :
    Elton Pimentel, Mar 30, 2005
  7. Elton Pimentel

    Al Mulnick Guest

    So at this point, you've disabled SMB signing and installed the DSClient
    (which version exactly??)

    You're getting an error that says that you are not allowed to logon to the

    Does that popup to the user during the logon sequence?

    Can you recreate the problem on other W95 workstations with different user
    accounts? Is it consistent?

    Al Mulnick, Mar 31, 2005
  8. Dear Al Mulnick,

    We are using version 5.0.2920.5 of DSClient.
    The error is telling me that I am not allowed to log on from this workstation.
    The popup appears during the logon sequence.
    The problem is consistent. It happens to any users that are not members of
    Domain Admins. I have tryed to login on different machines, but the error
    still the same.

    I am really puzzeld on this one.

    Any help at this stage will be very usefull indeed as I am starting to get
    If I get no solution to this problem I will advice nobodyelse to migrate to
    Windows 2003 environment in case they have Windows 9.x

    Thanks in advance,

    Elton Pimentel.
    Elton Pimentel, Mar 31, 2005
  9. Elton Pimentel

    Al Mulnick Guest

    Well, as a final effort a couple of things come to mind to check:

    Config.pol for the 95 workstations would be a good thing to check, just to
    make sure there is no policy that says that network users can't logon
    You may also want to check that there is no ipsec filter being applied or
    anything funny like that.
    You may want to get a network trace and see if anything obvious comes up.
    Make sure you have the proper groups (such as pre-windows2000 authenticated
    access etc) configured.

    By chance were you managing these 95 clients with group policy in the past
    similar to this? http://support.microsoft.com/kb/197986/EN-US/

    Al Mulnick, Apr 1, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.