none
Windows NT4 machines unable to logon against 2008 DCs RRS feed

  • Question

  • Hi Will, i've got the same exact problem.
    Windows NT4 machines unable to logon against 2008 DCs. KB 942564 already applied.
    The logon against 2003 DCs works well.
    Have you got any news about it?

    That's what i can capture with Network Monitor:

    5 7257.158305 lsass.exe {LDAP:1131, UDP:1130, IPv4:348} 192.168.1.162 AD2B1  LDAP LDAP:(CLDAP)Search Request, MessageID: 5, BaseObject: NULL, SearchScope: base Object, SearchAlias: neverDerefAliases
    6 7257.158305 lsass.exe {LDAP:1131, UDP:1130, IPv4:348} AD2B1  192.168.1.162 NetLogon NetLogon:LogonSAMLogonResponseEX (SAM Response to SAM logon request): 23 (0x17)
    7 7257.314306  {SMB:1134, NbtSS:1133, TCP:349, IPv4:348} 192.168.1.162 AD2B1  SMB SMB:C; Nt Create Andx, FileName = \lsarpc
    8 7257.314306  {SMB:1134, NbtSS:1133, TCP:349, IPv4:348} AD2B1  192.168.1.162 SMB SMB:R; Nt Create Andx - NT Status: System - Error, Code = (34) STATUS_ACCESS_DENIED
    9 7257.329906  {SMB:1135, NbtSS:1133, TCP:349, IPv4:348} 192.168.1.162 AD2B1  SMB SMB:C; Nt Create Andx, FileName = \NETLOGON
    10 7257.329906  {SMB:1135, NbtSS:1133, TCP:349, IPv4:348} AD2B1  192.168.1.162 SMB SMB:R; Nt Create Andx - NT Status: System - Error, Code = (34) STATUS_ACCESS_DENIED
    11 7257.517106  {TCP:349, IPv4:348} 192.168.1.162 AD2B1  TCP TCP:Flags=...A...., SrcPort=1026, DstPort=NETBIOS Session Service(139), PayloadLen=0, Seq=65184, Ack=905449274, Win=8219

    I Haven't any error in netlogon debug log.

    Thanks in advance,
    Marco Lelli
    • Split by Chris Mullaney Tuesday, October 14, 2008 10:50 PM new question, requires separate investigation
    Thursday, October 9, 2008 2:23 PM

Answers

  • Good morning Marco - please let me know if the hotfix did not solve your issue! If I don't hear from you by Tuesday Nov 4, I will assume it did.

    It has been a pleasure serving you.

    Regards,
    Bill Wesse


    Escalation Engineer
    • Marked as answer by Chris Mullaney Thursday, November 6, 2008 9:57 PM
    Friday, October 31, 2008 2:07 PM

All replies

  • Good morning Marco. Bill Wesse here (standing in for Will Greg). I will be your contact for the issue you raised, where Windows NT4 is unable to logon to a Windows 2008 domain controller.

    There is a known problem with NT4 to 2008 authentication, where SmbSessionSetup (no extended security)  fails with NT_STATUS_INVALID_PARAM. We expect to have a (2008) hotfix for this sometime next week.

    Event though this does not match up well with the network trace extract you provided, testing the pending hotfix should be worthwhile.

    Could you send a piece of email to me at billwe@microsoft.com? I will be able to provide info on how to obtain a test version of the 2008 hotfix for you once I have that. Please put 'SRX081017600026' somewhere in the email title, and if possible, attach a copy of the network trace. Additionally, if you are one of our protocol customers, we need to know that; how we handle your case internally is somewhat dependant on that.


    Regards,
    Bill Wesse


    Escalation Engineer
    Friday, October 17, 2008 9:34 AM
  •  
    Good morning Marco - The hot fix for your issue has been packaged and placed on an HTTP site for you to download.

    WARNING: This fix is not publicly available through the Microsoft website as it has not gone through full Microsoft regression testing.  If you would like confirmation that this fix is designed to address your specific problem, or if you would like to confirm whether there are any special compatibility or installation issues associated with this fix, you are encouraged to speak to a Support Professional in Product Support Services.

    The package is password protected so be sure to enter the appropriate password for each package.  To ensure the right password is provided cut and paste the password from this mail.

    NOTE: Passwords expire every 7 days so download the package within that period to insure you can extract the files.  If you receive two passwords it means you are receiving the fix during a password change cycle.  Use the second password if you download after the indicated password change date.

    Package:
    -----------------------------------------------------------
    KB Article Number(s): 957441
    Language: All (Global)
    Platform: ia64
    Location: (http://hotfixv4.microsoft.com/Windows%20Vista/sp2/Fix240171/6000/free/362583_intl_ia64_zip.exe)
    Password: 4t-AagZf*%
    -----------------------------------------------------------
    KB Article Number(s): 957441
    Language: All (Global)
    Platform: x64
    Location: (http://hotfixv4.microsoft.com/Windows%20Vista/sp2/Fix240171/6000/free/362584_intl_x64_zip.exe)
    Password: UYv0r$HqcO
    -----------------------------------------------------------
    KB Article Number(s): 957441
    Language: All (Global)
    Platform: i386
    Location: (http://hotfixv4.microsoft.com/Windows%20Vista/sp2/Fix240171/6000/free/362582_intl_i386_zip.exe)
    Password: k$_Kg4R

    NOTE: Be sure to include all text between '(' and  ')' when navigating to this hot fix location!

    Thanks!
    Bill Wesse


    Escalation Engineer
    Monday, October 27, 2008 7:27 AM
  • Good morning Marco - please let me know if the hotfix did not solve your issue! If I don't hear from you by Tuesday Nov 4, I will assume it did.

    It has been a pleasure serving you.

    Regards,
    Bill Wesse


    Escalation Engineer
    • Marked as answer by Chris Mullaney Thursday, November 6, 2008 9:57 PM
    Friday, October 31, 2008 2:07 PM