Windows 98 users unable to log on after I installed AD on my PDC
I recently migrated two NT4 servers to Windows 2000 Advanced Servers. One server was a primary domain controller (PDC), Server 1, and the other was a backup domain controller (BDC), Server 2. The migration of the servers occurred simultaneously. Active Directory, however, was installed on the PDC first. That installation went smoothly, and my Windows 98 clients could see the server fine and access the resources available.
However, after I installed Active Directory on Server 2 (I made it an additional domain controller in a new forest in a single domain), my Windows 98 clients are now unable to log in. My Windows 2000 clients can log in and access resources, but the authentication takes longer than I believe it should.
Here are is how I think I should proceed:
- Install the Active Directory support for Windows 9x clients from the 2000 Server CD-ROM.
- Enable NetBIOS over TCP/IP on the 98 clients.
I'm going to try the above ASAP, but is there anything else I need to consider?
It is a little unclear from your question whether you upgraded the PDC or reinstalled the PDC. If you reinstalled the PDC, you have created a whole new domain and it would be a miracle that anyone could log in. So, let's assume you upgraded the PDC. It is irrelevant what you did to the second machine as long as you made it part of the existing domain that you created using the PDC. More likely than not, the problem is a name resolution issue. One thing that you should check is that the Active Directory fully qualified domain name (FQDN) and the servers' FQDN match. Often during NT4 to Win2k PDC upgrades, this is a missed step. If you right click on My Computer, click Properties and click the Network Identification tab, you should be able to see your PDC and BDC's server names, which should look like "servername.domainname." For example, if my server was called MyPDC and my domain is MyCompany.com, it should be: MyPDC.MyCompany.com. Now, if during the upgrade you decided to call the domain OurCompany.com then the domain would be called OurCompany.com, but the server would have a name of MyPDC.MyCompany.com unless you changed it before
you upgraded, which would lead to all sorts of name resolution and authentication problems. Now, if your domain and server FQDNs are properly configured, here is some other things to check:
- Use NETDIAG.EXE from the Windows 2000 CD support tools. This tool will check the network connectivity, DNS configuration, etc., for the domain controller that you run it on. Run it on both of the DCs. Resolve and errors. The Windows XP and Windows 2000 machines will be using DNS to locate the Windows 2000 servers and AD services.
- Check your WINS configuration on the DCs and the clients. Make sure that they are all using the same WINS server(s). Also, check the WINS database that it has the appropriate records and is not corrupt. The Win9x machines will be using the WINS database to locate the servers and AD services.
This was first published in December 2002