I'm attempting to get Windows (XP+) clients to talk to an NT4 server. All machines are joined to an active directory domain. Domain logins work everywhere and authentication works between all machines EXCEPT from clients to the lone NT4 machine.
When attempting to connect (start -> run -> \\nt4machine), the client receives an error "The account is not authorized to log in from this station." When connecting via IP address it does work, but is not desirable.
Local policies have been set on a test client to try to resolve the issue:
- Microsoft network client: Digitally sign communications (always) - Disabled
- Network security: LAN Manager authentication level - Send LM & NTLM responses
- Network security: Minimum session security for NTLM SSP based clients - No minimum
I've done packet captures between the machines (via Wireshark) and the client stops after sending acknowledgement of the server's negotiate protocol response. Of note, the server responds with security mode 0x07 (signatures supported, not required) and extended security exchange comes back as not supported in the capabilities section of the response (I do not believe it is required though).
I also need access to the machine via named pipes. Symptoms are similar here (authorization fails via machine name, works via IP).
Looking up the NT4 machine address by netbios and DNS are both working. Also the NT4 machine is able to access shares on the Win7 machine.
Unfortunately replacing the NT4 machine isn't in the cards in the near future due to the function the machine serves (interfaces with proprietary machinery via hardware/software, all of which would have to be replaced). Does anyone know how I can make it more NT4 more appealing to my Win7 clients?
0 Answers