Error Message When Windows 95 or Windows NT 4.0 Client Logs On to Windows Server 2003 Domain

By default, security settings on domain controllers that run Windows Server 2003 are configured to help prevent domain controller communications from being intercepted or tampered with by malicious users. For users to successfully negotiate communications with a domain controller that runs Windows Server 2003, these default security settings require that client computers use both server message block (SMB) signing and encryption or signing of secure channel traffic. Clients that run Windows NT 4.0 with SP2 or earlier installed and clients that run Windows 95 do not have SMB packet signing enabled and cannot authenticate to a Windows Server 2003 domain controller.

 

WORKAROUND

Although Microsoft does not recommend it, you can prevent SMB signing from being required on all domain controllers that run Windows Server 2003 in a domain.

 

To configure this security setting, follow these steps:

 

1. Open the Default Domain Controllers Policy.
2. Open the Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options folder.
3. Locate the Microsoft network server: Digitally sign communications (always) policy setting, and then click Disabled or Do Not Configure.

To learn more, click this link: