Restrict Anonymous Prevents Discovery of Windows NT 4.0 Domain (260870)
The information in this article applies to:
- Microsoft Metadirectory Services 2.1
- Microsoft Metadirectory Services 2.2
This article was previously published under Q260870 SYMPTOMS
When the Discovery of a Microsoft Windows NT domain is performed, it may not work. Also, the operator's log may contain the following error messages:
Failed to list users for domain domain name
Error: Logon failure: unknown user name or bad password.
Failed to enumerate groups for domain domain name.
Error: Logon failure: unknown user name or bad password.
Discovered 0 groups
Failed to list local groups for domain domain name.
Error: Access is denied.
CAUSE
This issue can occur if the primary domain controller (PDC) of the target Windows NT 4.0 domain has the RestrictAnonymous registry parameter enabled, and the MMS service is running in the context of the local system account.
RESOLUTION
To resolve this issue if in the same domain or a domain trusted by the Windows NT 4.0 domain, start the service by using an account that is a member of the administrators group in the domain, or run the Viaserver process as a console program from the command line while you are logged on as a member of the administrators group.
To work around this issue in the event that the MMS server is not a member of the Windows NT 4.0 domain or a trusted domain, log on to the computer that is running MMS by using a parallel local or domain account that uses the same user name and password as an account in the administrators group on the Windows NT 4.0 domain and start the Viaserver process as a console program from the command line.
| Modification Type: | Major | Last Reviewed: | 10/3/2003 |
|---|
| Keywords: | kberrmsg kbnetwork kbprb KB260870 |
|---|
|