If you have Sign Comm Always enabled you will not be able to talk to that server with a downlevel client. You can disable that policy and in fact anyone running legacy clients almost always does disable that if they can't just kill all of the legacy clients in one fell swoop.
We actually have disbled that setting and "Domain Member: digitally encrypt or sign secure channel data (always)" in our domain controllers policy and it works fine that way. That would align with doing it to an OU or site GPO. joe ------------- http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Schofield Sent: Thursday, March 25, 2004 6:47 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Windows 95 clients mapping drives to Win2003 member server and GPO's I'm troubleshooting win95 clients that have to map a drive to a windows 2003 member server in AD 2003. The win95 clients login locally with an account called Generic The win95 are terminals and aren't in the domain. To get around mapping to the w2k3 member server share, we created a guest user locally on the windows 2003 server with the same credentials. We have one windows 2003 server that gives an error 31 and won't let Win95 clients map to the share. We also have win 3.1 machines mapping to this share without any issues. I understand my method of driving mapping isn't the best solution having the same id and password on an workgroup client mapping to a domain server but that is my only option(its the way the application works). I discovered in the Default Domain Policy a setting enabled called Microsoft network server: Digitally sign communications (always) Value = Enabled This was one setting of many that had to do with digital signing appears to enabled or causing issues with legacy client drive mappings and general communication to the Win2k3 servers. I'd want to create a domain level GPO to disable these settings that interfere with legacy clients communicating to the member server. Anyone have experiences with GPO settings and legacy clients and seen similiar errors like this above. Steve Schofield - MCP, CCA [EMAIL PROTECTED] Windows Server Architecture Ext - (616)-791-3773 Int - 13773 List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
