"Generic Logon" Validating Users on a Domain Fails

• Microsoft Windows NT Server version 3.5, 3.51, and 4.0

SYMPTOMS

Windows 95 allows shared network installations. This requires transitioning from a real mode to a protect mode redirector. You are logged onto the network while Windows 95 is in real mode so that the bulk of the Windows 95 can be loaded by the client. This is done without client validation on the domain. Once in protect mode, you are presented with a graphical dialog box and the standard Username, Password, and Domain name fields are available.

If the Username and Password entered for both the real mode and protect mode logon are not the same, you are not validated by the Windows NT Domain Controller. On page 110 of the Windows 95 Resource Kit, and again on page 140, it states that a "generic" logon can be used. For Windows NT Domain validation this is incorrect. The following error appears:

   Microsoft Networking:

   The Domain password you supplied is not correct or access to you logon
   server has been denied.

CAUSE

Historically, Microsoft network redirectors have cached login passwords. This functionality remains in Windows 95's real mode client. The session that is established in real mode is maintained during the transition and at that time, the Windows 95 Server Message Block (SMB) protect mode redirector is inheriting the original real mode password and does not accept the second password unless the second password is the same as the first.

STATUS

Microsoft has confirmed this to be a problem in Windows NT versions 3.5, 3.51, and 4.0. We are researching this problem and will post new information in the Microsoft Knowledge Base as it becomes available.