Q232511: Client Dialup, Authentication, Browsing Using TCPIP, IPX/SPX
Article: Q232511
Product(s): Windows for Workgroups and Windows NT Networking Issues
Version(s): WINDOWS:95; winnt:4.0
Operating System(s):
Keyword(s):
Last Modified: 12-JUL-2001
-------------------------------------------------------------------------------
The information in this article applies to:
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT Workstation version 4.0
- Microsoft Windows NT Server version 4.0
- Microsoft Routing and Remote Access Service Update for Windows NT Server version 4.0
-------------------------------------------------------------------------------
SUMMARY
=======
Win95/98/NT Dialup, Authentication, Browsing Using TCPIP, IPX/SPX, or NetBEUI
-----------------------------------------------------------------------------
This article has been written to help clarify how Windows NT clients, such as
Windows 95, Windows 98, and Windows NT Workstation/Windows NT Server are
supposed to be configured in order to successfully dial into a Windows NT
network. The functionality of the clients includes dial-up authentication,
domain authentication, gaining access to resources, and browsing.
This article can also be viewed as a Microsoft PowerPoint presentation and
Webcast at the following location:
http://support.microsoft.com/servicedesks/webcasts/wc060399/wcblurb060399.asp
This article is a text summary of the presentation and has been broken down into
the following sections:
- Review of Networking Objectives
- Review of Dial-up Components
- Software and Hardware Checklist
- Configuration of Clients and Servers (General)
- Configuration of Clients and Servers (Protocol Specific)
- NetBIOS Name Resolution - TCP/IP
- Common Error Messages
- Articles and References
Review of Networking Objectives
-------------------------------
The most common goal for dial-up networking is to be able to provide the
following:
- RAS validation
- Windows NT domain logon (running scripts)
- Gain access to network resources
- Browse network resources
It is possible that one or more of these steps work, while others do not. To
successfully achieve all of the above, look at both the client configuration and
the server configuration. But first, a review of the components involved in
Dial-up Networking (DUN).
Review of Dial-up Components
----------------------------
The following diagram displays the different DUN components and how they are
generally attached to a network.
M M
O O L
Dialup ---D--- Phone lines ---D--- Dialup ----A---- Internal network
Client E E Server N
(95/98/NT) M M (RAS/RRAS)
Software and Hardware Checklist
-------------------------------
The following should be verified to make sure you have hardware that is supported
and the latest software updates, depending on the client that you are using to
dial in with.
- Check the Hardware Compatibility List (HCL) for compatible Dial-up devices.
The HCL is available at:
http://www.microsoft.com/HWTEST/hcl/
- For RAS clients, please install the latest software.
- For Windows 95 RAS clients, install DUN 1.3. For more information about
installing Dial-up Networking 1.3 with Windows 95, please see the
following Microsoft Knowledge Base article:
Q191494 Dial-Up Networking 1.3 Upgrade Available
- For Windows 98 RAS clients, install DUN 1.3. For more information about
installing Dial-Up Networking 1.3 with Windows 98, please see the
following article in the Microsoft Knowledge Base:
Q191540 VPN Update for Windows 98 and Dial-Up Networking 1.3 Available
- For Windows NT RAS clients, install Windows NT 4.0 Service Pack 5 (SP5)
and then view the SP5 Readme.txt file. For more information about
obtaining SP5, please see the following Microsoft Knowledge Base article:
Q152734 How to Obtain the Latest Windows NT 4.0 Service Pack
- For RAS Servers, please install the latest software.
- For RAS/RRAS servers, please install Windows NT 4.0 Service Pack 5, and
then view the SP5 Readme.txt file. For more information about obtaining
SP5, please see the following Microsoft Knowledge Base article:
Q152734 How to Obtain the Latest Windows NT 4.0 Service Pack
Configuration of Clients and Servers (General)
----------------------------------------------
It is important to make sure that each client that dials into a RAS/RRAS server
is properly configured. It is also important that the RAS/RRAS servers are
properly configured. The following general configurations are recommended for
the DUN client, as well as the RAS/RRAS server. These recommendations are not
protocol specific and would apply regardless of the protocol being used for DUN.
The next few sections deal exclusively with the general configuration of these
components.
You may notice in looking at the configurations for each client that there is a
great deal of overlap. This is intentional to show that the client operating
systems are configured in much the same way as each other. The overlap could
have been taken out, but has been left in so that a checklist could be taken
straight from this article for each client during troubleshooting or
installation.
- Configuration of Clients (General)
- Windows 95 Configuration (General)
- Windows 98 Configuration (General)
- Windows NT Configuration (General)
- Configuration of Servers (General)
- RAS Server Configuration (General)
- RRAS Server Configuration (General)
Windows 95 Configuration (General):
- Hardware Profiles - Either create a no-network hardware profile or verify
that no network adapters have an IP address on the same network that you are
trying to connect to. If the client normally uses DHCP to get an IP address,
run "winipcfg" at an MS-DOS command prompt, and then click "release all" if
dialing into the same network as the DHCP server.
- Network Configuration - Verify that "Client for Microsoft Networks" is
installed and selected under "Primary Network Logon". Press Esc at the first
logon screen when starting the client to prevent network logon or a
Windows-validated session. This allows domain logon through DUN.
- Identification - The computer name must be unique and Workgroup name should
be the same as the domain to which you are trying to connect.
- Client for Microsoft Networks - Click "Log on to Windows NT domain", and then
type the correct domain name in the "Windows NT domain" box.
- Bindings - Make sure the protocol you are planning on dialing in with is
selected. If the protocol you want to dial in with is not listed, you need to
re-add that protocol, even if it already exists so that the bindings are
regenerated.
Windows 98 Configuration (General):
- Hardware Profiles - Either create a no-network hardware profile or verify
that no network adapters have an IP address on the same network that you are
trying to connect to. If the client normally uses DHCP to get an IP address,
run "winipcfg" at an MS-DOS command prompt, and then click "release all" if
dialing into the same network as the DHCP server.
- Network Configuration - Verify that "Client for Microsoft Networks" is
installed and selected under "Primary Network Logon". Press Esc at the first
logon screen when starting the client to prevent network logon or a
Windows-validated session. This allows domain logon through DUN.
- Identification - The computer name must be unique and Workgroup name should
be the same as the domain to which you are trying to connect.
- Client for Microsoft Networks - Click "Log on to Windows NT domain", and then
type the correct domain name in the "Windows NT domain" box.
- Bindings - Make sure the protocol you are planning on dialing in with is
selected. If the protocol you want to dial in with is not listed, you need to
re-add that protocol, even if it already exists so that the bindings are
regenerated.
Windows NT Configuration (General):
- Hardware Profiles - Either create a no-network hardware profile or verify
that no network adapters have an IP address on the same network that you are
trying to connect to. If the client normally uses DHCP to get an IP address,
run "ipconfig /release" from an MS-DOS command prompt. This is only necessary
if the IP address you have is on the same network as the DHCP server.
- Identification - The Windows NT client must be in its own workgroup
initially, unless its already a member of the domain and has a machine
account.
- Services - Make sure that the Remote Access Service is installed. To
configure this service:
- Click the Start button, point to Settings, click Control Panel, and then
double-click Network.
- Add the Remote Access Service, click Properties, and then click Configure.
For a dial-up client, select the "dial out only" option.
- Also in RAS Properties, click Network, and then select the dial out
protocols to be used.
- Protocols - Make sure the protocol you want to use is installed.
- Bindings - Make sure the protocol you are planning on dialing out with is
available "bound" under Remote Access Server Service.
- Dial-Up Networking
- Runs a wizard initially for telephone prefixes.
- On the Basic tab, type the name of the connection, and then type phone
number to dial.
- On the Server tab, select the protocol you want to use and leave all of
the other options at their default settings.
Initial Setup Process
- After you verify the above, you are ready to start the process of setting up
a Windows NT client for logging on to a domain over a DUN connection.
- After you create the DUN connection with the protocol of your choice, select
the connection and dial it. You are then prompted for information, a name,
password, and a domain.
- After you are authenticated, go to your Network properties (click the Start
button, point to Settings, click Control Panel, and then double-click
Network), and on the Identification tab, click Change, and then join the
domain you just dialed. You only need to join the domain once.
- After you have successfully joined the domain, restart the Windows NT client.
- After the client has restarted, you see the standard logon screen. Press
Ctrl+Alt+Del as usual to log on. Make sure to select the "Log on using
Dial-up Networking" checkbox.
- The DUN connection box then appears so you can dial whichever DUN connection
you want with any protocol you wish. These DUN connections must have already
been created in order to be used for logon purposes. After you are connected,
you are logged on and authenticated as if you were connected on the network
LAN. More specific information about how to configure DUN connections with
Windows NT appear later in this article.
RAS Server Configuration (General):
Please verify the following services and devices are configured on the RAS
server:
- Click the Start button, point to Settings, click Control Panel, and then
double-click Network.
- Click the Services tab, click RAS, and then click Properties. Make sure there
is at least one RAS-capable device installed.
- In the Network section of the RAS properties, make sure that for "Server
Settings," you have selected each protocol your Dial-Up clients will be
using to dial into this server.
- In the Configure section of the RAS properties, make sure that you have
selected "Receive calls only" or "Dial out and Receive calls" for a RAS
server.
RRAS Server Configuration (General):
- Click the Start button, point to Settings, click Control Panel, and then
double-click Network.
- Click the Services tab, and then click Properties. Make sure there is at
least one RAS-capable device installed.
- In the Network section of the RRAS properties, make sure that for "Server
Settings", you have selected each protocol your Dial-Up clients will be
using to dial into this server.
- In the Configure section of the RRAS properties, make sure that you have
selected "Receive calls as a RAS server" or "Dial out and receive calls as
a demand dial router."
Configuration of Clients and Servers (Protocol Specific)
--------------------------------------------------------
The following is a breakdown of each client and server configuration based on
each of the protocols supported with the Microsoft Windows operating systems:
NetBEUI, NWLink, and TCP/IP.
IMPORTANT NOTE: This portion of the reference should only be consulted after the
general configuration options above have been verified and are configured
correctly. Attempting to come directly to this section could lead to confusion,
as the general steps of the configuration are assumed at this point.
The order of how each protocol will be presented is shown in the list below:
- Configuration of Clients
- Windows 95 Configuration (NetBEUI)
- Windows 98 Configuration (NetBEUI)
- Windows NT Configuration (NetBEUI)
- Configuration of Servers
- RAS Server Configuration (NetBEUI)
- RRAS Server Configuration (NetBEUI)
- Configuration of Clients
- Windows 95 Configuration (NWLink)
- Windows 98 Configuration (NWLink)
- Windows NT Configuration (NWLink)
- Configuration of Servers
- RAS Server Configuration (NWLink)
- RRAS Server Configuration (NWLink)
- Configuration of Clients
- Windows 95 Configuration (TCP/IP)
- Windows 98 Configuration (TCP/IP)
- Windows NT Configuration (TCP/IP)
- Configuration of Servers
- RAS Server Configuration (TCP/IP)
- RRAS Server Configuration (TCP/IP)
Configuration of Clients (NetBEUI)
----------------------------------
Windows 95 Configuration (NetBEUI):
- In the properties of the connectoid, click Server Types Advanced options,
select Log on to Network Allowed network protocols, and then select NetBEUI.
Windows 98 Configuration (NetBEUI):
- In the properties of the connectoid, click Server Types Advanced options,
select Log on to Network Allowed network protocols, and then select NetBEUI.
Windows NT Configuration (NetBEUI):
- After Windows NT starts up, press Ctrl+Alt+Del as you normally would to log
on. Type your user name, password, and domain for authentication. Make sure
to select the checkbox "Log on using Dial-up Networking."
- Windows NT displays the Dial-up networking component and gives you the
opportunity to choose which Dial-up connection you want. Choose a dial-up
connection that is bound to NetBEUI.
- If the RAS server is able to authenticate your RAS session, your domain logon
proceeds as if you were connected through a local LAN connection.
Configuration of Servers (NetBEUI)
----------------------------------
RAS Server Configuration (NetBEUI):
- Click the Start button, point to Settings, click Control Panel, and then
double-click Network.
- Click RAS, and then click Network Configuration. In the Server Settings
section, make sure you have NetBEUI selected. To configure NetBEUI, select
whether RAS clients will be able to gain access only this server or the
entire network.
RRAS Server Configuration (NetBEUI):
- Click the Start button, point to Settings, click Control Panel, and then
double-click Network.
- Click RRAS, and then click Network Configuration. In the Server Settings
section, make sure you have NetBEUI selected. To configure NetBEUI, select
whether RAS clients will be able to access only this server or the entire
network.
Configuration of Clients (NWLink)
---------------------------------
Windows 95 Configuration (NWLink):
- In the properties of the connectoid, click Server Types Advanced options,
select Log on to Network Allowed network protocols, and then select IPX/SPX
Compatible.
Windows 98 Configuration (NWLink):
- In the properties of the connectoid, click Server Types Advanced options,
select Log on to Network Allowed network protocols, and then select IPX/SPX
Compatible.
Windows NT Configuration (NWLink):
- After Windows NT starts up, press Ctrl+Alt+Del as usual to log on. Type your
user name, password, and domain for authentication. Make sure to select the
checkbox "Log on using Dial-up Networking."
- Windows NT displays the Dial-up networking component and gives you the
opportunity to select which Dial-up connection you want. Select a dial-up
connection that is bound to IPX/SPX.
- If the RAS server is able to authenticate your RAS session, your domain logon
will proceed as if you were connected through a local LAN connection.
Configuration of Servers (NWLink)
---------------------------------
RAS Server Configuration (NWLink):
- The RAS server must have a unique internal network number. For more
information, please click on the article link below to view the following
Microsoft Knowledge Base article:
Q198518 RRAS Requires Non-Zero Internal Network Number for IPX
- The RAS server cannot be a PDC, however, other servers acting as a PDC are
not affected.
- During installation, enable type 20 packets for NetBIOS Broadcast
Propagation.
- For Windows NT clients, nothing else needs to be done.
- For Windows 95/98 clients, edit the registry, set NetBIOS routing to 7 for
small networks. For more information about editing the registry for Windows
95/98 clients, please click on the article link below to view the following
Microsoft Knowledge Base article:
Q173607 Client Not Authenticated by Domain Through RAS Member Server
- On congested networks, use NetBEUI or TCP/IP with NWLink instead of
performing the steps outlined in the Microsoft Knowledge Base article
Q173607, "Client Not Authenticated by Domain Through RAS Member Server".
- In the Control Panel Network tool, make sure you have IPX selected in the
Server Settings section of the Network Configuration tab of the RAS service.
To configure IPX, select whether RAS clients are able to gain access to only
this server or the entire network and leave other default settings as they
are.
RRAS Server Configuration (NWLink):
- Must have a unique Internal Network number. For more information, please
click on the article link below to view the following Microsoft Knowledge
Base article:
Q198518 RRAS Requires Non-Zero Internal Network Number for IPX
- The RRAS server should not be a PDC, BDCs and standalone servers are not
affected.
- In the Control Panel Network tool, make sure you have IPX selected in the
Server Settings section of the Network Configuration tab of the RAS service.
To configure IPX, select whether RAS clients are able to gain access to only
this server or the entire network and leave the other default settings as
they are.
- Dial-In clients - Configure Interface
- NetBIOS packet handling
- Select the Accept Broadcasts checkbox.
- Under Deliver Broadcasts, choose Only When Interface is Up for small
networks.
- Use NetBEUI or TCP/IP with NWLink on congested networks.
Configuration of Clients (TCP/IP)
---------------------------------
Windows 95 Configuration (TCP/IP):
- In the properties of the connectoid, click Server Types Advanced options,
select Log on to Network Allowed network protocols, select TCP/IP Settings,
and then leave the other default settings as they are.
Windows 98 Configuration (TCP/IP):
- In the properties of the connectoid, click Server Types Advanced options,
select Log on to Network Allowed network protocols, click TCP/IP Settings,
and then leave the other default settings as they are.
Windows NT Configuration (TCP/IP):
- After Windows NT starts up, press Ctrl+Alt+Del like normal to log on. Type
you user name, password, and domain for authentication and make sure to
select the Log on using Dial-up Networking checkbox.
- Windows NT displays the Dial-up networking component and gives you the
opportunity to choose which Dial-up connection you want. Choose a dial-up
connection that is bound to TCP/IP.
- For Dial-up TCP/IP Settings, leave the defaults.
- If the RAS server is able to authenticate your RAS session, your domain logon
proceeds as if you were connected through a local LAN connection.
Configuration of Servers (TCP/IP)
---------------------------------
RAS Server Configuration (TCP/IP):
- Allow clients access to entire network.
- Configure either a RAS pool or use DHCP.
- If you use a RAS pool, make sure the RAS pool of addresses is on the same
network as your LAN card (the pool must be in a range of first-bound IP
address on any network adapter on the server.)
- Install a WINS server, point to a WINS server, or let DHCP assign a WINS
server to the clients, unless you are relying on clients to have lmhosts
files.
RRAS Server Configuration (TCP/IP):
- Allow clients to gain access to the entire network.
- Configure either a RRAS pool or use DHCP.
- If a RRAS pool, make sure the RAS pool of addresses is on the same network as
your LAN card. Also, make sure to use the correct mask for the range of IP
addresses you are creating for your dialup clients (the pool must be in a
range of first-bound IP addresses on any network adapter on the server.)
- Install a WINS server, point to a WINS server, or let DHCP assign a WINS
server to the clients, unless you are relying on clients to have lmhosts
files.
NetBIOS Name Resolution (TCP/IP)
--------------------------------
All Clients - Windows 95/98 and Windows NT:
When you are using WINS on a network:
- Right-click Dial-Up Adapter, click Properties, and then click the WINS
configuration tab. Make sure that the "Use DHCP for WINS Resolution" checkbox
is selected.
If not you are using WINS in your network, use an lmhosts file with the following
entries (xxx.xxx.xxx.xxx represents the IP address of your PDC):
xxx.xxx.xxx.xxx WINPDC #PRE #DOM:DOMAIN-TEST
xxx.xxx.xxx.xxx "DOMAIN-TEST \0x1B" #PRE
- The first entry is the name of the PDC.
- The second entry is for domain browsing, and should be entered with a total
of 15 characters up to the "\" backslash.
- The Lmhosts file must point to first-bound IP addresses on the network
adapter of the PDC because NetBIOS only binds to the first IP of a network
adapter.
Common Error Messages
---------------------
- Error 629: You have been disconnected from the computer you dialed.
Double-click the connection to try again.
- Error 633: The port is in use or not configured for Remote Access Dial-Out.
- Error 720: No PPP control protocols configured.
- Error Box: "You have been disconnected from the computer you dialed.
Double-click the connection to try again."
- Error Box: "Dial-Up Networking could not negotiate a compatible set of
network protocols you specified in the Server Type settings. Check your
network configuration in the Control Panel then try the connection again."
- Error Box: "No domain server was available to validate your password. You may
not be able to gain access to some network resources."
REFERENCES
==========
Q236963 How to Create Hardware Profiles in Win95/98/NT 4.0
Q191494 Dial-Up Networking 1.3 Upgrade Available
Q189771 Windows 98 Dial-Up Networking Security Upgrade Release Notes
Q178729 How To Configure Windows 95 to Dial into a RAS/RRAS Server
Q141600 How to Manually Create Hardware Profiles for Laptop Computers
Q150800 Domain Browsing with TCP/IP and LMHOSTS Files
Q183368 Requirements to Browse Network with Dial-Up Networking
Q193836 NET USE Attempt Across Domains Fails Without Name Resolution
Q185786 Recommended Practices for WINS
Q198518 RRAS Requires Non-Zero Internal Network Number for IPX
Q163949 Workstation Using Lmhosts Fails to Logon if DC Unavailable
Q150053 Erratic Domain Logon from Windows 95 Dial-Up Networking
Additional query words:
======================================================================
Keywords :
Technology : kbWinNTsearch kbWinNTWsearch kbWinNTW400 kbWinNTW400search kbWinNT400xsearch kbWinNTSsearch kbWinNTS400xsearch kbWinNTS400 kbAudDeveloper kbWin95search kbWin98search kbZNotKeyword3 kbWin98 kbRRASNTSearch kbRRASNT400
Version : WINDOWS:95; winnt:4.0
Issue type : kbinfo
=============================================================================
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
Copyright Microsoft Corporation 1986-2002.