Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


August 2000

Can Win2K and NT 4.0 Coexist?


From the August 2000 Edition
of Windows IT Pro
Paula Sharick
Feature
InstantDoc #9041
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Interoperability Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

Tests in a small lab environment show the two OSs play well together

OK, you're ready to take the plunge and start testing Windows 2000 systems with your Windows NT 4.0 network. You might start by searching Microsoft's Web site, Windows 2000 Magazine, and other sources for procedures and techniques to help you build a cooperative mixed environment. But unless a great deal of new material has been published during the past few months, you'll most likely find only a scant offering of tips. I've been testing a mixed Win2K and NT 4.0 environment for months, and I'm ready to share what I've learned about configuring Win2K systems and integrating them into an NT 4.0 network.

Testing 1-2-3-4
My test environment consisted of an NT 4.0 domain with one primary domain controller (PDC) and one backup domain controller (BDC), a standalone NT 4.0 RAS PPTP server, and two NT 4.0 workstations. Most of my NT 4.0 systems were running Service Pack 5 (SP5) with selected hotfixes. On the Win2K side, I used an IBM ThinkPad 600E running Win2K Professional's prerelease version (build 2194). Later, I installed a second system root to boot the final Win2K Advanced Server release. I also configured four different versions of Win2K AS on a Dell XPS T system: a standalone server, a domain controller, a domain controller with the Certificate Authority (CA) enterprise version, and a VPN server with the CA standalone version.

I conducted four specific coexistence tests. First, I explored the setup and configuration steps you need to follow to successfully log Win2K Pro and Win2K AS standalone server systems on to an NT 4.0 domain. Second, I tested cross-domain access between a Win2K domain and an NT 4.0 domain, with and without a trust relationship between the domains. As part of the mixed-domain test, I alternately logged my Win2K Pro system on to both domains. Third, I'm a VPN fan, so I tried several VPN connections, including Win2K Pro to an NT 4.0 RRAS server, Win2K Pro to a Win2K RRAS server, and an NT 4.0 VPN client to a Win2K RRAS server. Fourth, I experimented with Microsoft Management Console (MMC) snap-ins for remotely administering NT 4.0 systems from a Win2K server.

Because I was booting from among four system roots on one Win2K system and three system roots on the other, I had to keep checking to see which version was running. I quickly discovered that you can display a Win2K system's name and domain in one of two ways:

  • Right-click My Computer, choose Properties, and select the Network Identification tab.
  • Right-click My Network Places, choose Properties, select the Advanced tab, and click Network Identification.

Booting Multiple Win2K System Roots
Win2K AS booted correctly with two system roots on the same physical drive and three system roots on the same logical drive. Remember that to successfully boot several installations, you must give each instance a unique system-root name. I also had no problems dual-booting Win2K and NT 4.0 on the notebook's C drive. On the Dell XPS T, I started with NT Workstation 4.0 in C:\winnt and installed Win2K Pro in C:\win2kpro, Win2K AS in D:\win2kas, my domain controller in D:\win2kdc, and my VPN server in E:\win2kserver. To keep from getting confused about which instance I was booting, I edited the boot.ini file and changed the default description for each system root to reflect the configuration I was booting (e.g., Win2K AS, VPN server).

To define the instance I wanted to boot automatically, I right-clicked My Computer, selected Properties, selected the Advanced tab, and clicked the Startup and Recovery button. As Figure 1 shows, the Startup and Recovery dialog box's System startup field displays all the entries from the boot.ini file. From this list, I selected the system root I wanted to boot by default. Win2K displays the boot.ini entries at system startup, so you can use the up and down arrow keys to override the default entry and select another root.

Logging a Win2K System on to an NT 4.0 Domain
As with NT 4.0 systems, you must create a computer account for a Win2K system before it can successfully join an NT 4.0 domain. After I took my Win2K Pro notebook off the network for a week, the password for the computer account on the notebook wasn't synchronized with the password on the NT 4.0 PDC, so I couldn't log on to the domain. While troubleshooting the computer-account problem, I found this error message in the notebook's System event log:

Because of repeated network problems, the time service has not been able to find a domain controller to synchronize with for a long time. To reduce network traffic, the time service will wait 960 minutes before trying again. No synchronization will take place during this interval, even if network connectivity is restored...

The Win2K time service synchronizes the system date and time, and Win2K systems look to the Win2K root domain controller as an official time server. Time synchronization is crucial in W2K because Kerberos authentication uses workstation time to generate an authentication ticket. When a system can't contact a Win2K domain controller for a time update, Kerberos can't generate a valid authentication ticket and computer and user accounts can't successfully log on.

My NT 4.0 PDC isn't a time server, so my Win2K systems had no time-synchronization source and thus routinely reported the time-service error above. If you don't have a time server on your NT 4.0 network, you can configure an NT 4.0 system as a time server or access one of several public Internet time servers to set the clock on Win2K systems. The command

net time /setsntp:<time server IP address>

establishes an official time source, and the command

net time /querysntp

displays the official time source.

To manually reactivate a Win2K computer account when the password isn't synchronized with the account password on the NT 4.0 PDC, you can delete and recreate the account in the NT 4.0 domain. After you recreate the account, you must reboot the Win2K machine to synchronize the new account credentials.

With the exception of the expired password on the computer account, the Win2K Pro workstation joined my existing NT 4.0 domain with no problems. It was equally cooperative when I logged on to the Win2K domain. To change domain membership on a Win2K system, I right-clicked My Computer, selected Properties, selected the Network Identification tab, clicked the Properties button, and entered the name of the target domain. At the resulting prompt, I entered a valid username and password for the Win2K domain. After a slight delay while Win2K Pro located the Win2K domain controller, the OS prompted me to shut down and reboot the workstation to activate the domain change. Upon reboot, the workstation joined the domain successfully. I successfully alternated the workstation's domain membership many times during the course of my testing. Figure 2 shows the Win2K workstation as a member of the NT 4.0 Wildwood domain and the Win2K Wildwooda domain. Don't let this window mislead you—a workstation can have an active account in several domains, but it can log on to only one domain at a time.

Win2K AS
The first time I configured a standalone Win2K AS server, I wanted to avoid mixing Win2K dynamic DNS (DDNS) and NT 4.0 DNS. When I checked Networking Services during server setup, the Details button showed that the setup wizard installs DNS and WINS services by default, so I unchecked these services to prohibit their installation. Later, when the setup program asked me whether I wanted to change the server's address from DHCP-assigned to static, I entered a static IP address, subnet mask, default gateway, and the addresses for my legacy DNS and WINS servers. A few screens later, the setup wizard rebooted my Win2K AS server, but the system couldn't locate the NT 4.0 domain controller. After the final reboot, I logged on as the local administrator and changed the server's domain membership to the NT 4.0 domain. The server then joined the NT 4.0 domain on the first try.

To ensure that your standalone Win2K servers experience no problems operating in an NT 4.0 domain, I have three important configuration tips for you. First, define a host record for the new Win2K system in the legacy DNS server before the new Win2K system joins the domain.

Second, define a DNS suffix for the standalone Win2K server. If you follow the installation procedure I outlined, your Win2K standalone server most likely won't have a DNS suffix because the setup wizard doesn't enter or prompt you to enter one. (According to Microsoft, the problem is with the Win2K AS standalone server installation only; the setup wizard enters a DNS suffix when you configure a Win2K domain controller.) Without a DNS suffix, your server might not be able to resolve TCP/IP names on the network, even if you use the DNS tab on Advanced TCP/IP Settings to enter the TCP/IP address for a legacy DNS server. To check whether a DNS suffix is defined for your system, run the command Ipconfig/all. If the Primary DNS Suffix field (the second line of the Ipconfig display) is blank, you need to define a DNS suffix.

To specify a Win2K computer name and its DNS suffix, right-click My Computer, select Properties, select the Networking Identification tab, and click the Properties button to open the Identification Changes dialog box. You define the computer's host name (e.g., w2kserver) in this box. Click the box's More button to open the DNS Suffix and NetBIOS Computer Name dialog box. Here you enter the DNS suffix (e.g., wildwooda.com). Figure 3 shows these two dialog boxes. You define all other TCP/IP information, including the TCP/IP address, gateway, DNS, and WINS information, on the Properties tab of the LAN adapter. After you enter the DNS suffix, click OK to reboot the server. Rerun the Ipconfig/all command to verify that the DNS suffix appears as you entered it.

   Previous  [1]  2  Next 


Reader Comments
I am running 5 Win2K workstations against a Win NT 4.0 PDC and Win NT 4.0 Server both with SP# 6. I use 'Per Server" licensing. As I upgraded my NT 4.0 workstations to Win2K, I began to have license problems on my NT 4.0 Server. Event ID 201 "No license was available for user ___ using product SMB Server 4.0." When I do a 'NET SESSIONS" I see an average for 4 connections per workstation: 21950, 21953, etc. On the client side, I see "No more connections can be made to this remote computer at this time because there are only already as many connections as the computer can accept." I use NET SESSIONS to kill connections and start over. To get around the problem, I have up the number of allowed concurrent connections. Yes, Win2K and NT 4.0 can coexist but this problem is needs to be better understood.


Bruce Riddle July 18, 2000

I have 2 domains in my organization. One is a w2k domain (mixed mode), and one is an NT 4 Domain. The seem to coexist Ok, except for one problem: There is a one-way trust where the w2k domain trusts the NT 4 domain. I want the NT 4 Domain Admins to be Domain admins on the w2k domain. In the active directory users MMC, I cannot make the NT 4 accounts members of the w2k Domain Admins group. Have I missed something, or can you not do this?

Jeremy Marsch July 27, 2000

A couple of times Paula talks about the "Setup" program doing things when installing a Domain Controller as opposed to a member server or stand-alone server. (The fourth paragraph of the Win2K AS section, for instance.) The setup program only installs stand-alone or member servers. After installation, running DCPROMO.EXE upgrades the server to a Domain Controller (either through a script, by using Configure My Server, or directly.) I don't know what the Microsoft people told her, but Setup certainly could not set a DNS suffix for a Domain Controller.

To Jeremy: Remember, Global Groups can only contain members from their own domain. This has not changed from NT4. You would need to place the Domain Admins into the Administrators group. And, btw, it would work exactly the same whether you Windows 2000 domain was mixed or native mode.

Beth Parkes July 29, 2000

There are some interesting issues noted in this article, even though it is breif and lacks considerable amounts of technical detail. Yes it is true, W2K and NT4 can coexist quite happily, but there was very little focus on the Active Directory component of W2K. This is the major advancement in technology between W2K and NT4 and there is very little mention of it. I am interested in the interaction of legacy technologies with the AD and how the NT4 and Win9x clients cope with the AD?

Glynn Llewellyn November 29, 2000

<br><br><i>You're correct that a steep learning curve exists for Win2K, but the rewards for mastering new knowledge are immense. You can find answers for coexistence problems in the Windows 2000 Magazine forums (http://www.win2000mag.net/
forums). Users post cross-platform problems and solutions in both the Win2K and Windows NT 4.0 forums. <br><br>
­--Paula Sharick </i>

Paula Sharick December 01, 2000

­<br><br>A really nice benefit of Paula Sharick's "Can Win2K and NT 4.0 Coexist" (August 2000) is that the information in the article is helping me "play with the big kids," as well as learn about a topic that is sometimes very overwhelming. I've quoted the article several times in a Delphi forum (http://www.delphi.com), in which I and other Windows 2000 newbies relate our experiences trying to configure Win2K Server. We've made lots of mistakes, but we're doing a good job expressing the problems, frustrations, and joys of installing Win2K Server for the first time. Users who have traveled the ground we're just beginning to cross can relate to our experiences as we stumble and bumble our way through Win2K. <br><br>

­Greg Kotsovilis December 01, 2000

<br><br><i>The NT 4.0 PDC will always stay master browser. The PDC status gives the server higher priority than any workstation­--Win2K or NT 4.0. </i>

­--Paula Sharick December 01, 2000

<br><br>I read Paula Sharick's article about Win2K and NT 4.0 coexistence, and a question came to mind. We're starting to add Win2K workstations to our single domain. Will Win2K Professional take precedence over the NT 4.0 server as master browser?<br><br>

­Ken Avis December 01, 2000

I have read your articles concerning the co-existence of Win2k and NT 4.0 but have not found an answer to my particular problem. I am running NT 4.0 SP5 on the server and rolling out Win2k pro on the workstations in a Student Computer Lab. Restricting user access is VERY important. When I try to create a mandatory profile I cannot assign it to a server group, only a local group. This means that it will only work on the PC it was created on.

Is there a way to create a profile on win2k pro and copy it to the NT 4.0 server, assigning it permissions for a server based group (eg Students)?

Kathleen Johnson January 22, 2001

You must log on before posting a comment.

If you don't have a username & password, please register now.




Top Viewed ArticlesView all articles
WinInfo Short Takes: Week of November 24, 2008

An often irreverent look at some of the week's other news, including a Vista Capable dismissal request, Zune price reductions, Morrow musings, Novell and Microsoft sitting in a tree ... two years later, Yahoo!, IE 6 on Windows Mobile, and so much more ...

Command Prompt Tricks

One reader shares his tip for setting up the command prompt to reflect a remote path. ...

PsExec

This freeware utility lets you execute processes on a remote system and redirect output to the local system. ...
Windows OSs Whitepapers Why SaaS is the Right Solution for Log Management
Related Events Check out our list of Free Email Newsletters!
Windows OSs eBooks Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys

SQL Server Administration for Oracle DBAs
Related Windows OSs Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.



ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Is Your Approach to VMware Server Recovery Outdated?
Is your data protected from server failure? Download this white paper to find the best way to back up, recover, and restore your VMware ESX Server 3.x.

Maximize speed, performance and reliablity of your PCs and servers—automatically!
Speed Up Your PC! Try Diskeeper 2008 with InvisiTasking Free Now!

GoGrid Offers FREE Trial for Windows Cloud Servers
Deploy Windows Server 2003 and 2008 with free load balancing through GoGrid’s award winning web-based GUI – all in less than 5 minutes

Order Your SQL Fundamentals CD Today!
Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.
You've Deployed SharePoint...Now What?
This one-day free online conference delivers the technical knowledge needed to kick MOSS up a notch. In one information-packed day, independent SharePoint experts will present practical, real-world information and provide take-away, ready-to-use solutions

Ease Your Scripting Pains with the Flexibility of PowerShell!
Paul Robichaux equips you with PowerShell basics in 3 introductory lessons, each followed by live Q&A—all on your own computer! Register today!

What Would You Do If You Ran Microsoft?
ITTV's 2008 inaugural video contest, "If I Ran Microsoft..." is your chance to tell it like it is. Be goofy or be serious, but don"t miss this chance to have fun, win prizes, and go viral in a major way.

Maximize Your SharePoint Investment
This web seminar discusses how true bi-directional replication of SharePoint content from one server to another enables branch offices to maintain access to current SharePoint content.

Rock Your Knowledge, and Compete with Friends and Colleagues!
Are you the Web Application Performance Guru in your office? It's time to have fun! Download now to access the crossword puzzle. Challenge yourself and complete this fun activity!
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound ITTV
IT Library Technology Resource Directory Connected Home Windows Excavator Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing