We have 2 buildings. Building 1 has a CheckPoint Secure Platform Firewall-1 box. Building 2 has a Nokia IP30 box, which is based off Checkpoint's Firewall-1.
We have a VPN set up between the 2 boxes\locations, and it works great.
Everyone can do everything they need to do via the VPN.

Last month I set up the computers at building 2 to login to the NT4 domain controller at building 1. I did this by adding the domain name and the domain controller's IP to the hosts file. They could login and run login scripts just fine. Later I setup a WINS server in building one, and all the PCs in both buildings use the WINS server for NetBIOS name resolution.

Sunday I re-arranged the server rack, as last week we had shutdown a few servers (Novell 3.15 and windows 2000) to retire them. They were powered off and unplugged all last week, and no one had any issues. So all I did Sunday was power down all of our servers, unplug the cables, re-arrange them, plug them back in, and boot them back up. During this time the firewall, as well as every other server, was turned off and disconnected for an extended period of time.

Once I was done re-arranging the rack I tested a 98 and xp box at building 1 and everything was working fine. I could also VPN in from home just fine. The firewall logs also showed that the VPN with building 2 had re-established properly, and I was able to ping over there with no issues.

Monday morning I came in and people in building 2 were getting this error:

"The domain password you supplied is not correct or access to your login server has been denied."

I can't login as our Administrator either, same error.
Turns out that the one XP box at building 2 has no issues logging on to the domain. But all the 98 boxes get that error. Because it's 98, I just hit cancel and at the desktop I pulled up the command prompt. I can ping both the domain name and the computer name of the domain controller just fine. If I open up My Computer and \\Domain_controller I get this error:
Windows cannon find \\Domain_controller. Check the spelling and try again, or try searching ..blah....
at this point I can't ping the WINS server by NetBIOS name
If I type
\\wins_server's NetBIOS name I get this error:
..is not accessible
No error information is available.
\\192.168.100.15 (the wins server IP) I get this error:
..is not accessible
No error information is available.
Now I can ping the wins server my NetBIOS name
I can now also resolve any PC name at building #1.
If I \\ the domain_controller’s NetBIOS name, I get \\DOMAIN_CONTROLLER is not accessible. Windows cannon find \\Domain_controller. Check the spelling and try again, or try searching ..blah....
If I \\192.168.100.3 (Domain controller's IP) I get
.. not accessible
Not logged in.

Ok.. finally an error that makes sense.


Once I UNC browse \\192.168.100.3 (the Domain controller's IP) and get that not logged in error, I can log off, and log in properly to the domain controller from building 2.

Because DHCP is done by the Nokia IP30 box, the WINS server info is hard-coded at building 2 (building 1's DHCP server is the Domain Controller and it does send the WINS info). I'm not sure why WINS stops working until I ping or UNC browse the wins IP address.

If wins is working, and I log off I still can't login to the domain. It's only when I UNC browse to the domain controller's IP that I can then log off and log in properly. Once you reboot the PC, you still get the login error and need to \\192.168.100.3, log off and login and that's the best fix I have at the moment.

I have no idea what to do about this problem. I have no idea why this problem even occurs. I'm not sure where I can even go for help. If you have any ideas about this problem, or know where I can get help with this problem, PLEASE let me know.

Thanks,
Russell

Are the building 2 computers receiving the correct WINS server via DHCP? (ipconfig /all)
Also, can you ping the WINS server from the building 2 firewall? (assuming it has a browser/terminal interface that allows you to ping)

The building 2 PCs aren't getting WINS via DHCP, but they do have the correct info hard coded. ipconfig /all confirms this.

The IP30 box has no terminal :-/

Every one can ping the WINS server's IP, and XP PC's can ping (and resolve) the WINS server's NetBIOS name without 1st having to ping the IP directly.

So it's just the 98 PCs that are having issues. My laptop, and the XP PC @ building 2 can both instantly resolve netbios names and login to the domain from building 2.


So I was playing with another 98 box than the 1st one that I used to describe our symptoms... and on 1st boot up, this one can't get on the domain, but it can ping and resolve netbios names (including the WINS server's name). However you still have to do the \\192.168.100.3, log off login trick to get on the domain...

Shot in the dark, but is netbeui also installed on the 98 workstations? If so check in the settings of the TCP/IP properties and make sure TCP/IP is set as the default protocol.

The only things loaded are client for Microsoft Networks
TCP/IP
and the NIC drivers
Some have printer shareing turned on, no netbeui though.


UPDATE:

Apparently that PC that I thought could resolve netbios names on boot can't. I can boot up a PC, get the login error, and hit cancel. Then running ipconfig /all will let me log off and log into the domain....

So ipconfig /all lets it "figure out" what ever the heck went wrong.. as does trying to open //192.168.100.3 ...

Just some (random) thoughts...
1) uninstall TCPIP and reinstall the stack. Can fix lots of goofy problems like this.

2) Doesn't win98 store passwords in a .pwl file locally? Try deleting the them to see if it solves the login problem but you still need to have name resolution of some type....

3) Just upgrade everyone to XP and it all will be fixed. :p

Just some (random) thoughts...
1) uninstall TCPIP and reinstall the stack. Can fix lots of goofy problems like this.
-That was auctually one of the 1st things I tried, before I found the \\192.168.100.3 fix.. No luck.

2) Doesn't win98 store passwords in a .pwl file locally? Try deleting the them to see if it solves the login problem but you still need to have name resolution of some type....
-I don't believe there is a local copy of domain passwords, just local windows logins... (which usually are the same, but can be different when say I reset someone's password)

3) Just upgrade everyone to XP and it all will be fixed. :p
-That's in the queue, but we have 1 guy who deals with formatting and loading apps on PCs. Our company is small, so he also works as a Sr. test engineer, but we've grown a ton lately and so we basically overgrew our IT pseudo department quickly :-/ We're working on getting more help.

Thanks for the trys though :->
I'm just totally lost on this one as I can't see why the problem occured in the 1st place, muchless the perminant solution for it...

I think SJConsultant had the right idea. Most problems I can think of with WINS and a mixed NT4 domain/Win2k/WinXP environment can be solved by enabling netbeui.

- Qualm