Mac OS X Server v10.5 or later: Windows Vista clients may be unable to join a hosted PDC

Microsoft Windows Vista clients may be unable to join a PDC hosted on Mac OS X Server v10.5 or later. Windows Vista may be configured with a local security policy which does not include an authentication protocol that is required by Mac OS X Server v10.5 and later.

Windows Vista clients may receive an alert similar to this when trying to bind to the Mac OS X Server PDC: 

"Your computer could not be joined to the domain because the following error has occurred:
Logon failure: unknown user name or bad password."

To allow Windows Vista clients to join a PDC that's hosted on Mac OS X Server v10.5 or later, the local security policy of the Windows Vista client must be changed. On each Windows Vista client:

  1. Choose Start > Control Panel.
  2. Select "Classic View".
  3. Open "Administrative Tools".
  4. Click the Shortcut named "Local Security Policy" and confirm that you want to continue.
  5. Select "Local Policies" and then select "Security Options".
  6. Scroll down the list until you find the "Network security: LAN Manager authentication level" policy.
  7. Double-click "Network security: LAN Manager authentication level" to edit this policy.
  8. The default Windows Vista setting is "NTVLM2 responses only". Change it to "Send LM & NTLM - use NTLMv2 session security if negotiated".
  9. Click the "Apply" button.

You should now be able to log in.

For an explanation of each of the various options for this security policy in Windows Vista, see this Microsoft Technet article.

Published Date: