Adding legacy computers to the domain

Stephen Benson 0 Reputation points
2024-04-24T13:20:29.91+00:00

We have approx 20 Mazak milling machines running either Win 95, Win 2000 Pro or Win XP. Since the beginning of the year I've not been able to re-add them back onto the domain (functional level 2016). As they are old a hard drive replacement is often needed to keep them going but its like for like, the Mazak engineer will replace a machine running Win 2000 Pro with a new hard drive with the same OS. They then leave us, the IT dept to re-add them back onto the domain. This is where the issue is.

The machines live on a segregated VLAN separate from our normal network. Theyll have their static IPs set then attempted to add back onto the domain. This fails with a "an internal error " or more often "the specified name is no longer available". The attempted re-join can create an AD entry but its immediately disabled and accessing the computer from another computer shows a "Trust relationship" error.

Now there's loads of stuff on the internet about this and Win XP does have a workaround (install SP3 and KB969442) but nothing available for 2000 or 95.

Can anyone help or suggest the best way for these multi million pound machines to be accessed?

Can any shed any light on why this happened in the first place (server update possibly)?

"Scrap the lot" I hear people say but to replace them is a lot of money, well into 7 figures so our task is to keep them going for a while longer. 😒

Thank you

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,899 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Timmy Malmgren 886 Reputation points
    2024-04-25T08:51:19.4333333+00:00

    Hello

    First of all i understand the problem of being stuck with old operating system and that replacing them can be a difficult and costly process, just want to add a disclaimer (that you are probably already aware of) but having them in your environment can also be a security risk that can cost you even more than replacing them.

    The issue i think is that Microsoft is constantly improving security and they most likely suffer from something like Smbv1, netlogon, kerberos, etc being "tightened". It could be a number of things and i don't have the specific solution, for instance if its Smbv1 there is no real solution since 95 and 2000 does not support any other version.

    So it might actually be impossible for you to domain join them into such a new environment again.

    However, if there aren't to many of them and you really cant get rid of them at this time you might need to consider having them not domain joined and deploy policies manually/locally (having local accounts to logon), or maybe set up their own domain with older domain controllers?

    How does these machine need to be accessed? Is it trough RDP? Is it a file share?

    Hope this is helpful and remember shared knowledge is the best knowledge 😊

    Best Regards,

    Timmy Malmgren

    If the Answer is helpful, please click "Accept Answer" and upvote it as it helps others to find what they are looking for faster!

    0 comments