Win98se VNC Server + w2k PDC

Should you have problems with the MS logon plugin, here's the place to look for help or report issues.

Win98se VNC Server + w2k PDC

Postby Flips » 2005-04-13 20:41

Hello, I have read the docs and the forum, but things still doesn't seem to work. Here is what I want to do:

I want to set up a VNC server on a win98se, but I want this vnc server to authenticate users on my w2k domain controller.

I have set my win98se to user-level access control. Is that really necessary? I would like it not to be.

I have created a group VNCLOGON on my w2k domain controller, then I marked require ms logon on the vnc server, and set group 1 to: VNCLOGON, finally I marked "domain" for group 1.

When I try to connect to the win98se server. It asks for my username and password. I type the username of a user that is member of VNCLOGON and its password. But I get login failure anwser.

The win98se box can normally login to the domain controller.

Am I doing anything wrong?



Postby Marscha » 2005-04-14 06:41

From the docs ( ):
To use MS Logon under Windows 95, Windows 98, and Windows Millennium Edition, you also have to enable the NTLM security services.
Open Control Panel, Network, Access Control, and then selecting User-level access control.
Win 9.x require 2 dlls radmin32.dll and rlocal32.dll this can be found in the nexus.exe.

For MSLogon I there is also a utility called testauth.exe.
This is located in the UltraVNC install directory.
You can manually enter the parameters and get diagnostic output.
Former moderator
Former moderator
Posts: 471
Joined: 2004-05-14 06:48

Postby sgt-d » 2005-04-14 07:44

I have set my win98se to user-level access control. Is that really necessary? I would like it not to be.

yes, user-level access control is currently required.

before i start, for debugging this issue, please test everything with the msrc4 dsm plugin disabled on the server (winvnc) and viewer (vncviwer). after you are able to login successfully, by all means use the msrc4 dsm plugin however you like.

network properties (control panel)

configuration tab -> client for microsoft networks -> properties

check "log on to windows nt domain", type in the domain name, check "logon and restore network connection", click ok.

configuration tab -> tcp/ip -> properties -> dns configuration tab

type the domain name in the domain field, click ok. this may not be required, uncertain.

identification tab

type the the domain name in the workgroup field.

access control tab

check "user-level access control" and type the server name or domain name in the "obtain list of users and groups from" field, click ok.

click ok again to close the network control panel applet and reboot when prompted.

next steps...

the current documentation ( ) mentions that you will need radmin32.dll and rlocal32.dll.

both of these files (and more) are included in microsoft windows nt server management tools (nexus.exe) (link below).

microsoft windows nt server management tools (nexus.exe) ... /nexus.exe

extract the archive to a temp folder, then move/copy radmin32.dll and rlocal32.dll to your ultravnc folder.

restart the winvnc service so it will be able to use the new dll's...

these commands are for windows 98 where your service is running....

stop the winvnc service (right click, exit, or):

"C:\Program Files\UltraVNC\WinVNC.exe" -kill
"C:\Program Files\UltraVNC\WinVNC.exe" -remove

start the winvnc service:

"C:\Program Files\UltraVNC\WinVNC.exe" -install

if you need your tray icon back make a shortcut to winvnc.exe:

Target: "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
Start In: "C:\Program Files\UltraVNC\"

now attempt to connect to the server.

make sure you restart the service and that you don't run the server shortcut (this would run it as an application, not a service).

if you still aren't having any luck...

first make sure that the group on your win2k server is a global group... they may not have this distinction in windows 2000 server like they did in windown nt4 server. on nt you must create a "global" group.

additionally, your "vnclogin" item must be a group, not a user. you can add existing user accounts to the "vnclogin" group later.

in ultravnc's server settings for ms login, in group 1 type vnclogin (must be all capital letters). also make sure that you only check the "domain" option in these settings.

see if you have testauth.exe in your ultravnc folder. if you don't have it you can use testauth.exe from the rc 18 binaries (the rc 20.3 binaries have gone missing):

ultr@vnc 1.0.0 rc 18 binaries (only if you don't have testauth.exe) ... p?download

extract testauth.exe to your ultravnc folder and open a command prompt and type these commands:

cd "\program files\ultravnc"

it will prompt you for a user name, a password, a group and then it will ask if you want to test a local login (1), a domain only login (2), or both local and domain (3).

during execution there is a typo, for domain only it says "dom=3" - it should say "dom=2" for a "domain only" login test.

to be honest, i'm not exactly sure what they want for the "group" prompt... i have tried "1", "2," and "3" (thinking they wanted the group number from ms login settings), lowercase domain name, full qualifying path \\domain\group, etc. the only time i've seen it say "for testing we cont, but access was already granted" (success) is if i typed in the nt group name in all caps. even then it still shows errors like "no domain group found" and "acceptsecuritycontext failed with 8009030C".

as mentioned, if you see "for testing we cont, but access was already granted" - this is a success message and it means that vnc logins will work - despite all other warnings or errors you might see along the way.

anyway, for your user/pass, you know what you need for those two. for the group in your case try vnclogin (must be all capital letters). for the "loc, dom, local+domain" prompt, type 2. then hit enter. you should see output similar to this:

C:\Program Files\UltraVNC>testauth

Enter user name : sgt-d

Enter password : nicetry

Enter group : VNCADMINS <- all caps

loc=1 dom=2 local+domain=3 : 2

Trying authlogonuser.dll
This only works on XP>
test is runnning as application and not a service
authlogonuser.dll not foundbased on authlogonuser.dll user has NO access
Trying auth.dll
No Domain group found
Domain password check OK
AcceptSecurityContext failed with 8009030C
Acces to vnc OK
based on auth.dll user has access
For testing we cont, but access was already granted <- SUCCESS!
Enter to quit

don't worry about the missing authlogonuser.dll message. if you are missing other dll's, check the ultr@vnc 1.0.0 rc 18 binaries (above). if you get an error about missing workgrpnt4.dll, you can make a copy of workgrpdomnt4.dll and rename the copy to workgrpnt4.dll.

hmm. i think that's all.

sorry for the novel... i need to make a help page for this someday.

moreover, i hope this helps you, or anyone else that stumbles upon it.

please keep me posted on your progress!


ms login vs. win98se
ms login vs. win98se

mslogonacl.exe error on windows 98 se
topic #2512

god i need a bigger edit window...
Last edited by sgt-d on 2005-04-14 07:49, edited 2 times in total.
Posts: 81
Joined: 2005-03-29 04:46

Postby Flips » 2005-04-14 17:50

Thanks a lot for your answer!! Now I can connect and athenticate fine.

I have another question though, my win98se with the VNC server has dual monitor installed.

But when I connect to it I can only see the main monitor attached to the main video card. And mouse just points the wrong place.

Is there a way arouond it?

Thanks Again and Best Regards.

Postby sgt-d » 2005-04-14 19:46

search the forum (links at top) for dual monitor.

i have seen several posts about it, so i'm sure there are issues with it... but since i don't have dual monitors (yet), i haven't studied any of the threads or any possible work arounds.

heh sorry :/

hmm my fingers are still numb from this morning... lol
Posts: 81
Joined: 2005-03-29 04:46

Return to MS logon plugin

Who is online

Users browsing this forum: No registered users and 3 guests