Windows XP Clients Cannot Execute Logon Scripts against a Windows Server 2012 R2 Domain Controller – Workaround

The issue

The real issue is that you are still running Windows XP. The secondary issue is that you have Windows XP clients that cannot connect to a file share (NETLOGON) on a Windows Server 2012 R2 Domain Controller. If you try manually via \domaincontrollerNetlogon it will throw an error like  "The specified network name is no longer available".  Security wise & moral pressure wise I kind of think this drives home the message you need to get off Windows XP. But I realize you’re in a pickle so here’s the workaround/fix.

Root Cause & Fix

Windows XP talks SMB 1.0 and that’s it. If this is not offered by the server (file server or domain controller) we have a problem. Now if you installed new Windows Server 2012 R2 servers they do not deploy the SMB 1.0 feature by default. If you upgraded from Windows 2008 R2 (perhaps even over Windows 2012) to get to Windows 2008 (R2) this feature kept in place. Other wise you’ll need to make sure SMB 1.0 is installed, it often (always?) is. Just check.


However there is a big change between Windows Server 2008 R2/Windows 2012. The LanmanServer service has a dependency set to SMB 2.0 and no longer to SMB 1.0

This is what it looks like on a Windows Server 2012 (or lower) domain controller:


This is what it look like on a Windows Server 2012 domain controller


So we need to change that on Windows 2012 R2 to support Windows XP. We can do this in the registry. Navigate to


  1. Change SamSS Srv2 to SamSS Srvimage
  2. Restart the Server (Lanmanserver) service (it will restart the dependent services like netlogon, DFS Namespace, .. as well)

You’re XP clients should be able to authenticate again. You can test this by navigating to \domaincontrollerNetlogon on a XP client. This should succeed again.

If you have issues with Windows Server 2012 R2 file servers … this is also valid. When you do get rid of Windows XP. Go back to the original settings please Smile.

If you want to read more on SMB read this blog Windows Server 2012 R2: Which version of the SMB protocol (SMB 1.0, SMB 2.0, SMB 2.1, SMB 3.0 or SMB 3.02) are you using? by Jose Barreto (File Server team at Microsoft)

Finally, get off XP!

I think I said it enough on twitter and my blog Legacy Apps Preventing Your Move From Windows XP to Windows 8.1? Are you worried about HeartBleed? Good! Are you worried about still being on XP? No? Well dump SSL and use clear text authentication as XP is a free fire zone  anyway (as of April 8th 2014) and it’s just a matter of time before you’re road kill. Any company who has CIO/CTO/IT managers and other well paid functions and have let their organization be held hostage on XP (I’m not talking about a few PCs or VMs left and right) by legacy apps & ISV should realize they are the one who let this happen. Your watch. Your responsibility. No excuses.

Legacy Apps Preventing Your Move From Windows XP to Windows 8.1?

Are old applications holding you back getting rid of Windows XP? It’s A reason we hear a lot and these apps do exist. But often it’s because the effort to make it work isn’t considered worth the cost. Year after year. So some people today are stuck on a Windows Server 2000/2003 & XP infrastructure. How does that cost compare now to the cost of dealing with the application? Was it worth not moving the application & have an out of date infrastructure holding your ENTIRE company down?


While some things can’t be fixed, putting in some effort could have prevented you of being in this mess. Yes it would have cost you a decent penny but nothing compared to where you are at now with your infrastructure “challenges”.

Here’s a little example for you. Over a period of 13 years we’ve moved an old application (using a Borland database engine & ISAPI DLLs in IIS). It ran on Windows Server 2000. It was P2V’d to VMware Server. Over the years the data base swapped from Informix to SQL Server 2000, 2005, 2008, 2008 R2. We upgraded the VM to Windows Server 2003(x86), moved to Hyper-V, upgraded to Windows 2008(x86) & final now put on W2K12R2(x64). So what do you mean you can’t get rid of XP? We’ve moved the client app for that VM to x64 with Vista in 2007.  We were not to let that app block our way to the future and Windows 7(x64) and Windows 8 & 8.1(x64). In 2014 you should be able to move to or you need to reconsider your approach to IT as you have totally painted the organization into a corner. We did not have installers for anything. We extracted registry entries & bits form installed systems and build installers ourselves with the free NSIS installer. We used  Windows SysInternals tools to figure out where the application wrote & read, what permissions where needed and add those to the installer to make sure it did not need local admin rights. It gave the business over a decade to get a grip on application live cycle management & replace the app. They failed twice, and while that’s bad and we do not like it, it was not deadly as they haven’t let the rest of the company suffer for it. Never, ever let your infrastructure get stuck in the past. But wait you say, what you did is not supported. That’s right. That’s one app, that works, and it beats being left with an unsupportable infrastructure blocking progress Winking smile

You might need some help and here’s a great place to start helping yourself The App Compat Guy. Read and view (TechEd presentations) anything Chris Jackson is offering on this subject and you’ll be on your way. Need a helping hand? Here’s a good place to start if your in Belgium: Microsoft Extended Experts Team (MEET). Chances are some of them known some one who knows how to get it done or are the person to talk to.