Ref: 06430020
Title: Starting NETLOGON on a LAN Manager 2.0 Server
Date: 3/29/91

Copyright 3Com Corporation, 1991.  All rights reserved.

The NETLOGON service cannot be started immediately on a new LAN Manager
2.0 installation.  In LAN Manager 2.0, the NETLOGON service has user
account system requirements that must be configured from NET ADMIN before
the service will be allowed to start.

During the installation process, the user is given the option from within
SETUP to choose all of the services that will automatically start when
the server boots up.  If the NETLOGON service is chosen before the user
account requirements are filled, the server will fail on boot up with the
error:

     NET3062: The subservice NETLOGON failed to install.  The server
     service could not be started.

When running SETUP, do not choose the option to start the NETLOGON service
automatically.  After the installation is complete and the server is
rebooted, set up the server as a Primary Domain Controller, a Member server,
or a Backup server before allowing it to start the NETLOGON service.

The server must also meet specific user account and group configuration
requirements.  To configure the server properly, follow these steps:

1. Type NET LOGON ADMIN PASSWORD ("password" is literally the default
password for the ADMIN user).  The Admin account will not be validated
and will be logged on as standalone.

2.  Type NET ADMIN to enter the administration screen.

3.  From the Accounts menu at the top of the screen, choose Groups.

4.  Use the <Add Group> option to add a group called "servers".

5.  Choose <OK> and <Done> to save the group and exit the screen.

6.  From the Accounts menu, choose Users.

7.  Choose the <Add User> option to add a new user account.

8.  From the "Create a New User Account" screen, add a user account with
the same name that was given to the server during installation.  Give "user"
capabilities to the account.

9.  From the "Create a New User Account" screen, choose the <Groups> option.
At the next screen, highlight the group "SERVERS" and choose the option
<Join>.

10.  Choose <OK>, <OK>, and <Done> to save the information in each screen
and to exit.

11.  From the Accounts menu, choose Security Settings.

12.  Chose the appropriate server role.  If this is the first server in a
domain, the server role must be Primary.  Other options include Backup or
Member, but these roles are only valid if a Primary server already exists in
the domain.

Note:  The Standalone role will not allow the server to run the NETLOGON
service.

At this point, the NETLOGON service can be started on the server.  To
start the service automatically each time the server boots, add NETLOGON
to the "svrservices=" line in the LANMAN.INI file.

If any of the Account configuration requirements are not met and NETLOGON
is started independently of the Server service by typing NET START NETLOGON,
the following error will appear:

     NET3055: A problem exists with the system configuration.  The
     user accounts system isn't configured correctly.

The service will fail with the above error if any of the following conditions
are true:

 *  There is no Primary server on the domain, and the server role
    has been set to Member or Backup.

 *  The server has been configured as Primary, but no server
    account exists in the user account database.

 *  The server has been configured as Primary and has an account,
    but no group "servers" exists in the accounts database.

 *  The server has been configured as Primary, has a server
    account defined, and has the group SERVERS defined, but does
    NOT list the server account as a member of the group SERVERS.

 *  The server has been configured as Standalone.

For more information, refer to chapter 4 of the Microsoft LAN Manager
Administrator's Guide.

