When you create a global Servers group on your PDC, Windows NT Server and Workstations may be mistaken for LanMan BDCs. This is because Windows NT will use the secure channel account password to authenticate with the PDC. The PDC finds a matching user account in the Servers group for the Windows NT system and considers it to be a LanMan BDC. During challenge/response authentication, the PDC uses the user account password instead of the secure channel password to authenticate the Windows NT system. This causes the logon failure.
If no LanMan BDC exists, remove the Servers group. Stop and restart the Netlogon service.
If LanMan BDCs exist, then remove the user accounts from the Servers group for the Windows NT systems experiencing this problem.