Microsoft KB Archive/305082

= LDAP_ANONYMOUS Uses the Guest Account as a Template =

Article ID: 305082

Article Last Modified on 5/8/2002

-

APPLIES TO


 * Microsoft Site Server 3.0 Standard Edition

-



This article was previously published under Q305082



SYMPTOMS
If you have installed Site Server 3.0 Service Pack 4 (SP4), when you attempt to start the Site Server LDAP Service (LDAPSVC) and the local guest account has been locked out by policies, you may see the following errors in the application event log:

Event Type: Error

Event Source: LDAPSVC

Event Category: None

Event ID: 481

Description:

Site Server LDAP Service cannot initialize the following object:

GetLastError=87 : Init LdapExtension.

Event Type: Error

Event Source: LDAPSVC

Event Category: None

Event ID: 2500

Description:

The server failed to start due to an initialization error. Verify the configuration. Error description is: GetLastError=1909 : LogonUser for Anonymous users.

GetLastError=1909 maps to &quot;The referenced account is currently locked out and may not be logged on to.&quot; In this case, the referenced account is the LDAP_ANONYMOUS user account. You may also see an associated event in the security event log.



CAUSE
In Site Server 3.0 SP4 and later, the LDAP_ANONYMOUS account is recreated each time LDAPSVC is started. When the local account is recreated, it uses the guest account as a template. The LDAP_ANONYMOUS account has the same settings as that of the guest account; however, the account is not disabled even if the guest account is disabled.



RESOLUTION
To resolve this problem, set the guest account so that it is not locked out.



STATUS
This behavior is by design.



MORE INFORMATION
Prior to SP4 for Site Server 3.0, the LDAP_ANONYMOUS user account password is exposed in the registry in plain text. The LDAP_ANONYMOUS is the default Personalization and Membership anonymous user account that is created as a local Microsoft Windows NT account for anonymous access to Membership Directory.

For additional information on this issue, click the article number below to view the article in the Microsoft Knowledge Base:

248840 Possible Security Problem in LDAP_ANONYMOUS Account

Additional query words: group policy, local template, sp4

Keywords: kbprb KB305082

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.