Microsoft KB Archive/236111

= Client unable to change Windows NT or Windows 2000 password =

Article ID: 236111

Article Last Modified on 1/24/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Exchange Client 4.0 for Macintosh
 * Microsoft Exchange Client 5.0 for Macintosh
 * Microsoft Exchange Client 4.0
 * Microsoft Exchange Client 5.0
 * Microsoft Exchange Client 5.5
 * Microsoft Exchange Client 5.0
 * Microsoft Outlook 2001 for Mac
 * Microsoft Outlook 8.0 Exchange Server Edition for Macintosh
 * Microsoft Outlook 8.1 Exchange Server Edition for Macintosh
 * Microsoft Outlook 8.2 Exchange Server Edition for Macintosh
 * Microsoft Outlook 2002 Standard Edition
 * Microsoft Outlook 2000 Standard Edition
 * Microsoft Outlook 98 Standard Edition
 * Microsoft Outlook 97 Standard Edition

-



This article was previously published under Q236111



Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry



SYMPTOMS
When a Microsoft Exchange Client or Microsoft Outlook user changes the Windows NT or Windows 2000 password either by clicking Change Password in the Enter Password dialog box or on the Tools menu, clicking Options, on the Security tab, clicking Change Settings, and then clicking Password, one of the following error messages is displayed:

The Windows NT Domain password could not be changed. A required action was not successful due to an unspecified error.

The Windows NT password could not be changed. Please check the information and try again.

NOTE: The error messages begin with "The Windows 2000..." when you change a Windows 2000 password.



CAUSE
The client is not logged on to the domain that the password is changed in, or to a trusted domain. Therefore, the client cannot establish a remote procedure call (RPC) connection to the Local Security Authority (LSA) to change the password.

The following clients have this problem:  Clients that use the NetWare Client software. For more information about how NetWare Clients change passwords, click the following article number to view the article in the Microsoft Knowledge Base:

148420 Can't change password on Novell client

 Clients that use Macintosh messaging clients. For more information about how Macintosh messaging clients change passwords, click the following article number to view the article in the Microsoft Knowledge Base:

156182 Changing Windows NT 4.0 password in Microsoft Exchange

 Clients that use Banyan Vines protocol. For more information about Banyan Vines protocol, click the following article number to view the article in the Microsoft Knowledge Base:

140641 Updated Samsrv.dll supports AppleTalk and Banyan Vines clients

 Clients that log on to an untrusted Windows NT domain or a workgroup.



RESOLUTION
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

NOTE: Normally, registry entries are not case sensitive. However, these entries are case sensitive. When you add any of these new keys, be sure to match the case exactly.

Add the following registry values to the PDC in a NT Domain or the PDC-Emulator in a Windows 2000 Domain:  Start Registry Editor (Regedt32.exe).</li> Under the HKEY_LOCAL_MACHINE subtree, go to the following subkey:

SYSTEM\CurrentControlSet\Control\LSA

</li> If you are using Windows NT, on the Edit menu, click Add Value.

Note If you are using Windows 2000, on the Edit menu, point to New, and then click DWORD Value.</li> Add one of the following values, depending on which protocol is shared between the clients and the PDC:

'''NetWareClientSupport

TCPIPClientSupport

VinesClientSupport

AppletalkClientSupport'''

</li> If you are using Windows NT, in the Data Type field, select REG_DWORD, and then click OK.</li> In the DWORD editor, in the Data field, type 1 .</li> Click OK. The new value appears.</li> You must restart the PDC for the changes to take effect.</li></ol>

<div class="moreinformation_section">

MORE INFORMATION
When an Outlook client changes a Windows NT or a Windows 2000 password, the client asks the Exchange Server computer for the name of the PDC in a NT 4.0 domain or the PDC-Emulator in a Windows 2000 domain. The client then establishes an RPC connection with the LSA on the PDC or PDC-Emulator.

To locate the server running the PDC-Emulator role use the NETDOM tool from the Windows Support tools on the Windows 2000 Server CD and execute the following command.

NETDOM QUERY FSMO

Note the server name listed next to the line labeled PDC Role will be the server to get the registry values added.

The LSA, by default, has no endpoint mapped for TCP/IP, IPX/SPX, AppleTalk, or Banyan Vines. It does not have this problem with named pipes. Clients that log on to the same domain as the PDC have no problem making a named pipes connection and changing their passwords.

This registry change mentioned in the "Resolution" section of this article should be made on the server running the PDC-Emulator role in a Windows 2000 Domain. If the Role of the PDC-Emulator moves to another Domain Controller in the Windows 2000 Domain, the registry on the new Domain Controller will need to be updated with the registry change.

Additional query words: 8.0 8.01 8.02 8.03 8.04 8.5 9.0

Keywords: kbprb KB236111

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.