Microsoft KB Archive/313153

= Windows NT account lockout with SQL Server CE Replication and invalid password =

Article ID: 313153

Article Last Modified on 2/12/2007

-

APPLIES TO


 * Microsoft Encarta Interactive World Atlas 2001
 * Microsoft SQL Server 2000 Windows CE Edition 1.1

-



This article was previously published under Q313153



SYMPTOMS
If you use an application based on Microsoft SQL Server 2000 Windows CE Edition (SQL Server CE) Replication or Remote Data Access (RDA), you may receive an error message similar to the following when you use an invalid password for use with Microsoft Internet Information Server (IIS) servers that are set to use Basic or Integrated Windows authentication:

401.1 Unauthorized: Logon Failed after three logon attempts



CAUSE
If you use Basic or Integrated Windows authentication on IIS and the domain administrator sets a lockout on failed login attempts to be less than 30, you will encounter a lockout with a failed password or userid because the SQL Server CE or RDA object retries authentication at least 30 times. The account is locked out before the user is aware of the problem.



RESOLUTION
This behavior is by design. The retries take place in case there are multiple proxy servers.



WORKAROUND
There is no workaround for this behavior. If an account is locked out, only the domain administrator can unlock the account.



STATUS
A design change request has been filed for the next major version of SQL Server CE. Microsoft is researching this problem and will post more information in this article when the information becomes available.



Steps to Reproduce Behavior

 * 1) Have the domain administrator create a policy that revokes account privileges after five (5) failed login attempts (actually, any number less than 30 behaves the same.)
 * 2) For the virtual directory that was set up for use by your SQL Server CE replication or RDA application following the information in SLQ Server CE Books Online, set the authentication method for directory security to use Basic authentication.
 * 3) Create a SQL Server CE application to use the InternetLogin and InternetPassword properties.
 * 4) Fill in the InternetLogin with a valid userid and InternetPassword with an invalid password.
 * 5) Attempt the initial synchronization. After 5 minutes the process fails. If you then try to login to the domain by using the proper userid and password combination, you will find that the account is locked out.

Keywords: kbbug kbnofix KB313153

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.