Microsoft KB Archive/318866

= Outlook Clients Cannot View Global Address List After You Install Security Rollup Package 1 (SRP1) on Global Catalog Server =

Article ID: 318866

Article Last Modified on 3/1/2007

-

APPLIES TO


 * Microsoft Windows 2000 Service Pack 1
 * Microsoft Windows 2000 Service Pack 2
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Service Pack 1
 * Microsoft Windows 2000 Service Pack 2

-



This article was previously published under Q318866



IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SYMPTOMS
After you update your Global Catalog servers with one or both of the following security updates

311401 Windows 2000 Security Rollup Package 1 (SRP1), January 2002

299687 MS01-036: Function Exposed By Using LDAP over SSL Could Enable Passwords to Be Changed

you may experience one or more of the following behaviors:
 * Microsoft Exchange Outlook clients can no longer browse or resolve names from the global address list. The global address list appears to be empty.
 * If you remove a mail profile from a client computer, you can no longer re-establish a connection to the Exchange Server computer (to re-create the profile).
 * You cannot add a network printer by selecting it from the Active Directory. However, you can still add a network printer by selecting it from the tree view.



CAUSE
This behavior may occur if the RestrictAnonymous registry value on the Global Catalog servers is set to 2.

For additional information about the RestrictAnonymous registry value, click the article number below to view the article in the Microsoft Knowledge Base:

246261 How to Use the RestrictAnonymous Registry Value in Windows 2000

To view this registry value, follow these steps.

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

 Click Start, click Run, type regedit in the Open box, and then click OK. Navigate to the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

 In the right pane of the Registry Editor window, note the setting of the restrictanonymous value. Quit Registry Editor.

This behavior occurs because when you turn on (enable) the RestrictAnonymous registry value, this causes Exchange Server to reject access attempts to the global address list if the user's security token contains the Everyone security ID (SID).



RESOLUTION
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

The English-language version of this fix should have the following file attributes or later:   Date         Time   Version           Size     File name ---  27-Feb-2002  19:10  5.0.2195.4959     123,664  Adsldp.dll 30-Jan-2002 00:52  5.0.2195.4851     130,832  Adsldpc.dll 30-Jan-2002 00:52  5.0.2195.4016      62,736  Adsmsext.dll 30-Jan-2002 00:52  5.0.2195.4882     356,624  Advapi32.dll 27-Feb-2002 19:10  5.0.2195.4985     135,952  Dnsapi.dll 27-Feb-2002 19:10  5.0.2195.4985      95,504  Dnsrslvr.dll 27-Feb-2002 19:14  5.0.2195.4848     521,488  Instlsa5.dll 27-Feb-2002 19:10  5.0.2195.4951     145,680  Kdcsvc.dll 27-Nov-2001 00:33  5.0.2195.4680     199,440  Kerberos.dll 07-Feb-2002 19:35  5.0.2195.4914      71,024  Ksecdd.sys 16-Jan-2002 23:02  5.0.2195.4848     503,568  Lsasrv.dll 16-Jan-2002 23:02  5.0.2195.4848      33,552  Lsass.exe 08-Dec-2001 00:05  5.0.2195.4745     107,280  Msv1_0.dll 27-Feb-2002 19:10  5.0.2195.4917     306,960  Netapi32.dll 27-Feb-2002 19:10  5.0.2195.4979     360,208  Netlogon.dll 27-Feb-2002 19:10  5.0.2195.4988     916,752  Ntdsa.dll 27-Feb-2002 19:10  5.0.2195.4986     388,880  Samsrv.dll 30-Jan-2002 00:52  5.0.2195.4874     128,784  Scecli.dll 27-Feb-2002 19:10  5.0.2195.4968     299,792  Scesrv.dll 30-Jan-2002 00:52  5.0.2195.4600      48,400  W32time.dll 06-Nov-2001 19:43  5.0.2195.4600      56,592  W32tm.exe 27-Feb-2002 19:10  5.0.2195.4921     125,712  Wldap32.dll

<div class="workaround_section">

WORKAROUND
To work around this issue, assign a value of 0 (zero) to the RestrictAnonymous registry value. To do this, follow these steps.

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

 Log on to the Global Catalog server as Administrator.</li> Click Start, click Run, type regedit in the Open box, and then click OK.</li> Navigate to the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

</li> In the right pane of the Registry Editor window, double-click restrictanonymous.</li> In the Value data box, type 0 (zero), and then click OK.</li> Quit Registry Editor.</li> Restart the Global Catalog server.</li> Repeat steps 1 through 7 for each Global Catalog server.</li></ol>

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 3.

Additional query words: kbDirServices

Keywords: kbbug kbfix kbwin2000presp3fix kbqfe kbwin2000sp3fix kbsecurity kbdirservices kbhotfixserver KB318866

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.