Microsoft KB Archive/166730

= Unencrypted Passwords May Cause SP3 to Fail to Connect to SMB Servers =

Article ID: 166730

Article Last Modified on 11/1/2006

-

APPLIES TO


 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Server 4.0 Standard Edition
 * Microsoft Windows NT 4.0 Service Pack 3

-



This article was previously published under Q166730



SYMPTOMS
After upgrading your Windows NT 4.0 computer to Service Pack 3 (SP3), you are unable to connect to certain non-Microsoft Server Message Block (SMB) servers and you may receive the following error message:

System error 1240 has occurred.

The account is not authorized to login from this station.



CAUSE
Some non-Microsoft SMB servers only support unencrypted (plain text) password exchanges during authentication.

The SMB client redirector in Windows NT 4.0 Service Pack 3 and later handles unencrypted passwords differently than previous versions of Windows NT. Beginning with Windows NT 4.0 Service Pack 3, the SMB redirector does not send an unencrypted password during authentication to an SMB server unless you add a specific registry entry.

In previous versions, the client would automatically negotiate downward to unencrypted (plain text) authentication if requested from the server.



RESOLUTION
Check with the vendor of the SMB server product to see if there is a way to support encrypted password authentication, or if there is a newer version of the product that adds this support.

Alternatively, to enable unencrypted (plain text) passwords for the SMB client on Windows NT 4.0 Service Pack 3 and newer systems, modify the registry in the following way:

WARNING: Enabling this will allow unencrypted (plain text) passwords to be sent across the network when authenticating to an SMB server that requests this option. This can lessen the overall security of an environment and should only be done after careful consideration of the consequences of plain text passwords in your specific environment.

WARNING: Using the registry editor incorrectly can cause serious, system-wide problems that may require you to reinstall Windows NT. Microsoft cannot guarantee that any problems resulting from the use of the registry editor can be solved. Use this tool at your own risk.  Run Registry Editor (Regedt32.exe). From the HKEY_LOCAL_MACHINE subtree, go to the following key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters

 On the Edit menu, click Add Value.  Add the following:      Value Name: EnablePlainTextPassword Data Type: REG_DWORD Data: 1  Click OK and then quit Registry Editor. Shut down and restart Windows NT.</li></ol>

To enable unencrypted (plain text) passwords in an automated setup, modify the registry in the following way:

Add the following line to the Product.Add.Reg section of the Update.inf file:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters, "EnablePlainTextPassword", 0x10001, 1

Additional query words: 4.00 VAX log in login 2510

Keywords: kbinfo kbnetwork KB166730

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.