Microsoft KB Archive/939995

= If you enter your credentials on a locked Windows CE 5.0-based device, you may be prompted to enter your credentials again when you try to access a network resource =

Article ID: 939995

Article Last Modified on 9/19/2007

-

APPLIES TO


 * Microsoft Windows CE 5.0

-



SYMPTOMS
Consider the following scenario:
 * You lock a Microsoft Windows CE 5.0-based device.
 * You reset the device. When you reset the device, you are prompted for your credentials.
 * You enter your credentials and unlock the device.

In this scenario, when you try to access a network resource for which you saved credentials previously, you are prompted to enter your credentials again.



CAUSE
This problem occurs if the credential manager service is already running before you try to access the network resource. When the device is locked, credential manager cannot read its master key. If credential manager cannot read its master key, credential manager cannot decrypt or verify any previously saved credentials.



WORKAROUND
To work around this problem, use one of the following methods.

Method 1
After you enter your credentials, manually stop and then restart the credential manager service. To do this, click Start, click Run, type &quot;services unload cred0:&quot;, &quot;services load credsvc&quot;, and then click OK.

Method 2
Change the code in the following files, and then rebuild the Windows CE 5.0 image:   In the Public\Wceshellfe\Oak\Ctlpnl\Cplmain\Passwd.cpp file, remove the following lines of code in the PasswdDlgProc function. if (fSet) {               WCHAR szUserName[128]; DWORD cchUser = ARRAYSIZEOF(szUserName); if (GetUserNameExW(NameWindowsCeLocal, szUserName, &cchUser )) {                   // set the user secret used for CryptProtectData APIs only if power on password is checked // Since we don't store the password on the device, the user needs to provide it after a warm reset // so as that SetCurrentUser can succeed. if (dwStatus) SetUserData((PBYTE)sz1, (_tcslen(sz1))*sizeof(TCHAR)); else SetUserData(NULL, 0);  // no password used for CryptProtectData }           }   In the Public\Common\Oak\Drivers\Startui\Startui.cpp file, remove the following lines of code in the CanDestroyDialog function. // authenticate the &quot;default&quot; user, but don't create // the password is used to unlock the user's sensitive data SetCurrentUser(L&quot;default&quot;, (PBYTE)szText, _tcslen(szText)*sizeof(TCHAR), FALSE ); 



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.



MORE INFORMATION
For more information about credential manager, visit the following Microsoft Developer Network (MSDN) Web site:

http://msdn2.microsoft.com/en-us/library/ms925891.aspx

For information about master key storage, visit the following MSDN Web site:

http://msdn2.microsoft.com/en-us/library/ms885505.aspx



Keywords: kbexpertiseadvanced kbtshoot kbpubtypekc KB939995

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.