Microsoft KB Archive/253540

From BetaArchive Wiki
Knowledge Base

Encryption Pack Installation May Not Work If User GUID Is Too Long

Article ID: 253540

Article Last Modified on 10/30/2006


  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Professional Edition

This article was previously published under Q253540


After you install the Windows 2000 High Encryption Pack and it appears to succeed, any program that relies on 128-bit security (such as Microsoft Internet Explorer) may still report 56-bit security in use rather than 128-bit after you reboot the computer.


This problem occurs when the administrative account being used to install the encryption pack has a Globally Unique Identifier (GUID) that is longer than 1,024 bytes. The encryption pack Setup program only allocates a 1,024-byte buffer for this value when it is attempting to verify whether or not the user has permissions to run Setup. If the GUID is too long, validation does not succeed and the encryption pack Setup is not run.

With most local administrative accounts, this is not a problem. It currently has only occurred with domain administrator accounts that have been migrated from a Microsoft Windows NT 4.0 domain to a Windows 2000 domain. In this case, the GUID may sometimes be too long.


To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack


Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 1.

Keywords: kbhotfixserver kbqfe kbbug kbfix kbqfe kbwin2000sp1fix KB253540