Article ID: 160783
Article Last Modified on 10/30/2006
APPLIES TO
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional Edition
- Microsoft Windows NT Workstation 3.5
- Microsoft Windows NT Workstation 3.51
- Microsoft Windows NT Workstation 4.0 Developer Edition
- Microsoft Windows NT Server 3.5
- Microsoft Windows NT Server 3.51
- Microsoft Windows NT Server 4.0 Standard Edition
- Microsoft LAN Manager 2.2c
- Microsoft Windows for Workgroups 3.11
- Microsoft Windows 95
- Microsoft Network Client 3.1
This article was previously published under Q160783
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows Registry
SYMPTOMS
You receive the following error message when you use a non-Administrative account on a workstation to log on to a domain.
Windows NT-based client computer
Other Windows-based client computers
Depending on the client, the associated network message number 2240 may also be included with the error message.
Windows 2000-based clients may also receive the following error message during an attempt to map a drive letter to the server:
CAUSE
This issue may occur if the security event log is full, and CrashOnAuditFail is enabled. CrashOnAuditFail may be enabled on a Windows NT 4.0 computer if the C2 Configuration Manager (C2Config.exe) has been run on the computer. When the security log size reaches capacity, only administrators can access the server.
This issue may also occur if the user account is configured to log on from specific workstations.
Note The Logon To option is in the User Properties dialog box.
RESOLUTION
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
To resolve this issue, clear the security log and run C2CONFIG to reset the CrashOnAuditFail value. To do this, follow these steps:
- Restart the computer and log on using an account in the Administrators group.
- Use Event Viewer to clear all events from the security log, archiving the currently logged events. For details, see the "Event Viewer" chapter in the Windows NT Workstation or Windows NT Server System Guide.
- Click Start, click Run, type regedit in the Open box, and then click OK.
- Locate and then delete the
CrashOnAuditFailregistry entry from the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa - Quit Registry Editor, and then restart the computer to cause the change to take effect.
MORE INFORMATION
For additional information about the CrashOnAuditFail registry entry, click the following article numbers to view the articles in the Microsoft Knowledge Base:
149393 CrashOnAuditFail activates on shutdown with ProcessTracking
178208 CrashOnAuditFail with Logon/Logoff Auditing causes blue screen
140058 How to prevent auditable activities when security log is full
STATUS
Microsoft has confirmed that this is a bug in Windows NT version 3.5x and Windows NT version 4.0. Microsoft is researching this problem and will post new information here in the Microsoft Knowledge Base as it becomes available.
Additional query words: permit access policy registry
Keywords: kbbug kberrmsg KB160783
