Microsoft KB Archive/318866

From BetaArchive Wiki
Knowledge Base


Outlook Clients Cannot View Global Address List After You Install Security Rollup Package 1 (SRP1) on Global Catalog Server

Article ID: 318866

Article Last Modified on 3/1/2007



APPLIES TO

  • Microsoft Windows 2000 Service Pack 1
  • Microsoft Windows 2000 Service Pack 2
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Service Pack 1
  • Microsoft Windows 2000 Service Pack 2



This article was previously published under Q318866


IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry


SYMPTOMS

After you update your Global Catalog servers with one or both of the following security updates

311401 Windows 2000 Security Rollup Package 1 (SRP1), January 2002


299687 MS01-036: Function Exposed By Using LDAP over SSL Could Enable Passwords to Be Changed


you may experience one or more of the following behaviors:

  • Microsoft Exchange Outlook clients can no longer browse or resolve names from the global address list. The global address list appears to be empty.
  • If you remove a mail profile from a client computer, you can no longer re-establish a connection to the Exchange Server computer (to re-create the profile).
  • You cannot add a network printer by selecting it from the Active Directory. However, you can still add a network printer by selecting it from the tree view.


CAUSE

This behavior may occur if the RestrictAnonymous registry value on the Global Catalog servers is set to 2.

For additional information about the RestrictAnonymous registry value, click the article number below to view the article in the Microsoft Knowledge Base:

246261 How to Use the RestrictAnonymous Registry Value in Windows 2000


To view this registry value, follow these steps.

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Navigate to the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

  3. In the right pane of the Registry Editor window, note the setting of the restrictanonymous value.
  4. Quit Registry Editor.

This behavior occurs because when you turn on (enable) the RestrictAnonymous registry value, this causes Exchange Server to reject access attempts to the global address list if the user's security token contains the Everyone security ID (SID).

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack


The English-language version of this fix should have the following file attributes or later:

   Date         Time   Version           Size     File name
   -----------------------------------------------------------
   27-Feb-2002  19:10  5.0.2195.4959     123,664  Adsldp.dll       
   30-Jan-2002  00:52  5.0.2195.4851     130,832  Adsldpc.dll      
   30-Jan-2002  00:52  5.0.2195.4016      62,736  Adsmsext.dll     
   30-Jan-2002  00:52  5.0.2195.4882     356,624  Advapi32.dll     
   27-Feb-2002  19:10  5.0.2195.4985     135,952  Dnsapi.dll       
   27-Feb-2002  19:10  5.0.2195.4985      95,504  Dnsrslvr.dll     
   27-Feb-2002  19:14  5.0.2195.4848     521,488  Instlsa5.dll     
   27-Feb-2002  19:10  5.0.2195.4951     145,680  Kdcsvc.dll       
   27-Nov-2001  00:33  5.0.2195.4680     199,440  Kerberos.dll     
   07-Feb-2002  19:35  5.0.2195.4914      71,024  Ksecdd.sys
   16-Jan-2002  23:02  5.0.2195.4848     503,568  Lsasrv.dll       
   16-Jan-2002  23:02  5.0.2195.4848      33,552  Lsass.exe        
   08-Dec-2001  00:05  5.0.2195.4745     107,280  Msv1_0.dll       
   27-Feb-2002  19:10  5.0.2195.4917     306,960  Netapi32.dll     
   27-Feb-2002  19:10  5.0.2195.4979     360,208  Netlogon.dll     
   27-Feb-2002  19:10  5.0.2195.4988     916,752  Ntdsa.dll        
   27-Feb-2002  19:10  5.0.2195.4986     388,880  Samsrv.dll       
   30-Jan-2002  00:52  5.0.2195.4874     128,784  Scecli.dll       
   27-Feb-2002  19:10  5.0.2195.4968     299,792  Scesrv.dll       
   30-Jan-2002  00:52  5.0.2195.4600      48,400  W32time.dll      
   06-Nov-2001  19:43  5.0.2195.4600      56,592  W32tm.exe        
   27-Feb-2002  19:10  5.0.2195.4921     125,712  Wldap32.dll      
                



WORKAROUND

To work around this issue, assign a value of 0 (zero) to the RestrictAnonymous registry value. To do this, follow these steps.

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

  1. Log on to the Global Catalog server as Administrator.
  2. Click Start, click Run, type regedit in the Open box, and then click OK.
  3. Navigate to the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

  4. In the right pane of the Registry Editor window, double-click restrictanonymous.
  5. In the Value data box, type 0 (zero), and then click OK.
  6. Quit Registry Editor.
  7. Restart the Global Catalog server.
  8. Repeat steps 1 through 7 for each Global Catalog server.


STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 3.


Additional query words: kbDirServices

Keywords: kbbug kbfix kbwin2000presp3fix kbqfe kbwin2000sp3fix kbsecurity kbdirservices kbhotfixserver KB318866