Changing Password in User Manager Does Not Permit LogonLast reviewed: May 20, 1997Article ID: Q140967 |
The information in this article applies to:
SYMPTOMSAfter you change a user's password in User Manager, logon attempts by this user using the new password may fail with the following error dialog being displayed:
The system could not log you on. Make sure your user name and domain are correct, then type your password again. Letters in passwords must be typed using the correct case. Make sure that Caps Lock is not accidentally on.If the old password is known, you can still log on using the old password. This condition persists for a period of time, then corrects itself. After a while, logon attempts succeed if the new password is used, and fail if the old password is used, as expected.
CAUSEThis error occurs when the following conditions apply:
MORE INFORMATIONDuring startup, a workstation establishes a secure channel with a Domain Controller for the purposes of logon validation. The secure channel may be established with any Domain Controller (the PDC or any BDC.) Once the secure channel is established with a domain controller, it stays connected to the same domain controller until the workstation is shut down and restarted. If there are many BDCs, the secure channel will most likely be with a BDC rather than the PDC. When a user's password is changed via User Manager, the password change is recorded on the PDC only. The change is not replicated immediately to the BDCs. The change is only replicated at the next scheduled replication time or when an administrator manually requests synchronization of one or more BDCs, or the entire domain, from User Manager. Prior to replication, the BDC is unaware of the new password so if a logon is attempted with the new password the BDC treats it as a bad password. The BDC does not reject the bad password immediately. Instead it passes the logon request to the PDC, on the assumption that the password is a new password known to the PDC but not yet been replicated to the BDC. When "User Must Change Password At Next Logon" is in effect, the PDC returns a status of 0xC0000224 (STATUS_PASSWORD_MUST_CHANGE) to the BDC. This indicates a successful logon. However, in response to this status, the BDC was erroneously returning a status of 0xC000006A (STATUS_BAD_PASSWORD) back to the workstation. If the logon with the new password succeeds and the logon with the old password fails, this is most likely due to SAM database synchronization occurring automatically while trying to reproduce the problem. Check the System event log on the BDC for recent NETLOGON events number 5715. This indicates successful partial synchronization of the SAM database, including the new password, which masks the problem. If this is the case, run the sequence again before the next automatic synchronization occurs.
RESOLUTIONUse one of the following to resolve this problem:
STATUSMicrosoft has confirmed this to be a problem in Windows NT version 4.0. This problem was corrected in the latest Microsoft Windows NT 4.0 U.S. Service Pack. For information on obtaining the service pack, query on the following word in the Microsoft Knowledge Base (without the spaces):
S E R V P A C KMicrosoft has confirmed this to be a problem in Windows NT version 3.51. A supported fix is now available, but is not fully regression-tested and should be applied only to systems experiencing this specific problem. Unless you are severely impacted by this specific problem, Microsoft recommends that you wait for the next Service Pack that contains this fix. Contact Microsoft Product Support Services for more information.
|
Additional query words: prodnt 3.51 4.00
© 1998 Microsoft Corporation. All rights reserved. Terms of Use. |