Event 51 Logged During Failed Host-Initiated Password Change

Host-initiated password changes are not replicated to the Windows NT or Windows 2000 accounts database when you are using the password synchronization feature that is included with Host Integration Server (HIS) 2000.

An event 51 will be logged in the Application Event Log on the Windows NT or Windows 2000 primary domain controller (PDC) where the SNA WinNT Account Synchronization (SnaPMP) service is running when this problem occurs: This problem only occurs when the following registry entry is set to 1, which is the default value:

The SNA Host Account Cache service fails to return the user's previous host password to the SNA WinNT Account Synchronization service so that it can be validated prior to changing the user's Windows NT or Windows 2000 password. The password change request cannot be completed if the previous host password is not available for validation when ValidateHostRequest=1. This results in the event 51 and the failure to change the user's Windows NT/Windows 2000 password.

To resolve this problem, obtain the latest service pack for Host Integration Server 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

If there is no requirement to have a user's previous host password validated by the HIS 2000 host security components before the user's Windows NT/Windows 2000 password is changed, this functionality can be disabled. The validation of a user's previous host password can be disabled by modifying the registry as follows:

1.	Start Registry Editor (Regedt32.exe).
2.	Locate the ValidateHostRequest value under the following key in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SnaPMP\Parameters\ ValidateHostRequest
3.	From the Edit menu, click DWORD, type 0, and then click OK.
4.	Quit Registry Editor.

Microsoft has confirmed that this is a problem in Microsoft Host Integration Server 2000. This problem was first corrected in Host Integration Server 2000 Service Pack 1.

The ValidateHostRequest parameter was added in SNA Server 3.0 SP1. For additional information, click the article number below to view the article in the Microsoft Knowledge Base: The SnaPMP service can be installed on any Windows NT or Windows 2000 domain controller (DC), but it only actually runs on the PDC. If the SnaPMP service is installed on other DCs as well, the ValidateHostRequest parameter should be configured with the same value in case one of the other DCs is ever promoted or assumes the PDC role.

The following Knowledge Base article describes another host-initiated password change problem that occurs with HIS 2000: