Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Event 51 Logged During Failed Host-Initiated Password Change


View products that this article applies to.

This article was previously published under Q310934
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 (http://support.microsoft.com/kb/256986/EN-US/) Description of the Microsoft Windows Registry

↑ Back to the top


Symptoms

Host-initiated password changes are not replicated to the Windows NT or Windows 2000 accounts database when you are using the password synchronization feature that is included with Host Integration Server (HIS) 2000.

An event 51 will be logged in the Application Event Log on the Windows NT or Windows 2000 primary domain controller (PDC) where the SNA WinNT Account Synchronization (SnaPMP) service is running when this problem occurs:
Event ID: 51
Source: SNA Host Security
Description: The Windows NT Account Synchronization service could not validate an RPC request.
This problem only occurs when the following registry entry is set to 1, which is the default value:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SnaPMP\Parameters\ ValidateHostRequest

↑ Back to the top


Cause

The SNA Host Account Cache service fails to return the user's previous host password to the SNA WinNT Account Synchronization service so that it can be validated prior to changing the user's Windows NT or Windows 2000 password. The password change request cannot be completed if the previous host password is not available for validation when ValidateHostRequest=1. This results in the event 51 and the failure to change the user's Windows NT/Windows 2000 password.

↑ Back to the top


Resolution

To resolve this problem, obtain the latest service pack for Host Integration Server 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
328152 How to Obtain the Latest Host Integration Server 2000 Service Pack

↑ Back to the top


Workaround

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

If there is no requirement to have a user's previous host password validated by the HIS 2000 host security components before the user's Windows NT/Windows 2000 password is changed, this functionality can be disabled. The validation of a user's previous host password can be disabled by modifying the registry as follows:
1.Start Registry Editor (Regedt32.exe).
2.Locate the ValidateHostRequest value under the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SnaPMP\Parameters\ ValidateHostRequest
3.From the Edit menu, click DWORD, type 0, and then click OK.
4.Quit Registry Editor.

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in Microsoft Host Integration Server 2000. This problem was first corrected in Host Integration Server 2000 Service Pack 1.

↑ Back to the top


More information

The ValidateHostRequest parameter was added in SNA Server 3.0 SP1. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
164652 Verify Old Passwords Before Updating SNA Host Account Database
The SnaPMP service can be installed on any Windows NT or Windows 2000 domain controller (DC), but it only actually runs on the PDC. If the SnaPMP service is installed on other DCs as well, the ValidateHostRequest parameter should be configured with the same value in case one of the other DCs is ever promoted or assumes the PDC role.

The following Knowledge Base article describes another host-initiated password change problem that occurs with HIS 2000:
310517 Event 1301 Logged During Host-Initiated Password Change

↑ Back to the top


Keywords: KB310934, kbhostintegserv2000sp1fix, kbhostintegserv2000presp1fix, kbfix, kbbug

↑ Back to the top

Article Info
Article ID : 310934
Revision : 3
Created on : 2/22/2007
Published on : 2/22/2007
Exists online : False
Views : 377