Service pack information
To resolve this problem, obtain the
latest service pack for Windows Server 2003. For more information, click the
following article number to view the article in the Microsoft Knowledge Base:
889100 How to obtain the latest service pack for Windows Server 2003
Hotfix information
A
supported hotfix is available from Microsoft. However, this hotfix is intended
to correct only the problem that is described in this article. Apply this
hotfix only to systems that are experiencing this specific problem. This hotfix
might receive additional testing. Therefore, if you are not severely affected
by this problem, we recommend that you wait for the next software update that
contains this hotfix.
If the hotfix is available for download, there
is a "Hotfix download available" section at the top of this Knowledge Base
article. If this section does not appear, contact Microsoft Customer Service
and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required,
you might have to create a separate service request. The usual support costs
will apply to additional support questions and issues that do not qualify for
this specific hotfix. For a complete list of Microsoft Customer Service and
Support telephone numbers or to create a separate service request, visit the
following Microsoft Web site:
Note The "Hotfix download available" form displays the languages for
which the hotfix is available. If you do not see your language, it is because a
hotfix is not available for that language.
Prerequisites
You must be running Windows Server 2003 SP1 to apply this hotfix.
Note x64-based versions of Windows Server 2003 do not require this
service pack.
Restart requirement
You must restart the computer after you apply this hotfix. Also, a
restart is required after you make the registry key change that is described in
the "To enable the hotfix" section.
Hotfix replacement information
This hotfix does not replace any other hotfixes.
File information
The English version of this hotfix has the file
attributes (or later file attributes) that are listed in the following table.
The dates and times for these files are listed in Coordinated Universal Time
(UTC). When you view the file information, it is converted to local time. To
find the difference between UTC and local time, use the
Time
Zone tab in the
Date and Time item in Control
Panel.
Windows Server 2003, x86-based versions
| File name | File version | File
size | Date | Time | Platform | SP
requirement | Service branch |
|---|
| Advapi32.dll | 5.2.3790.2516 | 620,032 | 11-Jan-2006 | 03:24 | x86 | SP1 | SP1QFE |
Windows Server 2003, x64-based versions
| File name | File version | File
size | Date | Time | Platform | SP
requirement | Service branch |
|---|
| Advapi32.dll | 5.2.3790.2516 | 1,051,136 | 11-Jan-2006 | 03:04 | x64 | SP1 | SP1QFE |
| Wadvapi32.dll | 5.2.3790.2516 | 620,032 | 11-Jan-2006 | 03:04 | x86 | SP1 | WOW |
Registry information
Important This section, method, or task contains steps that tell you how to
modify the registry. However, serious problems might occur if you modify the
registry incorrectly. Therefore, make sure that you follow these steps
carefully. For added protection, back up the registry before you modify it.
Then, you can restore the registry if a problem occurs. For more information
about how to back up and restore the registry, click the following article
number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
To enable the hotfix, add the
DontUseSecureNPForRemote entry to the following registry subkey. Then, set this
entry to a value of 1.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteRegistry\Parameters
To do this, follow these steps:
- Click Start, click Run,
type regedit, and then click
OK.
- Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteRegistry\Parameters
- On the Edit menu, point to
New, and then click DWORD Value.
- Type DontUseSecureNPForRemote, and
then press ENTER.
- Right-click DontUseSecureNPForRemote, and
then click Modify.
- In the Value data box, type
1, and then click OK.
- Exit Registry Editor.
Note If the DontUseSecureNPForRemote entry is not set to 1 after this
hotfix is applied, the following event may be logged when the computer tries to
connect to a clustered network name that has Kerberos enabled:
Event
Type: Error
Event Source: Kerberos
Event Category: None
Event
ID: 4
Description: The kerberos client received a KRB_AP_ERR_MODIFIED
error from the server host/<node name> . The target name used was
<virtual cluster name>. This indicates that the password used to encrypt
the kerberos service ticket is different than that on the target server.
Commonly, this is due to identically named machine accounts in the target realm
(childdomain.rootdomain.COM), and the client realm. Please contact your system
administrator.
The client's connection attempt to a clustered network
name that has Kerberos enabled succeeds even though this event is logged. Set
the DontUseSecureNPForRemote entry to 1 to prevent this event from being
logged.
If
the failure auditing of the "Audit logon events" policy is enabled, Event 529 may also be logged several times per second in the security
event log of the cluster node:
Event Type: Failure Audit
Event Source: Security
Event
Category: Logon/Logoff
Event ID: 529
User: NT AUTHORITY\SYSTEM
Computer: ClusterNode
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: -
Logon Type: 3
Logon Process: Kerberos
Authentication
Package: Kerberos
Workstation Name: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: -
Source Port: -
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.