Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Description of the Windows Server 2008 read-only domain controller compatibility pack for Windows Server 2003 clients and for Windows XP clients and for Windows Vista

Description of the Windows Server 2008 read-only domain controller compatibility pack for Windows Server 2003 clients and for Windows XP clients and for Windows Vista

View products that this article applies to.

INTRODUCTION

This article describes the Windows Server 2008 read-only domain controller (RODC) compatibility pack for Windows Server 2003 clients and for Windows XP clients. This update addresses compatibility issues that occur with down-level clients that do not support Windows Server 2008 RODC features. The information in this article also applies to Windows Server 2008 R2 RODC. 

↑ Back to the top

More Information

You do not necessarily have to apply this update before you can deploy a read-only domain controller. Sometimes, compatibility issues do not affect your deployment. Or, you may be able to use a workaround instead of applying the update.

The following sections describe the following items:
  • The symptom that is associated with each compatibility issue
  • The RODC deployment scenario in which the issue occurs and the clients that are affected by the issue
  • The issue's influence
  • A workaround for the issue, if a workaround is available

Issue 1

Symptom

If a client can access only read-only domain controllers, Windows Management Instrumentation (WMI) filters that are configured for Group Policy are not applied. Additionally, the Gpsvc.log file contains the following information:

Scenario and affected clients

This issue affects clients in a site that has only read-only domain controllers available.

Influence

The Group Policy object to which the WMI filters are linked may not be applied.

Workaround

No workaround is available for this issue.

Issue 2

Symptom

Internet Protocol security (IPsec) policies cannot be applied, and Win32 error code 8219 (ERROR_POLICY_OBJECT_NOT_FOUND) is returned when only Windows Server 2008 read-only domain controllers are available.

Scenario and affected clients

This issue affects clients in a site that has only read-only domain controllers available. Typically, this issue occurs in a branch office scenario.

Influence

Computers that are running Windows 2000, Windows XP, or Windows Server 2003 do not receive IPsec policies that are applied by a read-only domain controller.

Workaround

No workaround is available for this issue.

Issue 3

Symptom

Windows Server 2003 member computers and Windows XP member computers do not synchronize Win32 time with Windows Server 2008 read-only domain controllers.

Scenario and affected clients

This issue affects clients in a site that has only read-only domain controllers available. Typically, this issue occurs in a branch office scenario or in a perimeter network scenario in which a writable domain controller cannot be contacted.

Note A perimeter network is also known as "DMZ," "demilitarized zone," and "screened subnet."

Influence

If the time of services is severely asynchronous, you may receive error messages when you try to access resources on the network.

Workaround

To work around this issue, configure the client computers to synchronize time from another domain controller that is available on the network.

Issue 4

Symptom

Computers in a perimeter network cannot join the domain.

Scenario and affected clients

This issue affects clients in a site that has only read-only domain controllers available. Typically, this issue occurs in a branch office scenario or in a perimeter network scenario.

Influence

Computers cannot join the domain even though the computer account and the password are pre-populated on the read-only domain controller.

Workaround

To work around this issue, create firewall rules to enable a writable domain controller to be contacted.

Or, bridge the perimeter network and intranet networks. Do this only when your organization's policies allow for this operation.

Issue 5

Symptom

In a site that has only read-only domain controllers available, users try to change their passwords on computers that are running Windows 2000, Windows XP, or Windows Server 2003. When the users do this, the password change operation fails.

Scenario and affected clients

This issue affects clients in a site that has only read-only domain controllers available. Typically, this issue occurs in a perimeter network scenario.

Influence

Users cannot change their passwords.

Workaround

To work around this issue, create firewall rules to enable a writable domain controller to be contacted. Or, have the users change passwords by using a computer that is running Windows Vista or Windows Server 2008.

Issue 6

Symptom

Windows Server 2008 read-only domain controllers cannot retrieve or create the public key certificate by using the LsaRetrievePrivateData function or the LsaStorePrivateData function.

The call to the LsaRetrievePrivateData function finishes. However, a NULL value is returned for the private data.

The call to the LsaStorePrivateData function fails, and error code 0xc0000034 is returned.

Scenario and affected clients

This issue affects clients in a site that has only read-only domain controllers available. Typically, this issue occurs in a branch office scenario or in a perimeter network scenario.

Influence

The Data Protection API (DPAPI) on clients that can access only read-only domain controllers cannot decrypt master keys unless these clients previously contacted a writable domain controller and retrieved a public key certificate. Even though a writable domain controller is available, the DPAPI still cannot decrypt master keys if the nearest domain controller is a read-only domain controller.

Workaround

When the DPAPI tries to decrypt master keys, make sure that the client has access to only a writable domain controller.

Note Typically, the DPAPI tries to decrypt master keys during password changes.

Issue 7

Symptom

When you try to publish a printer, the published printer may not work correctly.

Scenario and affected clients

This issue affects clients in a site that has only read-only domain controllers available. Typically, this issue occurs in a branch office scenario.

Influence

If a read-only domain controller receives a request to publish a printer, the read-only domain controller forwards the request to a writable domain controller. The spooler tries to read from the read-only domain controller immediately after the write action is implemented. However, the spooler does this before the printer publish information is replicated to the read-only domain controller. Therefore, the publish operation fails.

Workaround

No workaround is available for this issue.

Issue 8

Symptom

In a site that has only read-only domain controllers available, you use the Find Printer dialog box on a client computer that is running Windows 2000, Windows XP, or Windows Server 2003. When you do this, the Find Printer dialog box stops responding.

Scenario and affected clients

This issue affects clients in a site that has only read-only domain controllers available. Typically, this issue occurs in a branch office scenario.

Influence

Users cannot find printers that are published in Active Directory Domain Services.

Workaround

No workaround is available for this issue.

Issue 9

Symptom

Active Directory Service Interfaces (ADSI) API functions in Windows Server 2003 and in Windows XP always send requests to a remote writable domain controller instead of to a local read-only domain controller.

Scenario and affected clients

This issue affects clients in a site that has only read-only domain controllers available. Typically, this issue occurs in a branch office scenario.

Influence

This issue causes unnecessary network traffic and access latency.

Workaround

Make sure that all clients have connectivity to a writable domain controller when these clients call ADSI API functions. Do this even if the function calls make only read operations.

Issue 10

Symptom

Domain controllers that are running Windows Server 2003 perform automatic site coverage for sites that have read-only domain controllers.

Scenario and affected clients

This issue affects domain controllers that provide automatic site coverage for other branch office sites. Typically, this issue occurs in a branch office scenario.

Note This issue is unlike other issue that is listed in the article. For other issues, if you do not implement a suggested workaround, you apply a hotfix to clients that interact with an RODC. For this issue, if you do not implement a suggested workaround, you apply the hotfix to Windows Server 2003 domain controllers that perform automatic site coverage for sites that have an RODC. After you apply the hotfix, Windows Server 2003 domain controllers are able to detect RODC's in sites that would otherwise have been treated as empty. Additionally, the hotfix prevents Windows Server 2003 domain controllers publishing SRV records in the DNS of these sites, if this is required by automatic site coverage.

Influence

A domain controller that is running Windows Server 2003 may register its DNS SRV resource records for a site that contains a read-only domain controller. Therefore, the clients may not authenticate as expected with the local read-only domain controller. However, they may use DC's in other sites instead. 

Workaround

To work around this issue, use one of the following methods:
  • Make sure that only domain controllers that are running Windows Server 2008 are present in the site that is closest to the read-only domain controller site.
  • Disable automatic site coverage on domain controllers that are running Windows Server 2003. Be aware that this affects the publication of SRV records for all sites that the Windows Server 2003 domain controller treats as empty. For more information about automatic site coverage, visit the following Microsoft web site:

    http://technet.microsoft.com/en-us/library/cc732322(WS.10).aspx

Issue 11

Symptom

Domain controllers that are running Windows Server 2003 fail performing automatic site coverage, also for sites they should cover. The Netlogon.log contains the following information:
[CRITICAL] NlSitesUpdateSiteCoverage: Cannot DsGetDomainControllerInfoW 87 (=ERROR_INVALID_PARAMETER

Scenario and affected clients

This issue affects clients in sites that have no local domain controller available.

Influence

The Dc Locator on the client may not be able to find the closest site. This may slow down the logon process and GPO application.

Workaround

Disable AutoSiteCoverage and cover DC-less sites manually.
 

Update information


Note
  • The hotfix that is available in this Microsoft Knowledge Base article does not apply to Windows 2000 Server or to Windows 2000 Professional.
  • Windows Vista SP1 does not need any hotfixes. Therefore, only Vista RTM is affected.

For more information about known issues for deploying RODCs, visit the following Web site:
http://technet.microsoft.com/it-it/library/cc725669(WS.10).aspx
The following files are available for download from the Microsoft Download Center:

Update for Windows Server 2003
Download Download the Update for Windows Server 2003 package now.

Update for Windows Server 2003 for Itanium-based systems
Download Download the Update for Windows Server 2003 for Itanium-based Systems package now.

Update for Windows Server 2003 x64 Edition
Download Download the Update for Windows Server 2003 x64 Edition package now.

Update for Windows XP x64 Edition
Download Download the Update for Windows XP x64 Edition package now.

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Windows XP update information

Prerequisites

To apply this hotfix, you must have Windows XP Service Pack 2 or Windows XP Service Pack 3 installed.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
322389 How to obtain the latest Windows XP service pack
 

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace a previously released hotfix.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Windows XP with Service Pack 2, x86-based versions
File name File version File size Date Time Platform SP requirement
Adsldp.dll 5.1.2600.3365 176,128 05-May-2008 11:08 x86 SP2
Adsmsext.dll 5.1.2600.3365 68,096 05-May-2008 11:08 x86 SP2
Dsuiext.dll 5.1.2600.3365 113,152 05-May-2008 11:08 x86 SP2
Gptext.dll 5.1.2600.3365 199,680 05-May-2008 11:08 x86 SP2
Localspl.dll 5.1.2600.3365 343,040 05-May-2008 11:08 x86 SP2
Lsasrv.dll 5.1.2600.3365 727,040 05-May-2008 11:08 x86 SP2
Msv1_0.dll 5.1.2600.3365 132,608 05-May-2008 11:08 x86 SP2
Netlogon.dll 5.1.2600.3365 407,040 05-May-2008 11:08 x86 SP2
Ntdsapi.dll 5.1.2600.3365 68,096 05-May-2008 11:08 x86 SP2
Policman.dll 5.1.2600.3365 92,672 05-May-2008 11:08 x86 SP2
W32time.dll 5.1.2600.3365 175,104 05-May-2008 11:08 x86 SP2
W32tm.exe 5.1.2600.3365 52,736 03-May-2008 10:15 x86 SP2
Wkssvc.dll 5.1.2600.3365 134,144 05-May-2008 11:08 x86 SP2
Windows XP with Service Pack 3, x86-based versions
File name File version File size Date Time Platform SP requirement
Adsldp.dll 5.1.2600.5582 176,128 17-Apr-2008 14:50 x86 SP3
Adsmsext.dll 5.1.2600.5582 68,096 17-Apr-2008 04:50 x86 SP3
Dsuiext.dll 5.1.2600.5582 113,152 17-Apr-2008 04:50 x86 SP3
Gptext.dll 5.1.2600.5582 199,680 17-Apr-2008 04:50 x86 SP3
Localspl.dll 5.1.2600.5582 343,040 17-Apr-2008 04:50 x86 SP3
Lsasrv.dll 5.1.2600.5582 728,064 17-Apr-2008 04:50 x86 SP3
Msv1_0.dll 5.1.2600.5594 132,608 05-May-2008 11:06 x86 SP3
Netlogon.dll 5.1.2600.5582 407,040 17-Apr-2008 04:50 x86 SP3
Ntdsapi.dll 5.1.2600.5582 68,096 17-Apr-2008 04:50 x86 SP3
Policman.dll 5.1.2600.5582 92,672 17-Apr-2008 04:50 x86 SP3
W32time.dll 5.1.2600.5582 175,104 17-Apr-2008 04:50 x86 SP3
W32tm.exe 5.1.2600.5594 52,736 03-May-2008 11:57 x86 SP3
Wkssvc.dll 5.1.2600.5582 134,144 17-Apr-2008 04:50 x86 SP3

↑ Back to the top

Windows Server 2003 update information

Prerequisites

To apply this hotfix, you must have Windows Server 2003 Service Pack 1 or Windows Server 2003 Service Pack 2 installed.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
889100 How to obtain the latest service pack for Windows Server 2003

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace a previously released hotfix.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Windows Server 2003 with Service Pack 1, x86-based versions
File nameFile versionFile sizeDateTimePlatformSP requirement
Adsldp.dll5.2.3790.3123178,17621-Apr-200807:04x86SP1
Adsmsext.dll5.2.3790.312369,63221-Apr-200807:04x86SP1
Dsuiext.dll5.2.3790.3123119,80821-Apr-200807:04x86SP1
Gptext.dll5.2.3790.3123235,00821-Apr-200807:04x86SP1
Localspl.dll5.2.3790.3123348,67221-Apr-200807:04x86SP1
Lsasrv.dll5.2.3790.3123822,78421-Apr-200807:04x86SP1
Msv1_0.dll5.2.3790.3123144,89621-Apr-200807:04x86SP1
Netlogon.dll5.2.3790.3123426,49621-Apr-200807:04x86SP1
Ntdsa.dll5.2.3790.31201,525,76015-Apr-200810:20x86SP1
Ntdsapi.dll5.2.3790.312373,72821-Apr-200807:04x86SP1
Policman.dll5.2.3790.312371,16821-Apr-200807:04x86SP1
W03a2409.dll5.2.3790.309029,69614-Feb-200809:41x86SP1
W32time.dll5.2.3790.3123227,32821-Apr-200807:04x86SP1
W32tm.exe5.2.3790.312355,80817-Apr-200811:22x86SP1
Wkssvc.dll5.2.3790.3123134,65621-Apr-200807:04x86SP1
Windows Server 2003 with Service Pack 2, x86-based versions
File nameFile versionFile sizeDateTimePlatformSP requirement
Adsldp.dll5.2.3790.4275178,68821-Apr-200806:52x86SP2
Adsmsext.dll5.2.3790.427569,63221-Apr-200806:52x86SP2
Dsuiext.dll5.2.3790.4275119,80821-Apr-200806:52x86SP2
Gptext.dll5.2.3790.4275235,00821-Apr-200806:52x86SP2
Localspl.dll5.2.3790.4275342,52821-Apr-200806:52x86SP2
Lsasrv.dll5.2.3790.4275815,61621-Apr-200806:52x86SP2
Msv1_0.dll5.2.3790.4275143,36021-Apr-200806:52x86SP2
Netlogon.dll5.2.3790.4272437,24815-Apr-200810:07x86SP2
Ntdsa.dll5.2.3790.42721,526,78415-Apr-200810:07x86SP2
Ntdsapi.dll5.2.3790.427273,21615-Apr-200810:07x86SP2
Policman.dll5.2.3790.427571,16821-Apr-200806:52x86SP2
W32time.dll5.2.3790.4275227,32821-Apr-200806:52x86SP2
W32tm.exe5.2.3790.427555,80817-Apr-200811:39x86SP2
Wkssvc.dll5.2.3790.4275134,65621-Apr-200806:52x86SP2
Windows Server 2003 with Service Pack 1, Itanium-based versions
File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Adsldp.dll5.2.3790.3123516,09609-May-200808:17IA-64SP1Not applicable
Adsmsext.dll5.2.3790.3123208,38409-May-200808:17IA-64SP1Not applicable
Dsuiext.dll5.2.3790.3123247,80809-May-200808:17IA-64SP1Not applicable
Gptext.dll5.2.3790.3123567,80809-May-200808:17IA-64SP1Not applicable
Localspl.dll5.2.3790.3123967,68009-May-200808:17IA-64SP1Not applicable
Lsasrv.dll5.2.3790.31232,163,20009-May-200808:17IA-64SP1Not applicable
Msv1_0.dll5.2.3790.3123390,14409-May-200808:17IA-64SP1Not applicable
Netlogon.dll5.2.3790.3123989,69609-May-200808:17IA-64SP1Not applicable
Ntdsa.dll5.2.3790.31204,276,73609-May-200808:17IA-64SP1Not applicable
Ntdsapi.dll5.2.3790.3123211,96809-May-200808:18IA-64SP1Not applicable
Policman.dll5.2.3790.3123258,04809-May-200808:18IA-64SP1Not applicable
W03a2409.dll5.2.3790.309028,67209-May-200808:18IA-64SP1Not applicable
W32time.dll5.2.3790.3123578,56009-May-200808:18IA-64SP1Not applicable
W32tm.exe5.2.3790.3123139,26409-May-200808:18IA-64SP1Not applicable
Wkssvc.dll5.2.3790.3123326,65609-May-200808:18IA-64SP1Not applicable
Wadsldp.dll5.2.3790.3123178,17609-May-200808:18x86SP1WOW
Wadsmsext.dll5.2.3790.312369,63209-May-200808:18x86SP1WOW
Wdsuiext.dll5.2.3790.3123119,80809-May-200808:18x86SP1WOW
Wgptext.dll5.2.3790.3123235,00809-May-200808:18x86SP1WOW
Wmsv1_0.dll5.2.3790.3123144,89609-May-200808:18x86SP1WOW
Wnetlogon.dll5.2.3790.3123426,49609-May-200808:18x86SP1WOW
Wntdsa.dll5.2.3790.31201,525,76009-May-200808:18x86SP1WOW
Wntdsapi.dll5.2.3790.312373,72809-May-200808:18x86SP1WOW
Ww03a2409.dll5.2.3790.309029,69609-May-200808:18x86SP1WOW
Ww32time.dll5.2.3790.3123227,32809-May-200808:18x86SP1WOW
Ww32tm.exe5.2.3790.312355,80809-May-200808:18x86SP1WOW
Windows Server 2003 with Service Pack 2, Itanium-based versions
File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Adsldp.dll5.2.3790.4275516,09609-May-200808:24IA-64SP2Not applicable
Adsmsext.dll5.2.3790.4275208,38409-May-200808:24IA-64SP2Not applicable
Dsuiext.dll5.2.3790.4275247,80809-May-200808:24IA-64SP2Not applicable
Gptext.dll5.2.3790.4275568,32009-May-200808:24IA-64SP2Not applicable
Localspl.dll5.2.3790.4275968,19209-May-200808:24IA-64SP2Not applicable
Lsasrv.dll5.2.3790.42752,165,24809-May-200808:24IA-64SP2Not applicable
Msv1_0.dll5.2.3790.4275390,14409-May-200808:24IA-64SP2Not applicable
Netlogon.dll5.2.3790.4272989,69609-May-200808:24IA-64SP2Not applicable
Ntdsa.dll5.2.3790.42724,279,80809-May-200808:25IA-64SP2Not applicable
Ntdsapi.dll5.2.3790.4272211,96809-May-200808:25IA-64SP2Not applicable
Policman.dll5.2.3790.4275258,04809-May-200808:25IA-64SP2Not applicable
W32time.dll5.2.3790.4275578,56009-May-200808:25IA-64SP2Not applicable
W32tm.exe5.2.3790.4275139,26409-May-200808:25IA-64SP2Not applicable
Wkssvc.dll5.2.3790.4275326,65609-May-200808:25IA-64SP2Not applicable
Wadsldp.dll5.2.3790.4275178,68809-May-200808:25x86SP2WOW
Wadsmsext.dll5.2.3790.427569,63209-May-200808:25x86SP2WOW
Wdsuiext.dll5.2.3790.4275119,80809-May-200808:25x86SP2WOW
Wgptext.dll5.2.3790.4275235,00809-May-200808:25x86SP2WOW
Wmsv1_0.dll5.2.3790.4275143,36009-May-200808:25x86SP2WOW
Wnetlogon.dll5.2.3790.4272437,24809-May-200808:25x86SP2WOW
Wntdsa.dll5.2.3790.42721,526,78409-May-200808:25x86SP2WOW
Wntdsapi.dll5.2.3790.427273,21609-May-200808:25x86SP2WOW
Ww32time.dll5.2.3790.4275227,32809-May-200808:25x86SP2WOW
Ww32tm.exe5.2.3790.427555,80809-May-200808:25x86SP2WOW
Windows Server 2003 with Service Pack 1, x64-based versions
File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Adsldp.dll5.2.3790.3123342,01609-May-200808:17x64SP1Not applicable
Adsmsext.dll5.2.3790.3123105,47209-May-200808:17x64SP1Not applicable
Dsuiext.dll5.2.3790.3123149,50409-May-200808:17x64SP1Not applicable
Gptext.dll5.2.3790.3123326,65609-May-200808:17x64SP1Not applicable
Localspl.dll5.2.3790.3123750,08009-May-200808:17x64SP1Not applicable
Lsasrv.dll5.2.3790.31231,566,72009-May-200808:17x64SP1Not applicable
Msv1_0.dll5.2.3790.3123260,60809-May-200808:17x64SP1Not applicable
Netlogon.dll5.2.3790.3123690,17609-May-200808:17x64SP1Not applicable
Ntdsa.dll5.2.3790.31202,969,60009-May-200808:17x64SP1Not applicable
Ntdsapi.dll5.2.3790.3123132,60809-May-200808:17x64SP1Not applicable
Policman.dll5.2.3790.3123131,07209-May-200808:17x64SP1Not applicable
W03a2409.dll5.2.3790.309030,20809-May-200808:17x64SP1Not applicable
W32time.dll5.2.3790.3123407,55209-May-200808:17x64SP1Not applicable
W32tm.exe5.2.3790.312379,36009-May-200808:17x64SP1Not applicable
Wkssvc.dll5.2.3790.3123228,35209-May-200808:17x64SP1Not applicable
Wadsldp.dll5.2.3790.3123178,17609-May-200808:17x86SP1WOW
Wadsmsext.dll5.2.3790.312369,63209-May-200808:17x86SP1WOW
Wdsuiext.dll5.2.3790.3123119,80809-May-200808:17x86SP1WOW
Wgptext.dll5.2.3790.3123235,00809-May-200808:17x86SP1WOW
Wmsv1_0.dll5.2.3790.3123144,89609-May-200808:17x86SP1WOW
Wnetlogon.dll5.2.3790.3123426,49609-May-200808:17x86SP1WOW
Wntdsa.dll5.2.3790.31201,525,76009-May-200808:17x86SP1WOW
Wntdsapi.dll5.2.3790.312373,72809-May-200808:17x86SP1WOW
Ww03a2409.dll5.2.3790.309029,69609-May-200808:17x86SP1WOW
Ww32time.dll5.2.3790.3123227,32809-May-200808:17x86SP1WOW
Ww32tm.exe5.2.3790.312355,80809-May-200808:17x86SP1WOW
Windows Server 2003 with Service Pack 2, x64-based versions
File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Adsldp.dll5.2.3790.4275342,01609-May-200808:24x64SP2Not applicable
Adsmsext.dll5.2.3790.4275105,47209-May-200808:24x64SP2Not applicable
Dsuiext.dll5.2.3790.4275149,50409-May-200808:24x64SP2Not applicable
Gptext.dll5.2.3790.4275327,16809-May-200808:24x64SP2Not applicable
Localspl.dll5.2.3790.4275750,08009-May-200808:24x64SP2Not applicable
Lsasrv.dll5.2.3790.42751,567,23209-May-200808:24x64SP2Not applicable
Msv1_0.dll5.2.3790.4275260,60809-May-200808:24x64SP2Not applicable
Netlogon.dll5.2.3790.4272690,17609-May-200808:24x64SP2Not applicable
Ntdsa.dll5.2.3790.42722,971,13609-May-200808:24x64SP2Not applicable
Ntdsapi.dll5.2.3790.4272132,60809-May-200808:25x64SP2Not applicable
Policman.dll5.2.3790.4275131,07209-May-200808:25x64SP2Not applicable
W32time.dll5.2.3790.4275407,55209-May-200808:25x64SP2Not applicable
W32tm.exe5.2.3790.427579,36009-May-200808:25x64SP2Not applicable
Wkssvc.dll5.2.3790.4275228,35209-May-200808:25x64SP2Not applicable
Wadsldp.dll5.2.3790.4275178,68809-May-200808:25x86SP2WOW
Wadsmsext.dll5.2.3790.427569,63209-May-200808:25x86SP2WOW
Wdsuiext.dll5.2.3790.4275119,80809-May-200808:25x86SP2WOW
Wgptext.dll5.2.3790.4275235,00809-May-200808:25x86SP2WOW
Wmsv1_0.dll5.2.3790.4275143,36009-May-200808:25x86SP2WOW
Wnetlogon.dll5.2.3790.4272437,24809-May-200808:25x86SP2WOW
Wntdsa.dll5.2.3790.42721,526,78409-May-200808:25x86SP2WOW
Wntdsapi.dll5.2.3790.427273,21609-May-200808:25x86SP2WOW
Ww32time.dll5.2.3790.4275227,32809-May-200808:25x86SP2WOW
Ww32tm.exe5.2.3790.427555,80809-May-200808:25x86SP2WOW

Windows Vista service pack information

To resolve this problem, you can install the latest Windows Vista service pack.

For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:
935791 How to obtain the latest Windows Vista service pack

Windows Vista update information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

No prerequisites are required.

Restart Requirement

You must restart the computer after you apply this hotfix.

Hotfix Replacement Information

This hotfix does not replace a previously released hotfix.

File Information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

Windows Vista, x86-based versions

File nameFile versionFile sizeDateTimePlatform
Adsmsext.dll6.0.6000.2102776,28814-Mar-200903:14x86
Adsldp.dll6.0.6000.21027186,36814-Mar-200903:14x86
Ksecdd.sys6.0.6000.16386407,14413-Dec-200719:56x86
Lsa-ppdlic.xrm-msNot Applicable2,99814-Mar-200902:50Not Applicable
Lsasrv.dll6.0.6000.210271,234,43214-Mar-200903:15x86
Lsass.exe6.0.6000.210277,68014-Mar-200901:02x86
Secur32.dll6.0.6000.2102772,70414-Mar-200903:18x86
Policman.dll6.0.6000.2102781,40814-Mar-200903:18x86
Policman.mofNot Applicable12,15013-Mar-200922:37Not Applicable
Wkssvc.dll6.0.6000.21027158,20814-Mar-200903:18x86
Workstationservice-ppdlic.xrm-msNot Applicable2,99014-Mar-200902:51Not Applicable

Windows Vista, x64-based versions

File nameFile versionFile sizeDateTimePlatform
Adsmsext.dll6.0.6000.21027105,47214-Mar-200903:36x64
Adsldp.dll6.0.6000.21027237,05614-Mar-200903:36x64
Ksecdd.sys6.0.6000.16386477,80014-Dec-200721:35x64
Lsa-ppdlic.xrm-msNot Applicable2,99814-Mar-200903:17Not Applicable
Lsasrv.dll6.0.6000.210271,662,97614-Mar-200903:37x64
Lsass.exe6.0.6000.210279,72814-Mar-200901:27x64
Secur32.dll6.0.6000.2102795,23214-Mar-200903:40x64
Policman.dll6.0.6000.21027130,04814-Mar-200903:40x64
Policman.mofNot Applicable12,15013-Mar-200922:38Not Applicable
Wkssvc.dll6.0.6000.21027201,72814-Mar-200903:41x64
Workstationservice-ppdlic.xrm-msNot Applicable2,99014-Mar-200903:17Not Applicable
Secur32.dll6.0.6000.2102777,31214-Mar-200903:18x86
Adsmsext.dll6.0.6000.2102776,28814-Mar-200903:14x86
Adsldp.dll6.0.6000.21027186,36814-Mar-200903:14x86
Policman.dll6.0.6000.2102781,40814-Mar-200903:18x86
Policman.mofNot Applicable12,15013-Mar-200922:37Not Applicable

About WMI filters

You can use a WMI filter to specify criteria that must be met before the linked Group Policy object is applied to a computer. The WMI filter can filter the computers to which you want to apply the Group Policy settings so that you do not have to subdivide your organizational unit.

How to enable logging in the Gpsvc.log file

To enable logging in the Gpsvc.log file, follow these steps.


Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
  1. Click Start, click Run, type regedit, and then click
    OK.
  2. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
  3. On the Edit menu, point to
    New, and then click Key.
  4. Type Diagnostics, and then press ENTER.
  5. Right-click the Diagnostics subkey, point to New, and then click DWORD Value.
  6. Type GPSvcDebugLevel, and then press ENTER.
  7. Right-click GPSvcDebugLevel, and then click Modify.
  8. In the Value data box, type
    0x30002, and then click OK.
  9. Exit Registry Editor.
  10. At a command prompt, type the following command, and then press ENTER:
    gpupdate /force
  11. View the Gpsvc.log file in the following folder:
    %windir%\debug\usermode

    Note - if the usermode folder does not exist under %WINDIR%\debug\ the gpsvc.log file will not be created. If the usermode folder does not exist, create it under %windir%\debug.
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

↑ Back to the top

Keywords: kb, atdownload, kbqfe, kbhotfixserver, kbfix, kbbug, kbexpertiseinter, kbwinserv2003postsp2fix, kbcontactcsshotfix, kbwinxppostsp3fix

↑ Back to the top

Article Info
Article ID : 944043
Revision : 3
Created on : 4/9/2020
Published on : 4/9/2020
Exists online : False
Views : 504