Re: Server registration lost after domain password change

From: Billy Yao [MSFT] (v-binyao_at_online.microsoft.com)
Date: 04/09/04 

Date: Fri, 09 Apr 2004 04:31:47 GMT

Hi Per,

Thank you for your further information. I'm now clearer that the problem happened on all your WinXP clients
in the following environment:

------------------------------------------------------
Domain:
Win 2003 AD domain

Servers:
Windows 2003 Server
SQL Server 2000 SP3 + Hotfix (8.00.859)

Windows NT 4.0 Server
SQL Server 7.0 SP4

Clients:
Windows XP
------------------------------------------------------

After performing a further researching and deep testing, I could not reproduce your problem on a Windows
XP client that has applied SP1 and added that registry key. As you can see the registered servers in the
SQL Server Enterprise Manager after changing the password back, it seems to the registration information
was lost registration but still in the registry if you use a new password.

Based on my knowledge, all the SQl Servers' registration information is stored in the registry key on the
WinXP client. The possible explanation is after changed the password, the account can no longer access
the encryption key which is used to decrypt the credentials stored under the data column in the following
registry key:

HKCU\Software\Microsoft\Microsoft SQL server\80\tools\sqlew\Registered Servers X\SQL Server Group

To further troubleshoot the problem, I suggest you trying the following instructions:

1) Check if the SQL Server's registration information is present under the registry key mentioned above.

2) Can we export that registry key for the login id. One for successful scenario (before changing password)
and another one for failed scenario (after changing password)?

3) In your client's scenario, is the login id (after changed password) a member of local Admin group on that
machine? If not, please add it to the local Admin group to ensure the proper permissions.

4) If possible, please re-try the method on ANOTHER WinXP machine to see if the problem can be
resolved on another WinXP client:

- a. Apply the WinXP SP1
http://www.microsoft.com/windowsxp/pro/downloads/servicepacks/sp1/default.asp

- b. Add the "MasterKeyLegacyNt4Domain" registry key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-
11d1-8c7a-00c04fc297eb]

"MasterKeyLegacyNt4Domain"
Type: REG_DWORD
Value: 00000001

- c. Install the latest SQL Server 2000 service pack
http://www.microsoft.com/downloads/details.aspx?FamilyId=90DCD52C-0488-4E46-AFBF-ACACE5369FA3
&displaylang=en

- d. Restart the machine

5) If problem persists after apply the method on another WinXP, we have to consider apply the Hotfix
described in the following KB:

316994 Denied Access to Encrypted Files After You Change Your Password
http://support.microsoft.com/?id=316994
 
Please read this article and decide if you want to try this fix. To get the fix, you may follow the instructions in
the article, or please send email to (remove "online." from this no Spam email address):
mailto:dscommhf@online.microsoft.com with the following information,
 
 * Put "HotFix Request" in the subject line
 * Issue ID : 21969354
 * KB Article Number :
 * e-mail address :
 * First Name, Last Name :
 * Phone Number :
 * Company Name (if any) :

Per, I appreciated your patience and ongoing efforts throughout the troubleshooting process. All our efforts
will make things clear and move closer to the causes and resolutions. If there is anything more I can do to
assist you, please feel free to post it in the group.

Best Regards,

Billy Yao
Microsoft Online Support
----------------------------------------------------
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
Please reply to newsgroups only. Thanks.

Relevant Pages

  • RE: RPC Problem
    ... the registry anymore. ... reinstalling it (read that this should uninstall and reinstall the RPC ... Also it seemed that the server was creating traffic ... > Import the registry key to the faulty computer, ...
    (microsoft.public.windows.server.sbs)
  • RE: issues authentication w/2003 server AND SP1, IIS 6, FPSE 2002
    ... Server 2003 with Service Pack 1. ... In Registry Editor, locate and then click the following registry key: ... > following article number to view the article in the Microsoft Knowledge Base: ...
    (microsoft.public.frontpage.extensions.windowsnt)
  • Re: ISA and IIS services getting confused
    ... the ServicePackNumber is set to 1 in the registry. ... you need to verify that you had applied SBS 2003 ... On the SBS server, click Start, click Run, type "regedit" (without ... To successfully install SBS 2003 SP1, ...
    (microsoft.public.windows.server.sbs)
  • RE: I cant run the routing and remote access wizard
    ... Since i sent you the emails - hope you received them - I have run a registry ... http://localhost on the server box. ... Please enable IIS logging and reproduced the issue and collect IIS log ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • RE: SBS 2003 SP1 Upgrade - MSDE 2000 Service Pack 4 did not instal
    ... This newsgroup only focuses on SBS technical issues. ... before I can down the SBS Server and complete this procedure. ... SBSISA2K4SETUP: Entering LaunchMsdeSp4 ... wanted in the Registry. ...
    (microsoft.public.windows.server.sbs)