XCLN: Client Unable to Change Windows NT Password

ID: Q236111

The information in this article applies to:

Microsoft Exchange Windows 95/98 client, versions 4.0, 5.0
Microsoft Exchange Windows NT client, versions 4.0, 5.0
Microsoft Outlook Windows 95/98 client, versions 8.0, 8.01, 8.02, 8.03, 8.04, 8.5, 9.0
Microsoft Outlook Windows NT client, versions 8.0, 8.01, 8.02, 8.03, 8.04, 8.5, 9.0
Microsoft Exchange Windows 3.x client, versions 4.0, 5.0
Microsoft Exchange Macintosh client, versions 4.0, 5.0
Microsoft Outlook for Macintosh, Exchange Server Edition, versions 8.0, 8.1, 8.2

IMPORTANT: This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs. For information about how to do this, view the "Restoring the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help topic in Regedt32.exe.

SYMPTOMS

When a Microsoft Exchange Client or Microsoft Outlook user changes the Windows NT password either by clicking Change Password in the Enter Password dialog box or by using the Tools menu, clicking Options, clicking the Security tab, clicking Change Settings, and then clicking Password, one of the following error messages is displayed:

The Windows NT Domain password could not be changed. A required action was not successful due to an unspecified error.

The Windows NT password could not be changed. Please check the information and try again.

CAUSE

The client is not logged on to the domain that the password is changed in, or to a trusted domain. Therefore, the client cannot establish a remote procedure call (RPC) connection to the Local Security Authority (LSA) to change the password.

The following clients have this problem:

Clients that use the NetWare Client software.

For additional information about how NetWare Clients change passwords, please see the following article in the Microsoft Knowledge Base:

Q148420 XCLN: Can't Change Password on Novell Client

Clients that use Macintosh messaging clients.

For additional information about how Macintosh messaging clients change passwords, please see the following article in the Microsoft Knowledge Base:

Q156182 XCLN: Changing Windows NT 4.0 Password in Microsoft Exchange

Clients that use Banyan Vines protocol.

For additional information about Banyan Vines protocol, please see the following article in the Microsoft Knowledge Base:

Q140641 Updated Samsrv.dll Supports AppleTalk and Banyan Vines Clients

Clients that log on to an untrusted Windows NT domain or a workgroup.

RESOLUTION

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

For information about how to edit the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. If you are running Windows NT, you should also update your Emergency Repair Disk (ERD).

NOTE: Normally, registry entries are not case sensitive. However, these entries are case sensitive. When you add any of these new keys, be sure to match the case exactly.

Add the following registry values to the primary domain controller (PDC):

Start Registry Editor (Regedt32.exe).

Under the HKEY_LOCAL_MACHINE subtree, go to the following subkey:

SYSTEM\CurrentControlSet\Control\LSA

On the Edit menu, click Add Value.

Add one of the following values, depending on which protocol is shared between the clients and the PDC:

NetWareClientSupport

TCPIPClientSupport

VinesClientSupport

AppletalkClientSupport

In the Data Type field, select REG_DWORD, and then click OK.

In the DWORD editor, in the Data field, type 1.

Click OK. The new value appears.

You must restart the PDC for the changes to take effect.

MORE INFORMATION

When an Exchange or Outlook client changes a Windows NT password, the client asks the Exchange Server computer for the name of the PDC in the domain. The client computer then establishes an RPC connection with the LSA on the PDC.

The LSA, by default, has no endpoint mapped for TCP/IP, IPX/SPX, AppleTalk, or Banyan Vines. It does not have this problem with named pipes. Clients that log on to the same domain as the PDC have no problem making a named pipes connection and changing their passwords.

Additional query words:


Keywords          : 
Version           : MACINTOSH:8.0,8.1,8.2; WINDOWS:4.0,5.0,8.0,8.01,8.02,8.03,8.04,8.5,9.0
Platform          : MACINTOSH WINDOWS 
Issue type        : kbprb

Last Reviewed: July 14, 1999