tmccabe
asked on
users cant change password c00000be
We have 2 new Win2003 DC's running DNS , WINS and DHCP. We have mostly NT users and we are slowly migrating to XPP for our user community.
We are getting some users calling in saying they cant change their password when they get prompted by the 14 day warning that it's going to exprire.
The error they see is " unable to change the password on this account - C00000BE." Has this to do with licensing or perhaps its an account issue that has to do with the swapping of the DC's ?
We are getting some users calling in saying they cant change their password when they get prompted by the 14 day warning that it's going to exprire.
The error they see is " unable to change the password on this account - C00000BE." Has this to do with licensing or perhaps its an account issue that has to do with the swapping of the DC's ?
ASKER
We have around 250 workstations and servers - that error is coming from NT users. What is MS PSS if I need to contact them for the fixed hotfix ?
Have a look at : http://support.microsoft.com/default.aspx?kbid=198941 It's more apt to your situation
ASKER
thanks Jconchie but I checked all those mentioned in 198141 - the security setting "restrictanonymous" on the DC's is set correctly too
Try installing the Directory Services Client on one of those workstations and try again.
Download here:
http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/adextension.asp
Watch out for this:
http://support.microsoft.com/default.aspx?scid=kb;en-us;293322&Product=ntw40
Download here:
http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/adextension.asp
Watch out for this:
http://support.microsoft.com/default.aspx?scid=kb;en-us;293322&Product=ntw40
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi!
250 workstations and servers means that it´s probably not the same problem. You can check by issuing a
net files|find /i /c "\pipe\samr"
on the console of each DC.
If the number is much lower than 1024, it´s not the problem described in article 833373.
But in order to make a more detailed analysis (wheter it´s that or another problem) you should also publish the errors in the eventlogs of the workstation and the DCs.
Without that information we all just talk - but can´t help...
Lutz
250 workstations and servers means that it´s probably not the same problem. You can check by issuing a
net files|find /i /c "\pipe\samr"
on the console of each DC.
If the number is much lower than 1024, it´s not the problem described in article 833373.
But in order to make a more detailed analysis (wheter it´s that or another problem) you should also publish the errors in the eventlogs of the workstation and the DCs.
Without that information we all just talk - but can´t help...
Lutz
ASKER
Thanks-I will do that and report back
ASKER
we went from all NT DC's (PDC and BDC's) to Win2k mixed mode over a year ago, then this spring to Win2k native DC's and now Im at Win2003 DC's in Windows 2000 mode - not native Win2003 mode (yet)
DC4 is my FSMO and he is also the PDC emulator - both DC3 and DC4 are GC's as well.
I did install the dsclient on all my NT workstations as well.
Tried the "dummy user" new and an older one created when the domain was all nt. Both worked fine and I was allowed to change the password at will
DC4 is my FSMO and he is also the PDC emulator - both DC3 and DC4 are GC's as well.
I did install the dsclient on all my NT workstations as well.
Tried the "dummy user" new and an older one created when the domain was all nt. Both worked fine and I was allowed to change the password at will
Then if this is not happening with too many users, you may try just deleting the affected user accounts and recreating them.
ASKER
I think I will do that-that could be the quicker and easier way to fix this. Thanks to all
ASKER
I forgot to split points and give some to Naydowski - how does one fix that ?
Not to worry, I will post a question in this TA and give points to Naydowski
Thx, but I like to be helpful.
See http://support.microsoft.com/?kbid=833373. The error may come from a buggy RPC security hotfix for NT4. But it should usually only occur if you have more than 1000 NT4 systems (workstations or servers).
It took us months together with MS to find that out. The workaround mentioned in this article is based on the workaround I used in a customer environment.
For solving the problem you may have to ask MS PSS to provide you the "hotfixed hotfix".
Lutz