Change password in windows locks startup

Posted on 2004-11-08
Medium Priority
Last Modified: 2010-04-13

Clients = Windows 2000 Prof users.
Server = Wind 2000 Server AD

When logging in to the newtwork some users are asked to change their password.

Submitting the old and new password, the login/startup process continiues,
but stops almost immedialtely at the "green" blank screen i.e stops before viewing the desktop with the icons and start menue.
The computer is unaccessable and can only be rebooted.

Restarting the computer and logging in with the new password, gives no error but windows stops
at the same blank screen.

Others users that are already logged in, change their password via Windows Security screen (ctrl-alt-del) can change their password
successfully and continue to work with the computer. But next time they reboot the PC, same startup problems occours for them as well.

About half of the users that have changed their passwords has been successful but the other half have had this problem.

Some of the users had Service Pack 2 in Win200 and we thought that was the problem, but different users with SP2 was both successful and
unsuccessful when changing their passwords. So there must some more reasons than old Service Pack versions.

To get pass this startup problem, login was made as admin, the user profile was removed, new login was made which created a new user profile,
and the profile settings was manually restored and the user was up and running.

But what is the real cause for this simple action of changing the password, which causes the startup process to lockup ?
Lost permissions of the user profile ?

Haven't seens this problem before, when users have changed their password, but it happend last week for some computers.


Question by:janostlund
1 Comment

Accepted Solution

brownmattc earned 2000 total points
ID: 12528785
I had a look on the microsoft site and found that SP4 takes care of some problems related to password changing.

Did you check the event logs on the machines in question for errors?

Try the following:

Users can receive the above error messages under a variety of conditions. The underlying cause for these errors is a security registry change involving the RestrictAnonymous value

This problem may also have been fixed in SP3:

When a Windows 2000-based domain controller receives an NTLM authentication request, it tries to validate the password in its database. If it does not succeed, it increments the bad password count, and passes the request to the primary domain controller because the database may not be synchronized.

If the primary domain controller responds to the domain controller that forwarded the request with successful validation, the bad password count for the user on the domain controller should be reset to 0. However, the domain controller is not resetting the count to 0.

This problem may only be seen in the Windows 2000 environment because UAS replication does not occur as frequently as in the Windows NT 4.0 domain environment. User passwords between domain controllers may be out of synchronization for longer period of time. Also, the bad password count field is not replicated between the domain controllers.



Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Applications for our next round of the Experts Exchange Scholarship Contest are starting to roll in. It made us wonder what our past winners are up to these days. Here's a look at what four winners experienced with the contest and what they're doing…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question