I set up an internal Web site on our network to test remote password changes using the IISADMPWD on a W2K SP4 server. I enabled basic authentication on the site and when I use an account where the password has already expired, I am prompted to change my password. After I do that, I receive a message stating the change was successful. The network password changes, but the Web site will not accept any password for that account. I can change the account password on the domain controller, but no Web site on that server will allow that account to authenticate. It seems like the local security database is now hosed. I tried adding UserTokenTTL to the registry with a one minute discard, but it did not help.
This is a tricky one. The problem may have nothing to do with basic
and may not be remedied by adding
to the registry. This obscure issue cropped up on message boards in late 2004 and, according to Microsoft, is caused by an issue in the Active Directory Services Interfaces (ADSI). To be more specific, this problem occurs when ADSI is used by an Active Server Page (ASP) Web site in Windows 2000 and later for authentication purposes. The issue stems from synching the
with the account name used in Windows versions prior to Windows 2000.
Microsoft issued hotfix 833734 last year to address the problem and posted an article with details on its Web site at http://support.microsoft.com/default.aspx?scid=kb;en-us;833734. While, the hotfix was only for Windows 2003 Server, this article provides further insight into the exact problem you describe. The Microsoft hotfix is only temporary -- they plan to roll it up in the release of the next Windows 2003 Server service pack. In the meantime, try entering the UPN without the domain name in the user name field. Some users have said that works in Windows 2000 SP4 systems.
This was last published in February 2006
Dig Deeper on Password management and policy
Learn about the purpose of CAPTCHA challenges that enable websites to differentiate bots from authentic users to stop spammers from hijacking forums ...
Proper planning is at the top of the list for single sign-on best practices, but it's important to get enterprise SSO implementations off to a good ...
After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that ...