Server registration lost after domain password change
Per Salmi
All my SQL Server registration in Enterprise Manager are lost every time I
change my domain user password. Is this a known behaviour of the Enterprise
Manager tool?
I use SQL Server Enterprise Manager 2000 with SP3 and the client OS is
WinXP. The domain is a Win 2003 AD domain.
Best regards,
Per Salmi
Jasper Smith
http://support.microsoft.com/default.aspx?scid=kb;en-us;323280
--
HTH
Jasper Smith (SQL Server MVP)
I support PASS - the definitive, global
community for SQL Server professionals -
http://www.sqlpass.org
"Per Salmi" <per-n...@n0sp4m-litho.se> wrote in message
news:uhzpp2bF...@TK2MSFTNGP11.phx.gbl...
Per Salmi
As soon as I change a password the registrations are lost again.
/Per Salmi
"Jasper Smith" <jasper...@hotmail.com> skrev i meddelandet
news:eXi6pZcF...@TK2MSFTNGP10.phx.gbl...
Billy Yao [MSFT]
I learned that when changing your domain user password on the WinXP client, you will lose registered SQL
Servers in SQL Enterprise Manager. In addition, you applied the method in KB 323280 but the problem
persists if you change the password.
===========================
Based on my experience, even after applying SP1 for Windows XP, we may still experience the same
problem. The methods in the following Knowledge Base (KB) articles should solve the problem you met
with:
323280 FIX: Registered remote servers disappear from SQL Enterprise Manager in
http://support.microsoft.com/?id=323280
316994 Denied Access to Encrypted Files After You Change Your Password
http://support.microsoft.com/?id=316994
===========================
Nevertheless, the fix in XP service pack 1 only works if the registry key "MasterKeyLegacyNt4Domain" is
set on the Windows XP machine:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-
8c7a-00c04fc297eb]
"MasterKeyLegacyNt4Domain"
Type: REG_DWORD
Value: 00000001
To add that key, you can follow the detailed steps below:
a) Open Registry Editor (Start-> Run -> Regedt32)
b) Go to the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-
8c7a-00c04fc297eb
c) Create the follow value (Edit->New->DWORD Value):
Value Name: MasterKeyLegacyNt4Domain
Value Type: REG_DWORD
Value: 00000001
d) Change your network account password and login again to see if the problem goes away.
===========================
If the problem still cannot be suppressed, please help provided us with the following information:
1) Whether or not the problem happens on all WinXP clients which have applied Service Pack 1 and added
that registry key.
2) Please check the 2 DLL files mentioned in the KB 316994 above
Lsasrv.dll & Msv1_0.dll
3) Check if the servers' registration will come back if you change the password back and login again.
4) Determine your SQL Server's actual version by executing the following script in Query Analyzer:
----------------------------------------------------
SELECT @@version
SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY ('productlevel'),
SERVERPROPERTY ('edition')
----------------------------------------------------
Best regards,
Billy Yao
Microsoft Online Support
----------------------------------------------------
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
Please reply to newsgroups only. Thanks.
Per Salmi
reinstalling SP3A for the SQL Server Client Utilities. Still no success...
So here are the answers to the questions:
> 1) Whether or not the problem happens on all WinXP clients which have
applied Service Pack 1 and added
> that registry key.
We have tried the registry fix on one of the developer workstations but all
of our workstations with XP suffers from the same problem.
> 2) Please check the 2 DLL files mentioned in the KB 316994 above
> Lsasrv.dll & Msv1_0.dll
lsasrv.dll is version 5.1.2600.1106
Msv1_0.dll is version 5.1.2600.1106
Is the hotfix mentioned in the acticle replacing these two DLLs? Isn't the
hotfix available to download somewhere?
> 3) Check if the servers' registration will come back if you change the
password back and login again.
Yes, all the servers re-appear when I change the password back to the old
one.
> 4) Determine your SQL Server's actual version by executing the following
script in Query Analyzer:
Three of the server responds like this:
Microsoft SQL Server 2000 - 8.00.859 (Intel X86)
Sep 18 2003 12:53:45
Copyright (c) 1988-2003 Microsoft Corporation
Standard Edition on Windows NT 5.2 (Build 3790: )
8.00.859 SP3 Standard Edition
One older version 7 server responds with:
Microsoft SQL Server 7.00 - 7.00.1094 (Intel X86)
May 29 2003 15:21:25
Copyright (c) 1988-2002 Microsoft Corporation
Desktop Edition on Windows NT 4.0 (Build 1381: Service Pack 6)
Best regards,
Per Salmi
Billy Yao [MSFT]
Thank you for your further information. I'm now clearer that the problem happened on all your WinXP clients
in the following environment:
------------------------------------------------------
Domain:
Win 2003 AD domain
Servers:
Windows 2003 Server
SQL Server 2000 SP3 + Hotfix (8.00.859)
Windows NT 4.0 Server
SQL Server 7.0 SP4
Clients:
Windows XP
------------------------------------------------------
After performing a further researching and deep testing, I could not reproduce your problem on a Windows
XP client that has applied SP1 and added that registry key. As you can see the registered servers in the
SQL Server Enterprise Manager after changing the password back, it seems to the registration information
was lost registration but still in the registry if you use a new password.
Based on my knowledge, all the SQl Servers' registration information is stored in the registry key on the
WinXP client. The possible explanation is after changed the password, the account can no longer access
the encryption key which is used to decrypt the credentials stored under the data column in the following
registry key:
HKCU\Software\Microsoft\Microsoft SQL server\80\tools\sqlew\Registered Servers X\SQL Server Group
To further troubleshoot the problem, I suggest you trying the following instructions:
1) Check if the SQL Server's registration information is present under the registry key mentioned above.
2) Can we export that registry key for the login id. One for successful scenario (before changing password)
and another one for failed scenario (after changing password)?
3) In your client's scenario, is the login id (after changed password) a member of local Admin group on that
machine? If not, please add it to the local Admin group to ensure the proper permissions.
4) If possible, please re-try the method on ANOTHER WinXP machine to see if the problem can be
resolved on another WinXP client:
- a. Apply the WinXP SP1
http://www.microsoft.com/windowsxp/pro/downloads/servicepacks/sp1/default.asp
- b. Add the "MasterKeyLegacyNt4Domain" registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-
11d1-8c7a-00c04fc297eb]
"MasterKeyLegacyNt4Domain"
Type: REG_DWORD
Value: 00000001
- c. Install the latest SQL Server 2000 service pack
http://www.microsoft.com/downloads/details.aspx?FamilyId=90DCD52C-0488-4E46-AFBF-ACACE5369FA3
&displaylang=en
- d. Restart the machine
5) If problem persists after apply the method on another WinXP, we have to consider apply the Hotfix
described in the following KB:
316994 Denied Access to Encrypted Files After You Change Your Password
http://support.microsoft.com/?id=316994
Please read this article and decide if you want to try this fix. To get the fix, you may follow the instructions in
the article, or please send email to (remove "online." from this no Spam email address):
mailto:dsco...@online.microsoft.com with the following information,
* Put "HotFix Request" in the subject line
* Issue ID : 21969354
* KB Article Number :
* e-mail address :
* First Name, Last Name :
* Phone Number :
* Company Name (if any) :
Per, I appreciated your patience and ongoing efforts throughout the troubleshooting process. All our efforts
will make things clear and move closer to the causes and resolutions. If there is anything more I can do to
assist you, please feel free to post it in the group.
Best Regards,
Per Salmi
""Billy Yao [MSFT]"" <v-bi...@online.microsoft.com> skrev i meddelandet
news:pOzVOueH...@cpmsftngxa06.phx.gbl...
> 1) Check if the SQL Server's registration information is present under the
registry key mentioned above.
Yes, all the servers are there each with a binary data block.
> 2) Can we export that registry key for the login id. One for successful
scenario (before changing password)
> and another one for failed scenario (after changing password)?
Yes, I tried accessing them and exported them. It works, I also compared the
two export files and found that the server registration for my local
developer edition differs between the exports. That server registration is
actually the only one that persists in the Enterprise Manager after I chnage
my password.
Per Salmi
""Billy Yao [MSFT]"" <v-bi...@online.microsoft.com> skrev i meddelandet
news:pOzVOueH...@cpmsftngxa06.phx.gbl...
registry key mentioned above.
> 2) Can we export that registry key for the login id. One for successful
scenario (before changing password)
> and another one for failed scenario (after changing password)?
> 3) In your client's scenario, is the login id (after changed password) a
member of local Admin group on that
> machine? If not, please add it to the local Admin group to ensure the
proper permissions.
Yes, it愀 a local administrator.
Per Salmi
writing...
I have tested the registry key setting on another machine and the problem is
still there. So I have sent an order for the hotfix.
The registration entries are available for both "working" and "non working"
user password and can be accessed. The information is the same for all
servers except the (local) server and that is the only one that still shows
up after changing the password!
/Per Salmi