DOCUMENT:Q176978 06-FEB-2002 [crossnet] TITLE :Error C00000BE When Changing Password PRODUCT :Windows for Workgroups and Windows NT Networking Issues PROD/VER::2000,3.51,4.0 OPER/SYS: KEYWORDS: ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Windows NT Workstation versions 3.51, 4.0 - Microsoft Windows NT Server versions 3.51, 4.0 - Microsoft Windows 95 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Server - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Datacenter Server ------------------------------------------------------------------------------- SYMPTOMS ======== Clients logging on and attempting to change their password receive the following error: Unable to change the password on this account (C00000BE). Please consult your system administrator. Event Viewer Security log shows Event ID 577 - Security-Failure. Audit-Privilege. CAUSE ===== C00000BE indicates STATUS_BAD_NETWORK_PATH. When users change passwords, they connect directly to the primary domain controller. RESOLUTION ========== To work around this problem, do one of the following: - Check physical connectivity by pinging the primary domain controller by IP address and name. - Check connectivity through NET USE * \\PDCNAME\Share at an MS-DOS command prompt. - Review entries in the primary and secondary WINS servers for inaccurate records. - Under User Manager for Domains, Policies, Account, click to clear the "Users must log on in order to change password" check box. - RestrictAnonymous has been set to 1 on the PDC, which prevents the user from connecting to the PDC with a Null Session from the client workstation. The user will not be able to change his or her password before he or she logs on to the domain. The user can change his or her password after he or she logs on to the domain because he or she will not be connecting to the PDC with a null session at that time; the user domain credentials will be passed to the PDC while trying to set up the session. For additional information about RestrictAnonymous, please see the following articles in the Microsoft Knowledge Base: Q143474 Restricting Information Available to Anonymous Logon Users For additional information, please see the following article(s) in the Microsoft Knowledge Base: Q135060 Access Denied Attempting to Change Client Domain Password Additional query words: ====================================================================== Keywords : Technology : kbWinNTsearch kbWinNTWsearch kbWinNTW400 kbWinNTW400search kbWinNT351search kbWinNT400search kbWinNTW351search kbWinNTW351 kbWinNTSsearch kbWinNTS400search kbWinNTS400 kbWinNTS351 kbWinNTS351search kbWin95search kbZNotKeyword3 Version : :2000,3.51,4.0 Hardware : x86 Issue type : kbprb ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2002.