Outlook Clients Cannot View Global Address List After You Install Security Rollup Package 1 (SRP1) on Global Catalog Server (318866)
The information in this article applies to:
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP2
This article was previously published under Q318866 IMPORTANT: This article contains information about modifying the registry. Before you
modify the registry, make sure to back it up and make sure that you understand how to restore
the registry if a problem occurs. For information about how to back up, restore, and edit the
registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows Registry
SYMPTOMS
After you update your Global Catalog servers with one or both of the following security updates
311401 Windows 2000 Security Rollup Package 1 (SRP1), January 2002
299687 MS01-036: Function Exposed By Using LDAP over SSL Could Enable Passwords to Be Changed
you may experience one or more of the following behaviors:
- Microsoft Exchange Outlook clients can no longer browse or resolve names from the global address list. The global address list appears to be empty.
- If you remove a mail profile from a client computer, you can no longer re-establish a connection to the Exchange Server computer (to re-create the profile).
- You cannot add a network printer by selecting it from the Active Directory. However, you can still add a network printer by selecting it from the tree view.
CAUSE
This behavior may occur if the RestrictAnonymous registry value on the Global Catalog servers is set to 2. For additional information about the RestrictAnonymous registry value, click the article number below
to view the article in the Microsoft Knowledge Base:
246261 How to Use the RestrictAnonymous Registry Value in Windows 2000
To view this registry value, follow these steps.
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may
require you to reinstall your operating system. Microsoft cannot guarantee that you can solve
problems that result from using Registry Editor incorrectly. Use Registry Editor at your own
risk. - Click Start, click Run, type regedit in the Open box, and then click OK.
- Navigate to the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa - In the right pane of the Registry Editor window, note the setting of the restrictanonymous value.
- Quit Registry Editor.
This behavior occurs because when you turn on (enable) the RestrictAnonymous registry value, this causes Exchange Server to reject access attempts to the global address list if the user's security token contains the Everyone security ID (SID).
RESOLUTIONTo resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the
Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
The English-language version of this fix should have the following file attributes or later:
Date Time Version Size File name
-----------------------------------------------------------
27-Feb-2002 19:10 5.0.2195.4959 123,664 Adsldp.dll
30-Jan-2002 00:52 5.0.2195.4851 130,832 Adsldpc.dll
30-Jan-2002 00:52 5.0.2195.4016 62,736 Adsmsext.dll
30-Jan-2002 00:52 5.0.2195.4882 356,624 Advapi32.dll
27-Feb-2002 19:10 5.0.2195.4985 135,952 Dnsapi.dll
27-Feb-2002 19:10 5.0.2195.4985 95,504 Dnsrslvr.dll
27-Feb-2002 19:14 5.0.2195.4848 521,488 Instlsa5.dll
27-Feb-2002 19:10 5.0.2195.4951 145,680 Kdcsvc.dll
27-Nov-2001 00:33 5.0.2195.4680 199,440 Kerberos.dll
07-Feb-2002 19:35 5.0.2195.4914 71,024 Ksecdd.sys
16-Jan-2002 23:02 5.0.2195.4848 503,568 Lsasrv.dll
16-Jan-2002 23:02 5.0.2195.4848 33,552 Lsass.exe
08-Dec-2001 00:05 5.0.2195.4745 107,280 Msv1_0.dll
27-Feb-2002 19:10 5.0.2195.4917 306,960 Netapi32.dll
27-Feb-2002 19:10 5.0.2195.4979 360,208 Netlogon.dll
27-Feb-2002 19:10 5.0.2195.4988 916,752 Ntdsa.dll
27-Feb-2002 19:10 5.0.2195.4986 388,880 Samsrv.dll
30-Jan-2002 00:52 5.0.2195.4874 128,784 Scecli.dll
27-Feb-2002 19:10 5.0.2195.4968 299,792 Scesrv.dll
30-Jan-2002 00:52 5.0.2195.4600 48,400 W32time.dll
06-Nov-2001 19:43 5.0.2195.4600 56,592 W32tm.exe
27-Feb-2002 19:10 5.0.2195.4921 125,712 Wldap32.dll
WORKAROUND
To work around this issue, assign a value of 0 (zero) to the RestrictAnonymous registry value. To do this, follow these steps.
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may
require you to reinstall your operating system. Microsoft cannot guarantee that you can solve
problems that result from using Registry Editor incorrectly. Use Registry Editor at your own
risk. - Log on to the Global Catalog server as Administrator.
- Click Start, click Run, type regedit in the Open box, and then click OK.
- Navigate to the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa - In the right pane of the Registry Editor window, double-click restrictanonymous.
- In the Value data box, type 0 (zero), and then click OK.
- Quit Registry Editor.
- Restart the Global Catalog server.
- Repeat steps 1 through 7 for each Global Catalog server.
STATUSMicrosoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 3.
| Modification Type: | Minor | Last Reviewed: | 9/30/2005 |
|---|
| Keywords: | kbHotfixServer kbQFE kbbug kbDirServices kbfix kbSecurity kbWin2000PreSP3Fix kbWin2000sp3fix KB318866 |
|---|
|