SYMPTOMS
If the user logon name is different from the pre-Windows 2000 user logon name (that is, if the UPN name is different from the security account manager name), the user cannot log on to Microsoft Content Management Server (CMS) 2001 by using the user principal name (UPN) logon method.
ExampleThe logon name portion of the user logon name is "someone".
The UPN for this user is someone@example.com.
If the pre-Windows 2000 name for this user is not EXAMPLE\someone, the CMS 2001 logon will not be successful if you try to log on as someone@example.com. If the logon is not successful, the AEUser table in the CMS database may also contain entries that are not valid for that user account. These entries must be removed so that the user can log on again. In this example, the database that is not valid has the following form:
UserId Username UsernameUpper UserSID
------ ------------------------- ------------------------- -------
38 WinNT://EXAMPLE\someone1 WINNT://EXAMPLE\SOMEONE1 NULL
RESOLUTION
A
supported fix is now available from Microsoft, but it is only intended to
correct the problem that is described in this article. Apply it only to
computers that are experiencing this specific problem. This fix may receive
additional testing. Therefore, if you are not severely affected by this
problem, Microsoft recommends that you wait for the next Microsoft Content
Management Server 2001 service pack that contains this hotfix.
To resolve
this problem immediately, contact Microsoft Product Support Services to obtain
the fix. For a complete list of Microsoft Product Support Services phone
numbers and information about support costs, visit the following Microsoft Web
site:
NOTE: In special cases, charges that are ordinarily incurred for
support calls may be canceled if a Microsoft Support Professional determines
that a specific update will resolve your problem. The typical support costs
will apply to additional support questions and issues that do not qualify for
the specific update in question.
The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the
Time Zone tab in the Date and Time tool in Control Panel.
Date Time Version Size File name
--------------------------------------------------------------
03-Jan-2003 20:11 4.1.1033.0 147,456 Aesecurityservice.exe
Note Because of file dependencies, this update requires Microsoft Content
Management Server 2001 Service Pack 1.
You may also have to remove database entries that are not valid from the AEUser table so that the user can log on after the hotfix has been installed. You can use the following SQL query to do this:
DELETE FROM AEUser WHERE (UserSID is NULL) AND (UsernameUpper LIKE 'WINNT://%')
Important Before you run the deletion query, verify that you have a backup of the database that you can restore if a problem occurs.