Password Expires Without Notification Over Remote Access Connection to Windows NT 4.0 Domain (814686)


The information in this article applies to:

  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Tablet PC Edition
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

SYMPTOMS

When you use the Remote Access Service (RAS) to log on to a Microsoft Windows NT 4.0 domain, your password may expire although you have not received the expected password expiry notification.

CAUSE

This problem occurs because in Microsoft Windows XP, your cached credentials are used initially to log you on. A routine then runs in the background to examine the attributes of your credentials and it may detect that your password is going to expire. If the current date is in the limit that is set for password expiry notification, the routine sets a value in the registry to prevent you from logging on with cached credentials. The next time that you log on to the domain, the password expiry notification dialog appears.

However, Netlogon tries to log the user on to the Windows NT 4.0 domain before a new transport is available for use. The default time for this procedure is 3000 milliseconds. This seems to be too quick for the Transport Driver Interface (TDI) to return the new transport to Netlogon with the result that background authentication fails.

RESOLUTION

To resolve this problem, edit the registry to extend the time that Windows XP waits for a new transport to 10,000 milliseconds. To do this, follow these steps.
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
  1. Click Start, and then click Run.
  2. In the Run dialog box, type regedit, and then click OK.
  3. In the registry tree on the left, locate the following registry key:

    H_KEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System

  4. If the REG_DWORD RASSleepTime exists, follow these steps:
    1. In the right pane, click RASSleepTime, and then, on the Edit menu, click Modify.
    2. In the Edit DWORD Value dialog box, under Base, click Decimal.
    3. In the Value data box, type 10000, and then click OK.
    If the REG_DWORD RASSleepTime does not exist, follow these steps:
    1. On the Edit menu, point to New, and then click DWORD Value.
    2. Type RASSleepTime to name the new DWORD, and then press ENTER.
    3. On the Edit menu, click Modify.
    4. In the Edit DWORD Value dialog box, under Base, click Decimal.
    5. In the Value data box, type 10000, and then click OK.
  5. On the File menu, click Exit to close the registry.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
Modification Type:MajorLast Reviewed:3/31/2003
Keywords:kbBug kbprb KB814686 kbAudITPRO kbAudEndUser
©2002 Microsoft Corporation. All rights reserved.