DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 916204 - Last Review: October 9, 2011 - Revision: 4.0

Hotfix Download Available
View and request hotfix downloads
 
Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986  (http://support.microsoft.com/kb/256986/ ) Description of the Microsoft Windows registry

On This Page

SYMPTOMS

An OpenAFS share cannot be accessed on a Microsoft Windows XP-based client if the client is not using the network to access the share. A Network Monitor trace shows the following error code:
STATUS_DOWNGRADE_DETECTED
Additionally, events in the Security logs may show that Kerberos tickets for the Common Internet File System (CIFS) server cannot be obtained.

RESOLUTION

Hotfix information

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support (http://support.microsoft.com/contactus/?ws=support)
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

You must be running Windows XP with Service Pack 1 or Windows XP with Service Pack 2 to install this hotfix. Additionally, you must follow these steps in one of the following methods.

Note We recommend that you use Method 1. Method 2 will make your system less secure.

Method 1: Configure the client to use the loopback authentication service to access the OpenAFS share.
  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
  3. On the Edit menu, point to New, and then click Multi-String Value.
  4. In the Name column, type BackConnectionHostNames, and then press ENTER.
  5. Right-click BackConnectionHostNames, and then click Modify.
  6. In the Value data box, type the host name or the host names for the OpenAFS shares on the computer, and then click OK.

    Note Type each host name on a separate line.
  7. On the File menu, click Exit.
Method 2: Disable the loopback check on the client
Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.
  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. Right-click Lsa, point to New, and then click DWORD Value.
  4. Type DisableLoopbackCheck, and then press ENTER.
  5. Right-click DisableLoopbackCheck, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. On the File menu, click Exit.
  8. Restart the computer.

Restart requirement

You must restart your computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfixes.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Windows XP, all versions
Collapse this tableExpand this table
File nameFile versionFile sizeDateTime
Lsasrv.dll5.1.2600.2908726,01614-May-200608:30
Msv1_0.dll5.1.2600.2908132,60814-May-200608:30

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

The reason why Method 2 in the "Resolution" section makes your system less secure is documented in the "Known issues with this security update" section of Microsoft Knowledge Base article 957097. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
957097  (http://support.microsoft.com/kb/957097/ ) MS08-068: Vulnerability in SMB could allow remote code execution

Additionally, after you set the DisableLoopBackCheck registry entry to 1, the registry entry will not be automatically set to 0 when you install security update 957097. Therefore, your system will still be less secure.

APPLIES TO
  • Microsoft Windows XP Professional
Keywords: 
kbautohotfix kbHotfixServer kbqfe KB916204
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support