You install Internet Information Service (IIS) on a computer that is running Windows 7 or Windows Server 2008 R2 in a domain.
You disable Anonymous Authentication and enable Windows Authentication for a hosted website.
You use the DefaultAppPool application pool or another application pool that uses ApplicationPoolIdentity as the identity for the hosted website.
You restart the IIS service after the computer password is changed.
In this scenario, users cannot access the website. They are incorrectly prompted for credentials. However, they cannot access the website if they enter correct credentials.
Note By default, the computer password is automatically changed every 30 days. You can also manually change the computer password by using the Nltest.exe utility.
This issue occurs because a flag is set in a global credential incorrectly after the computer password is changed. Therefore, authentication fails after the IIS service is restarted.
A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
Prerequisites
To apply this hotfix, you must be running one of the following operating systems:
Windows 7
Windows 7 Service Pack 1 (SP1)
Windows Server 2008 R2
Windows Server 2008 R2 Service Pack 1 (SP1)
For more information about how to obtain a Windows 7 or Windows Server 2008 R2 service pack, click the following article number to view the article in the Microsoft Knowledge Base:
Information about Service Pack 1 for Windows 7 and for Windows Server 2008 R2
Registry information
To use the hotfix in this package, you do not have to make any changes to the registry.
Restart requirement
You must restart the computer after you apply this hotfix.
Hotfix replacement information
This hotfix does not replace a previously released hotfix.
File information
The global version of this hotfix installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.
Windows 7 and Windows Server 2008 R2 file information notes
Important Windows 7 hotfixes and Windows Server 2008 R2 hotfixes are included in the same packages. However, hotfixes on the Hotfix Request page are listed under both operating systems. To request the hotfix package that applies to one or both operating systems, select the hotfix that is listed under "Windows 7/Windows Server 2008 R2" on the page. Always refer to the "Applies To" section in articles to determine the actual operating system that each hotfix applies to.
The files that apply to a specific product, SR_Level (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table.
Collapse this tableExpand this table
Version
Product
SR_Level
Service branch
6.1.760
0
.
16xxx
Windows 7 and Windows Server 2008 R2
RTM
GDR
6.1.760
0
.
20xxx
Windows 7 and Windows Server 2008 R2
RTM
LDR
6.1.760
1
.
17xxx
Windows 7 and Windows Server 2008 R2
SP1
GDR
6.1.760
1
.
21xxx
Windows 7 and Windows Server 2008 R2
SP1
LDR
The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are listed separately in the "Additional file information for Windows Server 2008 R2 and for Windows 7" section. MUM and MANIFEST files, and the associated security catalog (.cat) files, are extremely important to maintain the state of the updated components. The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature.
For all supported x86-based versions of Windows 7
Collapse this tableExpand this table
File name
File version
File size
Date
Time
Platform
Cng.sys
6.1.7600.16385
369,568
14-Jul-2009
01:17
x86
Ksecdd.sys
6.1.7600.20967
67,456
14-May-2011
06:35
x86
Ksecpkg.sys
6.1.7600.20967
133,504
14-May-2011
06:35
x86
Lsasrv.dll
6.1.7600.20967
1,037,824
14-May-2011
06:32
x86
Lsasrv.mof
Not applicable
13,780
10-Jun-2009
21:33
Not applicable
Lsass.exe
6.1.7600.16385
22,528
14-Jul-2009
01:14
x86
Secur32.dll
6.1.7600.20967
22,016
14-May-2011
06:32
x86
Sspicli.dll
6.1.7600.20967
100,352
14-May-2011
06:32
x86
Sspisrv.dll
6.1.7600.20967
15,360
14-May-2011
06:32
x86
Cng.sys
6.1.7600.16385
369,568
14-Jul-2009
01:17
x86
Ksecdd.sys
6.1.7601.17514
67,456
20-Nov-2010
12:30
x86
Ksecpkg.sys
6.1.7601.21728
133,504
14-May-2011
07:48
x86
Lsasrv.dll
6.1.7601.21728
1,038,848
14-May-2011
07:41
x86
Lsasrv.mof
Not applicable
13,780
10-Jun-2009
21:33
Not applicable
Lsass.exe
6.1.7601.21728
22,528
14-May-2011
07:36
x86
Secur32.dll
6.1.7601.17514
22,016
20-Nov-2010
12:21
x86
Sspicli.dll
6.1.7601.17514
100,352
20-Nov-2010
12:21
x86
Sspisrv.dll
6.1.7601.17514
15,872
20-Nov-2010
12:21
x86
For all supported x64-based versions of Windows 7 and of Windows Server 2008 R2
Collapse this tableExpand this table
File name
File version
File size
Date
Time
Platform
Cng.sys
6.1.7600.16385
460,504
14-Jul-2009
01:43
x64
Ksecdd.sys
6.1.7600.20967
95,616
14-May-2011
07:43
x64
Ksecpkg.sys
6.1.7600.20967
152,960
14-May-2011
07:43
x64
Lsasrv.dll
6.1.7600.20967
1,446,400
14-May-2011
07:35
x64
Lsasrv.mof
Not applicable
13,780
10-Jun-2009
20:52
Not applicable
Lsass.exe
6.1.7600.16385
31,232
14-Jul-2009
01:39
x64
Secur32.dll
6.1.7600.20967
28,160
14-May-2011
07:37
x64
Sspicli.dll
6.1.7600.20967
136,192
14-May-2011
07:39
x64
Sspisrv.dll
6.1.7600.20967
28,672
14-May-2011
07:39
x64
Cng.sys
6.1.7601.17514
459,248
20-Nov-2010
13:28
x64
Ksecdd.sys
6.1.7601.17514
95,616
20-Nov-2010
13:33
x64
Ksecpkg.sys
6.1.7601.21728
152,960
14-May-2011
07:10
x64
Lsasrv.dll
6.1.7601.21728
1,446,912
14-May-2011
07:11
x64
Lsasrv.mof
Not applicable
13,780
10-Jun-2009
20:52
Not applicable
Lsass.exe
6.1.7601.21728
31,232
14-May-2011
07:10
x64
Secur32.dll
6.1.7601.17514
28,160
20-Nov-2010
13:27
x64
Sspicli.dll
6.1.7601.17514
136,192
20-Nov-2010
13:27
x64
Sspisrv.dll
6.1.7601.17514
29,184
20-Nov-2010
13:27
x64
Lsasrv.mof
Not applicable
13,780
22-Jul-2009
23:19
Not applicable
Secur32.dll
6.1.7600.20967
22,016
14-May-2011
06:32
x86
Sspicli.dll
6.1.7600.20967
96,768
14-May-2011
06:30
x86
Lsasrv.mof
Not applicable
13,780
12-Nov-2010
23:53
Not applicable
Secur32.dll
6.1.7601.21728
22,016
14-May-2011
07:43
x86
Sspicli.dll
6.1.7601.21728
96,768
14-May-2011
07:33
x86
For all supported IA-64–based versions of Windows Server 2008 R2
Back to the top
