Article ID: 323538 - View products that this article applies to.
This article was previously published under Q323538
This article has been archived. It is offered "as is" and will no longer be updated.
After you install the hotfix that is described in the following Microsoft Knowledge Base (KB) article, users may no longer be able to gain remote access to the network when they authenticate against a Microsoft Internet Authentication Service (IAS) server:
(http://support.microsoft.com/kb/292053/ )Can Change Expired Password Without Authorization When Using IAS or RRAS in Windows 2000
This problem occurs if remote user authentication is performed by an extension DLL.
Authentication and account restrictions are handled by the same component in IAS. Before you install the hotfix from KB article 292053, this component first checks to determine whether the authentication request has already been authenticated by an extension DLL. If the request has already been authenticated (the extension DLL has returned a result of "raAccept"), the IAS component bypasses authentication. In this scenario, IAS still enforces other account restrictions, such as "account disabled" or "account expired."
When you install the KB article 292053 hotfix, this removes the verification test that IAS uses to determine whether authentication has been performed by an extension DLL. Therefore, even if the user is authenticated by the extension DLL, IAS tries to authenticate the user against the Windows security infrastructure. In this case, because the access request contains a Remote Authentication Dial-In User Service (RADIUS) User-Password attribute, IAS tries to perform Password Authentication Protocol (PAP) authentication. This authentication attempt is frequently unsuccessful because the submitted password is typically the user's Microsoft .NET Passport password instead of the user's Windows password.
Service Pack InformationTo resolve this problem, obtain the latest service pack for Microsoft Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/260910/EN-US/ )How to Obtain the Latest Windows 2000 Service Pack
Hotfix InformationA supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
Date Time Version Size File name --------------------------------------------------------- 26-Jul-2002 21:13 5.0.2195.5979 100,624 Iassam.dll
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Microsoft Windows 2000 Service Pack 4.
For additional information about how to obtain a hotfix for Windows 2000 Datacenter Server, click the article number below to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/265173/EN-US/ )The Datacenter Program and Windows 2000 Datacenter Server Product
Article ID: 323538 - Last Review: February 27, 2014 - Revision: 1.5
Contact us for more help
Connect with Answer Desk for expert help.