Article ID: 916204 - View products that this article applies to.
Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/256986/ )Description of the Microsoft Windows registry
An OpenAFS share cannot be accessed on a Microsoft Windows XP-based client if the client is not using the network to access the share. A Network Monitor trace shows the following error code:
Additionally, events in the Security logs may show that Kerberos tickets for the Common Internet File System (CIFS) server cannot be obtained.
Hotfix informationWarning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=supportNote The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
PrerequisitesYou must be running Windows XP with Service Pack 1 or Windows XP with Service Pack 2 to install this hotfix. Additionally, you must follow these steps in one of the following methods.
Note We recommend that you use Method 1. Method 2 will make your system less secure.
Method 1: Configure the client to use the loopback authentication service to access the OpenAFS share.
Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.
Restart requirementYou must restart your computer after you apply this hotfix.
Hotfix replacement informationThis hotfix does not replace any other hotfixes.
File informationThe English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Windows XP, all versions
Collapse this tableExpand this table
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
The reason why Method 2 in the "Resolution" section makes your system less secure is documented in the "Known issues with this security update" section of Microsoft Knowledge Base article 957097. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/957097/ )MS08-068: Vulnerability in SMB could allow remote code execution
Additionally, after you set the DisableLoopBackCheck registry entry to 1, the registry entry will not be automatically set to 0 when you install security update 957097. Therefore, your system will still be less secure.