Error C00000BE When Changing Password

Clients logging on and attempting to change their password receive the following error:
Event Viewer Security log shows Event ID 577 - Security-Failure. Audit-Privilege.

C00000BE indicates STATUS_BAD_NETWORK_PATH. When users change passwords, they connect directly to the primary domain controller.

To work around this problem, do one of the following:

• Check physical connectivity by pinging the primary domain controller by IP address and name.
• Check connectivity through NET USE * \\PDCNAME\Share at an MS-DOS command prompt.
• Review entries in the primary and secondary WINS servers for inaccurate records.
• Under User Manager for Domains, Policies, Account, click to clear the Users must log on in order to change password check box.
• RestrictAnonymous has been set to 1 on the PDC, which prevents the user from connecting to the PDC with a Null Session from the client workstation. The user will not be able to change his or her password before he or she logs on to the domain. The user can change his or her password after he or she logs on to the domain because he or she will not be connecting to the PDC with a null session at that time; the user domain credentials will be passed to the PDC while trying to set up the session.
  
  For additional information about RestrictAnonymous, please see the following articles in the Microsoft Knowledge Base:
  
  
  143474  (http://support.microsoft.com/kb/143474/EN-US/ ) Restricting Information Available to Anonymous Logon Users

For additional information, see the following article or articles in the Microsoft Knowledge Base:

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. The following registry key is used to maintain control over the minimum security that is negotiated for programs by using NTLMSSP: If you have set the following value, you will not be able to change the password on the Windows NT 4.0-based clients: If you try to change the password, you receive an "error: C00000BE" error. After you delete this value and restart the PDC emulator, you can change the password on the down-level clients. For additional information about how to disable LM authentication on Windows NT, click the following article number to view the article in the Microsoft Knowledge Base: