Sign in with Microsoft
Sign in or create an account.
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.


Consider the following scenario:

  • You enable a Work Folders service on a file server that is running Windows 8.1, Windows RT 8.1, or Windows Server 2012 R2 in a domain.

  • You create credentials in┬áthe CredLocker tool to encrypt data on the file server.

  • You change the password of your domain account on a computer, and then you log on to another computer by using the new password in the same domain.

In this scenario, the credentials in the CredLocker tool become corrupted. Therefore, you cannot access the data on the file server.


This issue occurs because the Data Protection API (DPAPI) cannot recover a key that calls MasterKey from a domain controller after a password is changed on a domain-joined computer.


To resolve this issue, install the November 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2.


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

For more information about software update terminology, see the Description of the standard terminology that is used to describe Microsoft software updates.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!