The password is not changed, and the user receives the same error message when he or she tries to log on again.
Specifically, the scenario that occurs is as follows:
The password change request process is put into an anonymous access token by Local Security Authority (LSA). This occurs because the password is not valid and the user is therefore not authenticated. Using this token, the password change request is passed to the local Security Accounts Manager (SAM) through RPC. (RPC is used because the request might also be sent remotely at this point.) The RPC runtime reads a system policy to determine the correct configuration. (The configuration is "Server2003NegotiateDisable" in key "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Rpc.")
In this scenario, the RPC runtime receives error 5 "ACCESS_DENIED" for this request and maps this to RPC error 15 "RPC_S_OUT_OF_MEMORY."
- Use the facility to remotely change the password of a user to set the password before he or she connects through RDS.
- Change the registry permissions on the following registry key to enable read access for ANONYMOUS LOGON, and then inherit that down the registry tree: HKEY_LOCAL_MACHINE\SOFTWARE\Policies
Article ID: 2877056 - Last Review: Aug 19, 2013 - Revision: 1