Consider the following scenario:
- You enable a Work Folders service on a file server that is running Windows 8.1, Windows RT 8.1, or Windows Server 2012 R2 in a domain.
- You create credentials in the CredLocker tool to encrypt data on the file server.
- You change the password of your domain account on a computer, and then you log on to another computer by using the new password in the same domain.
This issue occurs because the Data Protection API (DPAPI) cannot recover a key that calls MasterKey from a domain controller after a password is changed on a domain-joined computer.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.