This article was previously published under Q272473
This article has been archived. It is offered "as is" and will no longer be updated.
If you set the AvoidPdcOnWan registry value on a domain controller and a password change is made or an incorrect password is used, the domain controller still tries to contact the primary domain controller (PDC) emulator. In addition to the delay when the authentication attempt is performed, this causes additional WAN load and in large environments, a heavy load on the PDC emulator.
For additional information about the AvoidPdcOnWan value, click the article number below to view the article in the Microsoft Knowledge Base:
232690 Urgent Replication Triggers in Windows 2000
This functionality was not implemented in the Kerberos protocol.
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in theMicrosoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
The English version of this fix should have the following file attributes or later:
Date Time Version Size File name ------------------------------------------------------- 09/14/2000 06:57p 5.00.2195.2234 140,560 Kdcsvc.dll
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 2.
For additional information about how to install Windows 2000 and Windows 2000 hotfixes at the same time, click the article number below to view the article in the Microsoft Knowledge Base:
249149 Installing Microsoft Windows 2000 and Windows 2000 Hotfixes