This article has been archived. It is offered "as is" and will no longer be updated.
Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows registry
An OpenAFS share cannot be accessed on a Microsoft Windows XP-based client if the client is not using the network to access the share. A Network Monitor trace shows the following error code:
Additionally, events in the Security logs may show that Kerberos tickets for the Common Internet File System (CIFS) server cannot be obtained.
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk. A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
On the Edit menu, point to New, and then click Multi-String Value.
In the Name column, type BackConnectionHostNames, and then press ENTER.
Right-click BackConnectionHostNames, and then click Modify.
In the Value data box, type the host name or the host names for the OpenAFS shares on the computer, and then click OK.
Note Type each host name on a separate line.
On the File menu, click Exit.
Method 2: Disable the loopback check on the client Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.
Click Start, click Run, type regedit, and then click OK.
In Registry Editor, locate and then click the following registry key:
Right-click Lsa, point to New, and then click DWORD Value.
Type DisableLoopbackCheck, and then press ENTER.
Right-click DisableLoopbackCheck, and then click Modify.
In the Value data box, type 1, and then click OK.
On the File menu, click Exit.
Restart the computer.
You must restart your computer after you apply this hotfix.
Hotfix replacement information
This hotfix does not replace any other hotfixes.
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Windows XP, all versions
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
The reason why Method 2 in the "Resolution" section makes your system less secure is documented in the "Known issues with this security update" section of Microsoft Knowledge Base article 957097. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
957097 MS08-068: Vulnerability in SMB could allow remote code execution
Additionally, after you set the DisableLoopBackCheck registry entry to 1, the registry entry will not be automatically set to 0 when you install security update 957097. Therefore, your system will still be less secure.