Some user accounts are locked out when you use Office Communicator 2007 R2

To preserve network bandwidth, Microsoft Office Communicator 2007 R2 downloads the new address book delta files instead of legacy delta files. In this scenario, the address book delta files merge with the local address book database. However, the address book delta files do not include the Title or Office attribute values. Therefore, Office Communicator 2007 R2 runs Lightweight Directory Access Protocol (LDAP) queries to obtain this information from a domain controller.

However, a NULL password is occasionally presented to the domain controller. In this scenario, the domain controller interprets this behavior as an invalid logon attempt. After a predefined number of invalid logon attempts, Windows user accounts are locked out.

To resolve this issue, apply the following update:
  • 972884 Description of the update for Communicator 2007 R2: Oct 2009
Important This section, method, or task contains steps that tell you how to change the registry. However, serious problems might occur if you change the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you change it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
After you apply this update, OCS administrators can determine how their clients download address book delta files. To control how Office Communicator 2007 R2 users download address book delta files, use the following registry entry:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Communicator\GalUseCompactDeltaFile (Type: DWORD)

Some possible values for this registry entry include the following:
  • 0: Do not use the address book delta file.
  • 1: Use the address book delta file (default).
  • 2: Use the address book delta file, but do not issue an LDAP query to retrieve the Title and Office attribute values from the Active Directory directory service.
  • All other registry values are treated as 1.
  • In order to obtain the Title and the Office attribute values from Active Directory, see Microsoft Knowledge Base (KB) article972403. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
    972403 Network performance issues that are caused by Global address list (GAL) file downloads or by GAL delta file downloads in Office Communicator 2007 R2
  • This update uses the default Windows credentials.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Article ID: 976985 - Last Review: 10/10/2011 07:52:00 - Revision: 2.0

  • kbfix kbqfe kbexpertiseinter kbsurveynew kbprb KB976985