Jump to content

Winlogon suddenly asks for non-existing password


Guillaume

Recommended Posts

Just made a clean installation with 6 user accounts (currently all admins, without password specified). All working fine for a couple of hours.

Now I suddenly get the following:

  1. First logon (after reboot) works correctly.
  2. After logging out the first user or just switching to another user (random), XP asks for a password. Just hitting [Enter] suffices to log in.
  3. When logging out the second user or just switching to a third random user, XP again asks for a password, but hitting [Enter] gives an error message (wrong password). From this moment, all user accounts are blocked this way (including the first and second already logged in users).
  4. Only a reboot (losing all data from logged in users) enables logging in again.

Searched high & low, couldn't find anything.

Last_Session.ini

Edited by Guillaume
Link to comment
Share on other sites


Just made an installation with the services above, but I get the same results.

Perhaps it has something to do with the fact that I unhid the first administrator account (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList, DWORD:Username=1), but if so, why should that initiate the behavior described?

Link to comment
Share on other sites

Ouch, that's odd: although I didn't remove "Local Security Settings" this time, I can't open 'Local Security Policies' from the Control Panel:

Module cannot be initialized.

Name: <unknown>

CLSID: {8FC0B734-A0E1-11D1-A7D3-0000F87571E3}

LAST_SESSION.INI

Edited by Guillaume
Link to comment
Share on other sites

I've had the same problem for years. Would I be right in guessing that this happens after resuming from a low power state?

The problem disappeared when I accidentally installed windows on the wrong drive, then installed it again on the right drive. I have no idea why it did it, and no idea why the problem is gone now considering I've reinstalled windows many many times in the past few years and always had this problem.

A workaround for it is to make sure your computer never hibernates or goes into standby.

Sorry I couldn't be more help.

Link to comment
Share on other sites

Thanks for the info, but hibernation is in fact disabled.

I now have an installation with the first administrator account set up hidden and with a password, furthermore I've added the Group Policy Management Console (missing in second installation), next to Active Directory service and Local Security Settings (missing in first installation). Doesn't fix it either.

Just a question next to this one: have any of you experienced any problems when making an administrator account (member of both the group Admins and the group Users) a regular user account (by removing its Admins group membership)?

Edited by Guillaume
Link to comment
Share on other sites

Ok, the fact that the 'Password never expires' option was unchecked didn't cause the problem (as I never expected it would have, but my last post, in a way, seemed to imply that the problem was gone).

Typical new symptom that arrived today was that the cursor in the 'type in your password' dialog just disappeared, only to return after a reboot. :s

I've done 3 installations now, without any succes.

Looking beyond nLite config (last version attached), could any of the following updates cause this issue?

KB873339 - Vulnerability in HyperTerminal could allow code execution

KB873374 - Microsoft GDI+ Detection Tool

KB884575 - Battery power may be drained more quickly than expected on Windows XP-based laptop

KB885626 - Computer stops responding after restarting to complete SP2 installation

KB885836 - Vulnerability in WordPad could allow code execution

KB886185 - Narrow definition of My network or local subnet restriction option in Windows Firewall

KB887472 - Security update for Microsoft Windows Messenger

KB887606 - Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (xml2)

KB888111 - Universal Audio Architecture High Definition Audio Class Driver

KB888302 - Vulnerability in Windows could allow information disclosure

KB890830 - Microsoft Malicious Software Removal Tool 1.30

KB890859 - Vulnerabilities in Windows kernel could allow elevation of privilege and denial of service

KB891781 - Vulnerability in DHTML editing ActiveX control could allow code execution

KB893756 - Vulnerability in Telephony service could allow remote code execution

KB893803 - Windows Installer 3.1

KB894391 - Attachment names not displayed in e-mails or "Generic Host Process" error after installing MS05-012 update

KB896358 - Vulnerability in HTML Help could allow remote code execution

KB896423 - Vulnerability in Print Spooler service could allow remote code execution

KB896428 - Vulnerability in Telnet client could allow information disclosure

KB898461 - Permanent copy of the Package Installer for Windows

KB899587 - Vulnerabilities in Kerberos could allow denial of service, information disclosure, and spoofing

KB899591 - Vulnerability in Remote Desktop Protocol could allow denial of service

KB900485 - Error message in Windows XP Service Pack 2: "Stop 0x7E"

KB900725 - Vulnerabilities in Windows Shell Could Allow Remote Code Execution

KB901017 - Vulnerability in the Microsoft Collaboration Data Objects could allow code execution

KB901214 - Vulnerability in Microsoft Color Management Module could allow remote code execution

KB902400 - Vulnerabilities in MS DTC and COM+ Could Allow Remote Code Execution

KB904706 - Vulnerability in DirectShow Could Allow Remote Code Execution

KB904942 - Authentication fails when you use Outlook to try to log on to a HTTP-based mail server if you use IE 7.0

KB905414 - Vulnerability in Network Connection Manager Could Allow Denial of Service

KB905474 - Windows Genuine Advantage Notifications 1.7.0036.0

KB905749 - Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege

KB908519 - Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution

KB908531 - Vulnerability in Windows Explorer Could Allow Remote Code Execution

KB909520 - Microsoft Base Smart Card Cryptographic Service Provider Package

KB910437 - Automatic Updates can no longer download updates after an Access Violation error occurs

KB911280 - Vulnerability in Routing and Remote Access could allow remote code execution

KB911562 - Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution

KB911564 - Vulnerability in Media Player Plug-in with Non-Microsoft Browsers Could Allow Remote Code Execution

KB911927 - Vulnerability in Web Client Service Could Allow Remote Code Execution

KB913580 - Vulnerability in Microsoft Distributed Transaction Coordinator could allow denial of service

KB914388 - A vulnerability in the DHCP Client Service could allow remote code execution

KB914389 - Vulnerability in Server Message Block could allow elevation of privilege

KB914440 - Network Diagnostics for Windows XP

KB915378 - Update for Add New Hardware Control Panel

KB916595 - Stop error message on a Windows XP-based computer: "STOP 0x000000D1"

KB917275 - Windows Rights Management Services SP2

KB917953 - Vulnerability in TCP/IP could allow remote code execution

KB918118 - Vulnerability in Microsoft RichEdit could allow remote code execution

KB918439 - Vulnerability in ART image rendering could allow remote code execution

KB919007 - Vulnerability in Pragmatic General Multicast (PGM) Could Allow Remote Code Execution

KB920213 - Vulnerability in Microsoft Agent Could Allow Remote Code Execution

KB920342 - Update to upgrade PNRP to PNRP version 2.0

KB920683 - Vulnerabilities in DNS Resolution Could Allow Remote Code Execution

KB920670 - Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution

KB920685 - Vulnerability in Indexing Service Could Allow Cross-Site Scripting

KB920872 - Audio playback does not play the audio file from the correct position after you pause it

KB921401 - A non-paged pool memory leak occurs when you capture specific MIDI SYSEx messages

KB922582 - Error message when you try to update a Microsoft Windows-based computer: "0x80070002"

KB922819 - Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service

KB923191 - Vulnerability in Windows Explorer Could Allow Remote Execution

KB923414 - Vulnerability in Server Service Could Allow Denial of Service and Remote Code Execution

KB923789 - Macromedia Shockwave Flash 9.0.45.0 ActiveX

KB923980 - Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution

KB924191 - Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution

KB924270 - Vulnerability in Workstation Service Could Allow Remote Code Execution

KB924667 - Vulnerability in Microsoft Foundation Classes could allow for remote code execution

KB925398 - Vulnerability in Windows Media Format Could Allow Remote Code Execution

KB926464 - Windows Update Engine 7.0.6000.374

KB925720 - Windows CardSpace hotfix rollup package

KB925876 - Remote Desktop Connection 6.0 Client

KB925902 - Vulnerability in GDI could allow remote code execution

KB926255 - Vulnerability in Windows could allow elevation of privilege

KB926436 - Vulnerability in Microsoft OLE Dialog could allow remote code execution

KB927779 - Vulnerability in Microsoft Data Access Components could allow remote code execution

KB927802 - Vulnerability in Windows Image Acquisition Service could allow elevation of privilege

KB927891 - Access violation received when trying to install an update from Windows Update

KB927978 - Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (xml4)

KB928255 - Vulnerability in Windows Shell could allow elevation of privilege

KB929123 - Security Update for Outlook Express

KB930178 - Vulnerability in Windows CSRSS could allow remote code execution

KB931125 - Microsoft Root Certificate Update

KB931261 - Vulnerability in UPnP could allow remote code execution

KB931784 - Vulnerability in the Windows kernel could allow elevation of privilege

KB931836 - Cumulative Time Zone Update

KB932168 - Vulnerability in Microsoft Agent could allow remote code execution

KB933876 - The USN journal record contains an incorrect file name when you move a file

KB934268 - Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (msxml6sp1)

KB935448 - Certain third-party applications may not start, and "Illegal System DLL Relocation" error message received

KB935839 - Vulnerability in the Win32 API could allow remote code execution

KB935840 - Vulnerability in Schannel could allow remote code execution

Furthermore, I integrated IE7 and WMP11.

Please help me, especially since this is not for myself. I can't deliver a computer to friends with this kind of problem.

Voet_v1.2.ini

Link to comment
Share on other sites

Just made a clean installation with 6 user accounts (currently all admins, without password specified). All working fine for a couple of hours.

Now I suddenly get the following:

  1. First logon (after reboot) works correctly.
  2. After logging out the first user or just switching to another user (random), XP asks for a password.
    Well what you're doing seems like a problem because Windows won't allow you to have 1 admin profile logged on, then while leaving that still logged on, also switch to log on another admin profile. There can only be 1 admin logged on at a time in WIndows XP.
    So trying to log on 2 admins might be contributing to your problem.
    However, I also get the occasional password request for non-admin profiles that don't have any password to begin with. So I see the same problem you are experiencing.
    I just have the user enter while leaving the password field blank, which seems to solve the problem, at least for awhile.
    I don't know the root-cause fix.
Link to comment
Share on other sites

I didn't know about the admins logon limit, and I must say I'm not really sure whether there is such a limit at all.

However, switching to a limited user account is also either impossible (a password is rejected) or it's there's no way to get a cursor to fill in the password. Furthermore, I can't go back to the user still logged in, either (cursor is nowhere to be found).

The new problem with the loss of a cursor happened when I started applying passwords to some of the user accounts.

Edited by Guillaume
Link to comment
Share on other sites

  • 9 months later...

Experiencing exactly the same now on an SP3 installation.

- Suddenly asks for password when user has no password. Users that have a password: password not accepted.

OR

- Password input dialog has no cursor => cannot type in

OR

- Pressing CTRL-ALT-DEL twice (for classic logon screen) doesn't even work

OR

- Win + L (fast user switch) doesn't respond

Edited by Guillaume
Link to comment
Share on other sites

I dont believe there is such a limit, and at least i have run win xp with several admin accounts and using fast user switching on the merry-go-around.

Works flawless. Have no idea where that 'idea' came from.

I seem to repeat myself, but i would keep services as system event notification, so that windows is kept ajour on whats happening.

Last session?

Link to comment
Share on other sites

Her ya go...

"Active Directory service" and "Local Security Settings" were kept both in Athlon v1.0

For "Group Policy Management Console" ditto.

There's only ONE admin account, the other two are limited user accounts. However, on another PC, multiple admin accounts and some limited account gave exactly the same results (but SP2 + updates back then: that initiated this topic)

Athlon_2008_v1.0.ini

Athlon_2008_v2.0.ini

Edited by Guillaume
Link to comment
Share on other sites

I think I finally found the solution. Apparently Winlogon will do some funny s*** when there's an entry in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify that won't work out well.

In my case - BUT this can be any other key that leads to a non-existing service - the "AtiExtEvent" key under the Notify key above was causing all the trouble: I don't even have any ATi service running anymore.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...