Share via


Event ID 16398 — Notification Package

Applies To: Windows Server 2008

During a password reset or change operation for a user account, the system notifies any registered software notification packages about the update. Registered software notification packages may update their own private credential state concerning the user account. If such an update fails, a software notification package authentication operation may fail. A software notification package failure may prevent users from accessing resources. Examples of software notification packages (specifically, security software packages) that register for password change notifications include the following: Kerberos, NTLM, Digest, and SChannel, as well as non-Microsoft software.

Event Details

Product: Windows Operating System
ID: 16398
Source: SAM
Version: 6.0
Symbolic Name: SAMMSG_ERROR_UPGRADE_USERPARMS
Message: An error occurred trying to upgrade a SAM user's User_Parameters attribute. The following Notification Package DLL might be the possible offender: %1. Check the record data of this event for the NT error code.

Resolve

Enable SAM debug logging

A software package failed to update additional credentials for a user as a result of a resource error. The Event Viewer event message text should contain the package name and the resource error. Look for additional warnings or error messages that explain the resource error, and resolve the error appropriately. If the issue comes from the Security Accounts Manager (SAM), enable diagnostic logging. Perform the following procedure using a domain member computer that has domain administrative tools installed.

To perform this procedure, you must have membership in Domain Admins, or you must have been delegated the appropriate authority.

To enable SAM debug logging for notification packages:

Caution: Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data.

  1. Open Registry Editor. To open Registry Editor, click Start. In Start Search, type regedit, and then press ENTER. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. In the registry location HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control, select the Lsa key.
  3. Right-click the Lsa key, click New, click DWORD (32-bit) Value, type SamLogLevel as the name of the value, and then press ENTER.
  4. Double-click SamLogLevel, set Value data to 20 hexadecimal (32 decimal), and then click OK.
  5. Close the Registry Editor, and then restart the computer.

By default, the sam.log file is created in the %systemroot%\debug folder. To view the log, click Start, click Run, type notepad %systemroot%\debug\sam.log, and then click OK. Review the information in the log to determine the cause and possible resolution of the problem.

Verify

To ensure that user account credentials can be updated properly, reset the password of a user account.You can use the net user command to reset a user's password. Perform the following procedure using a domain member computer that has domain administrative tools installed.

To perform this procedure, you must have membership in Domain Admins, or you must have been delegated the appropriate authority.

To reset a user account password using the net user command:

  1. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start Menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. At the command prompt, type net user username **password:**password, and then press ENTER. Substitute the user account name for username, and then enter a password that meets the password policy requirements for your domain for password.
  3. The command output indicates whether the command was successful.

Check Event Viewer to ensure that Event IDs 12302, 16398, and 16399 do not appear after you run the password reset operation.

Notification Package

Active Directory