diff --git a/source/lib/registry/ldb.c b/source/lib/registry/ldb.c
index 2f80ea9..275d25f 100644
--- a/source/lib/registry/ldb.c
+++ b/source/lib/registry/ldb.c
@@ -112,6 +112,16 @@ static struct ldb_message *reg_ldb_pack_value(struct ldb_context *ctx,
 }
 
 
+static char *reg_ldb_escape(TALLOC_CTX *mem_ctx, const char *value)
+{
+	struct ldb_val val;
+
+	val.data = discard_const_p(uint8_t, value);
+	val.length = strlen(value);
+
+	return ldb_dn_escape_value(mem_ctx, val);
+}
+
 static int reg_close_ldb_key(struct ldb_key_data *key)
 {
 	if (key->subkeys != NULL) {
@@ -447,7 +457,12 @@ static WERROR ldb_del_value (struct hive_key *key, const char *child)
 	struct ldb_dn *childdn;
 
 	childdn = ldb_dn_copy(kd->ldb, kd->dn);
-	ldb_dn_add_child_fmt(childdn, "value=%s", child);
+	if (!ldb_dn_add_child_fmt(childdn, "value=%s",
+				  reg_ldb_escape(childdn, child)))
+	{
+		talloc_free(childdn);
+		return WERR_FOOBAR;
+	}
 
 	ret = ldb_delete(kd->ldb, childdn);
 
@@ -475,7 +490,12 @@ static WERROR ldb_set_value(struct hive_key *parent,
 	msg = reg_ldb_pack_value(kd->ldb, mem_ctx, name, type, data);
 
 	msg->dn = ldb_dn_copy(msg, kd->dn);
-	ldb_dn_add_child_fmt(msg->dn, "value=%s", name);
+	if (!ldb_dn_add_child_fmt(msg->dn, "value=%s",
+				  reg_ldb_escape(mem_ctx, name)))
+	{
+		talloc_free(mem_ctx);
+		return WERR_FOOBAR;
+	}
 
 	ret = ldb_add(kd->ldb, msg);
 	if (ret != LDB_SUCCESS) {
diff --git a/source/rpc_server/winreg/rpc_winreg.c b/source/rpc_server/winreg/rpc_winreg.c
index 681e3b9..7eba428 100644
--- a/source/rpc_server/winreg/rpc_winreg.c
+++ b/source/rpc_server/winreg/rpc_winreg.c
@@ -411,7 +411,15 @@ static WERROR dcesrv_winreg_QueryValue(struct dcesrv_call_state *dce_call,
 					   &value_type, &value_data);
 
 	if (!W_ERROR_IS_OK(result)) {
-		return result;
+		/*
+		 * Windows expects WERR_BADFILE when a particular value
+		 * is not found.  If we receive WERR_NOT_FOUND from the lower
+		 * layer calls, translate it here to return what is expected.
+		 */
+		if (W_ERROR_EQUAL(result, WERR_NOT_FOUND))
+			return WERR_BADFILE;
+		else
+			return result;
 	}
 
 	/* Just asking for the size of the buffer */