Microsoft KB Archive/829075

= Dsamain.exe Generates an Access Violation and Then Stops Unexpectedly =

Article ID: 829075

Article Last Modified on 10/26/2006

-

APPLIES TO


 * Microsoft Exchange Server 5.5 Standard Edition

-





SYMPTOMS
The Microsoft Exchange Server 5.5 directory service (Dsamain.exe) generates an access violation and then stops unexpectedly.



CAUSE
This problem occurs when a client makes a call for the ptagPrimarySMTPAddress property in Unicode. Remote procedure call (RPC) tries to determine how large a buffer to allocate to the data that is returned by the nspi_QueryRows call. The data that was sent by the client contains names and e-mail addresses; the e-mail addresses are in the Microsoft Windows ANSI character set even though they are marked as Unicode. One of the pieces of data that the client sent is the ptagPrimarySMTPAddress property. The ptagPrimarySMTPAddress property is a constructed MAPI attribute that is parsed from the proxy-addresses property. The ptagPrimarySMTPAddress property is supposed to be in Unicode, but the data that the client sent is in the ASCII character set. Because the data that the client sent to Exchange Server is not in Unicode, the last e-mail address is written beyond the buffer that was allocated; this problem causes the access violation in the MIDL_wchar_strlen function.



Hotfix Information
A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that this article describes. Apply it only to systems that are experiencing this specific problem.

To resolve this problem, contact Microsoft Product Support Services to obtain the hotfix. For a complete list of Microsoft Product Support Services telephone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

Prerequisites
This hotfix requires Microsoft Exchange Server 5.5 Service Pack 4 (SP4).

Restart Requirement
You do not have to restart your computer after you apply this hotfix.

Hotfix Replacement Information
This hotfix does not replace any other hotfixes.

File Information
The English version of this hotfix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Date        Time   Version        Size      File name -- 11-Nov-2003 21:44  5.5.2657.78    507,152   Dsamain.exe 11-Nov-2003 21:42  5.5.2657.78    239,376   Dsmsg.dll 11-Nov-2003 21:43  5.5.2657.78     47,376   Oabgen.dll



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section of this article.



Stack Output
If the correct symbol files are installed on the server, the Dr. Watson log (Drwtsn32.log) or the corresponding User.dmp file may contain a call stack that is similar to the following:

ChildEBP RetAddr Args to Child

09bafaa4 77e13b72 09bb7fe5 0045517e 09bb7fe5 RPCRT4!MIDL_wchar_strlen+0xf 09bafabc 77e13cfe 09bafd44 09bb7fe5 0045517e RPCRT4!NdrpConformantStringBufferSize+0x74 09bafacc 77e12564 09bafd44 09bb7fe5 0045517e RPCRT4!NdrConformantStringBufferSize+0x2c 09bafaf0 77e13d2d 09bafd44 09bb7fe5 0045517c RPCRT4!NdrpPointerBufferSize+0x69 09bafb04 77e21bf6 09bafd44 09bb7fe5 0045517c RPCRT4!NdrPointerBufferSize+0x2c 09bafb24 77e21a7d 09bafd44 09bb7a90 004550e8 RPCRT4!NdrpUnionBufferSize+0xf3 09bafb48 77e14e7f 09bafd44 09bb7a90 004550e0 RPCRT4!NdrNonEncapsulatedUnionBufferSize+0x2d 09bafb84 77e1a6a5 09bafd44 09bb7a88 004552b0 RPCRT4!NdrComplexStructBufferSize+0x208 09bafbd8 77e24e44 09bafd44 09bb7a88 004552c0 RPCRT4!NdrpComplexArrayBufferSize+0x1f6 09bafbf8 77e12564 09bafd44 09bb7a08 004552c0 RPCRT4!NdrComplexArrayBufferSize+0x41 09bafc1c 77e244aa 09bafd44 09bb7a08 0045530a RPCRT4!NdrpPointerBufferSize+0x69 09bafc50 77e137de 09bafd44 09bb0edc 09bafc84 RPCRT4!NdrpEmbeddedRepeatPointerBufferSize+0xa6 09bafc74 77e146d2 09bafd44 09bb0e28 004552fe RPCRT4!NdrpEmbeddedPointerBufferSize+0x4b 09bafc94 77e12564 09bafd44 09bb0e28 004552f6 RPCRT4!NdrConformantStructBufferSize+0x6a 09bafcb8 77e13d2d 09bafd44 09bb0e28 004550dc RPCRT4!NdrpPointerBufferSize+0x69 09bafccc 77e12564 09bafd44 09bb0e28 004550dc RPCRT4!NdrPointerBufferSize+0x2c 09bafcf0 77e13d2d 09bafd44 09bafd40 004550d8 RPCRT4!NdrpPointerBufferSize+0x69 09bafd04 0040b1f5 09bafd44 09bafd40 004550d8 RPCRT4!NdrPointerBufferSize+0x2c 09bafe20 77e11423 09bafef0 00159e70 09bafef0 dsamain!nspi_NspiQueryRows+0x1f5 09bafe5c 77e111dc 0040b03c 09bafef0 09baff34 RPCRT4!DispatchToStubInC+0x34 09bafeb0 77e114f9 09bafef0 00000000 09baff34 RPCRT4!RPC_INTERFACE::DispatchToStubWorker+0x124 09bafed0 77e1e02f 09bafef0 00000000 09baff34 RPCRT4!RPC_INTERFACE::DispatchToStub+0x5d 09baff40 77e1ff1b 0017daa8 000000b0 09baff90 RPCRT4!OSF_SCONNECTION::ReceiveOriginalCall+0x376 09baff60 77e1daa7 0017daa8 000000b0 00145c70 RPCRT4!OSF_SCONNECTION::DispatchPacket+0x20f 09baff90 77e1f495 77e17bd3 00145c70 09baffec RPCRT4!OSF_ADDRESS::ReceiveLotsaCalls+0x81 09baff94 77e17bd3 00145c70 09baffec 776a1f7d RPCRT4!ReceiveLotsaCallsWrapper+0x9 09baffac 77e17c09 0016cba8 001559e0 77f04ede RPCRT4!BaseCachedThreadRoutine+0x9f 09baffb8 77f04ede 001642d8 776a1f7d 001559e0 RPCRT4!ThreadStartRoutine+0x17

Keywords: kbhotfixserver kbqfe kbhotfixserver kbqfe kbexchange550presp5fix kbqfe kbfix kbbug KB829075

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.