Microsoft KB Archive/324709

= A memory leak occurs in the Lsass.exe process when you use the Password Synchronization component of Windows Services for UNIX =

Article ID: 324709

Article Last Modified on 10/26/2006

-

APPLIES TO


 * Microsoft Windows Services for UNIX 3.0 Standard Edition
 * Microsoft Windows Services for Unix 2.2
 * Microsoft Windows Services for UNIX 2.0 Standard Edition

-



This article was previously published under Q324709





SYMPTOMS
When you use Microsoft Windows Services for UNIX version 2.0, version 2.2 OEM, or version 3.0, the memory usage of the Local Security Authority process (Lsass.exe) may increase for every password change that occurs. If all the available system memory is exhausted, your computer may stop responding, and you may receive the following error message:

Insufficient system resources exist to complete the requested service.



CAUSE
This problem may occur if the following conditions are true:
 * You use the Password Synchronization component of Windows Services for UNIX.
 * There are many users who are defined in either the PasswordPropAllow local group or the PasswordPropDeny local group.

When a Windows user account password is changed, the Lsass.exe process passes this information to the Password Synchronization component (Pswdsync.dll). The Password Synchronization component verifies if the Windows user is defined in either the PasswordPropAllow group or the PasswordPropDeny group. To do this, the Password Synchronization component allocates a 2-kilobyte (KB) buffer to hold the user accounts, and then calls an API to populate the buffer with the group members.

If the group is large, the data that is returned is too large for the buffer, and the API call returns an error code. Because this return error code is not handled correctly, allocated memory is not released. This behavior causes a memory leak of 2 KB per password change.



Hotfix information
A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that this article describes. Apply it only to systems that are experiencing this specific problem.

To resolve this problem, contact Microsoft Product Support Services to obtain the hotfix. For a complete list of Microsoft Product Support Services telephone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

File information
The English version of this hotfix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Windows Services for UNIX 3.0
  Date         Time   Version     Size     File name -  30-Aug-2002  19:08  7.0.1701.3  108,032  Pswdsync.dll

Windows Services for UNIX 2.2 OEM
  Date         Time   Version         Size    File name 13-Aug-2002 21:47  5.3000.2073.12  89,088  Pswdsync.dll

Windows Services for UNIX 2.0
  Date         Time   Version        Size    File name ---  13-Aug-2002  21:41  5.2000.328.28  89,088  Pswdsync.dll



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.



MORE INFORMATION
The updated Pswdsync.dll file allocates a buffer that is sufficiently large to hold the list of users that the API call returns.

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Keywords: kbhotfixserver kbqfe kbqfe kbbug kbfix KB324709

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.