Microsoft KB Archive/818080

= An access violation occurs in Lsass.exe and event IDs 1015 and 1000 are logged in the application log on a Windows Server 2003 domain controller =

Article ID: 818080

Article Last Modified on 7/24/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise x64 Edition

-





SYMPTOMS
Your Windows Server 2003-based domain controller may experience an access violation in Lsass.exe and unexpectedly restart. When you view the application log, you see the following entries: Event Type: Error

Event Source: Winlogon

Event Category: None

Event ID: 1015

Description: A critical system process, C:\WINNT\system32\lsass.exe, failed with status code c0000354. The machine must now be restarted. For more information, see Help and Support Center at http://support.microsoft.com/.

Event Type: Error

Event Source: Application Error

Event Category: (100)

Event ID: 1000

Description: Faulting application lsass.exe, version 5.2.3790.0, faulting module authz.dll, version 5.2.3718.0, fault address 0x000023cc. For more information, see Help and Support Center at http://support.microsoft.com.



CAUSE
This problem may occur when an inheritable Deny access control entry (ACE) is applied to an organizational unit (OU) that inherits only to user objects but applies to all properties. The access violation occurs when a principal that this Deny ACE applies to queries users in the OU.



Hotfix information
A supported hotfix is now available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next service pack that contains this hotfix.

To resolve this problem, submit a request to Microsoft Online Customer Services to obtain the hotfix. To submit an online request to obtain the hotfix, visit the following Microsoft Web site:

http://go.microsoft.com/?linkid=6294451

Note If additional issues occur or any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. To create a separate service request, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

File information
The English version of this hotfix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Windows Server 2003, 32-bit editions
  Date         Time   Version     Size     File name  Platform --   15-Apr-2003  22:36  5.2.3790.7  62,464   Authz.dll  x86

Windows Server 2003, 64-Bit Enterprise Edition
  Date         Time   Version     Size     File name  Platform --   15-Apr-2003  22:37  5.2.3790.7  207,360  Authz.dll  IA-64 15-Apr-2003 22:36  5.2.3790.7   62,464  Wauthz.dll x86



WORKAROUND
To work around this problem, remove the Deny ACE from the OU.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

Keywords: kbhotfixserver kbqfe kbqfe kbwinserv2003presp1fix kbfix kbbug KB818080

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.