Microsoft KB Archive/941467

= Authorization Manager closes the LDAP connection when an attempt to read the Authorization Manager store fails on a Windows Server 2003-based computer =

Article ID: 941467

Article Last Modified on 10/11/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Web Edition
 * Microsoft Windows Server 2003, Enterprise Edition
 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Standard x64 Edition
 * Microsoft Windows Server 2003, Enterprise x64 Edition
 * Microsoft Windows Server 2003, Datacenter x64 Edition
 * Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
 * Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems

-



Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows XP and Windows Vista



SYMPTOMS
Consider the following scenario:
 * On a Windows Server 2003-based computer, some applications use Authorization Manager (AzMan) to validate authorization requests.
 * The role assignment is saved in an Authorization Manager store that resides in an Active Directory Application Mode (ADAM) directory.
 * The applications frequently read and update the role assignment over a Lightweight Directory Access Protocol (LDAP) connection.

In this scenario, if an attempt to read the Authorization Manager store fails, Authorization Manager closes the LDAP connection. Therefore, application downtime occurs while the Authorization Manager store is being reloaded.

When this problem occurs, the following error is logged in the Authorization Manager log:

[DISPATCH] Az(object)Open error occurred: 0x80070490



CAUSE
Authorization Manager incorrectly closes the LDAP connection when an attempt to read the Authorization Manager store fails. Authorization Manager is expected to return the error message without closing the LDAP connection.



RESOLUTION
Important A minor performance reduction may occur after you enable this hotfix. The performance reduction depends on the network latency. More network latency results in more performance reduction.

Hotfix information
A supported hotfix is now available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next Windows Server 2003 service pack that contains this hotfix.

To resolve this problem, submit a request to Microsoft Online Customer Services to obtain the hotfix. To submit an online request to obtain the hotfix, visit the following Microsoft Web site:

http://go.microsoft.com/?linkid=6294451

Note If additional issues occur or any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. To create a separate service request, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

Prerequisites
To apply this hotfix, you must have Windows Server 2003 with Service Pack 1 or Windows Server 2003 with Service Pack 2 installed on the computer. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

889100 How to obtain the latest service pack for Windows Server 2003

Restart requirement
You may have to restart the computer if the Azroles.dll file is being used.

Hotfix replacement information
This hotfix does not replace any other hotfixes.

Registry information
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

The hotfix behavior is controlled by a registry entry. After you apply this hotfix, the registry entry is automatically defined. If you apply a later hotfix that includes the Azroles.dll file instead of applying this hotfix directly, the later hotfix also includes the current fix. However, the registry entry will not be not automatically defined by that later hotfix. To enable the hotfix behavior, you must manually edit the registry. To do this, follow these steps:  Click Start, click Run, type regedit, and then click OK. Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AzRoles

 On the Edit menu, point to New, and then click DWORD Value. Type UseStrongLocking, and then press ENTER. Right-click UseStrongLocking, and then click Modify. In the Value data box, type 1, and then click OK.</li> Exit Registry Editor.</li></ol>

File information
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

Windows Server 2003 with Service Pack 2, x64-based versions
<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

<div class="moreinformation_section">

MORE INFORMATION
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Additional query words: azman accesscheck 0x80070490

Keywords: kbbug kbfix kbqfe kbpubtypekc kbexpertiseinter kbhotfixserver kbwinserv2003postsp2fix KB941467

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.