Microsoft KB Archive/190441

= XADM: Access Violation Deleting NT Accounts Using DAPI =

Article ID: 190441

Article Last Modified on 10/28/2006

-

APPLIES TO


 * Microsoft Exchange Server 5.5 Standard Edition

-



This article was previously published under Q190441



SYMPTOMS
When using the Exchange Directory Application Program Interface (DAPI) to delete Windows NT user accounts, an access violation occurs. The failing application may cause a Drwtsn32.log file to be generated with an entry similar to the following:   Application exception occurred: App: LSDXAMEX.DBG (pid=107) When: 07/27/1998 @ 15:44:40.623 Exception number: c0000005 (access violation) If you look at the thread ID that shows a FAULT, you will see something similar to the following:   State Dump for Thread Id 0x120

eax=00d30d0c ebx=011902dc ecx=00000000 edx=00000003 esi=00000000 edi=011902dc eip=77f7b6f4 esp=00f9fbe0 ebp=00f9fc30 iopl=0 nv up ei pl zr na po nc  cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000     efl=00000212

function: RtlEqualPrefixSid 77F7B6EA 56               push        esi 77F7B6EB 57               push        edi 77F7B6EC 8B74240C         mov         esi,dword ptr [esp+0Ch] 77F7B6F0 8B7C2410         mov         edi,dword ptr [esp+10h] FAULT ->77F7B6F4 8A06             mov         al,byte ptr [esi] 77F7B6F6 3807             cmp         byte ptr [edi],al 77F7B6F8 7565             jne         _RtlEqualPrefixSid@8+75h 77F7B6FA 8A4602           mov         al,byte ptr [esi+2] 77F7B6FD 384702           cmp         byte ptr [edi+2],al

*> Stack Back Trace <* FramePtr ReturnAd Param#1 Param#2  Param#3  Function Name 0319f3c8 77dc2751 00000000 0cda3fb8 00cf04de ntdll!RtlEqualPrefixSid+0xb 0319f3d4 00cf04de 00000000 0cda3fb8 6724bd78 ADVAPI32!EqualPrefixSid+0xe 0319fc18 00cf109c 0012ec90 0cda3fb8 00000001 DAPI!GetDomainDescrBySid 0319fc5c 00cf1b46 00000000 0cda3fb8 00000001 DAPI!GetDomainInfoBySid 0319fee0 00cf3031 0cda3fb8 6724bd78 67201590 DAPI!SidToFullAccount 0319ff28 00cf56e2 0319ff50 0319ff54 0012ec08 DAPI!GetAssociatedNTAccount 0319ff7c 00cf59bb 0cda1fe0 6724bd78 67201590 DAPI!ProcessSecurityRequest 0319ffb8 77f04f2c 01fd4fa8 6724bd78 67201590 DAPI!SecurityThread 0319ffec 00000000 00cf5970 01fd4fa8 00000000 KERNEL32!BaseThreadStart



CAUSE
DAPI was attempting to compare two Security Identifier (SID) structures for equality, however, one of these was NULL. When RtlEqualPrefixSid attempted to access the memory pointed to by the NULL pointer, it resulted in an access violation.



WORKAROUND
None.



STATUS
Microsoft has confirmed this to be a problem in Microsoft Exchange Server version 5.5. This problem has been corrected in the latest U.S. service pack for Microsoft Exchange Server version 5.5. For information on obtaining the service pack, query on the following word in the Microsoft Knowledge Base (without the spaces):

S E R V P A C K

Additional query words: Lotus Notesc DirSync Crash Av Failure

Keywords: kbbug kbfix kbqfe KB190441

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.