Article ID: 842382
Article Last Modified on 10/26/2006
APPLIES TO
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows Registry
SYMPTOMS
You experience the following symptoms on your Microsoft Windows 2000-based domain controller:
- You notice unexpectedly high CPU usage in the Lsass.exe process.
An event that is similar to the following is logged to the Directory Services event log:
Type: Error
Source: NTDS
Category: Internal Processing
Event ID: 1168
Description:
Additional Data
Error value (decimal):
8
Error value (hex):
8
Internal ID 302022c- Your domain controller does not respond to logon requests or to user authentication requests. You have to restart your domain controller.
CAUSE
This problem occurs if the virtual memory address space of the Lsass.exe process is fragmented. This condition may occur if the domain controller processes heavier loads than the typical load. Specifically, you may experience this problem in one or more of the following scenarios:
- There is no load balancing between domain controllers in your environment.
- Microsoft System Management Server (SMS) jobs are run on many clients at the same time.
- One of the SMS accounts is locked, and there are SMS jobs that require many authentication operations.
Note Error code 8 in event ID 1168 indicates that insufficient memory is available. Internal ID 302022c in event ID 1168 indicates that one thread that is generated by the Lsass.exe process tries to create a new heap cache, but the operation fails.
RESOLUTION
Hotfix information
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that this article describes. Apply it only to systems that are experiencing this specific problem.
To resolve this problem, contact Microsoft Product Support Services to obtain the hotfix. For a complete list of Microsoft Product Support Services telephone numbers and information about support costs, visit the following Microsoft Web site:
Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.
Prerequisites
This hotfix requires the following hotfixes:
- The hotfix that is documented in the following article in the Microsoft Knowledge Base:
816542 The Windows XP Low Fragmentation Heap algorithm feature is available for Windows 2000
- The hotfix that is documented in the following article in the Microsoft Knowledge Base:
835561 An access violation occurs in Lsass.exe in Windows 2000 Server
Restart requirement
You must restart your computer after you apply this hotfix.
Hotfix replacement information
This hotfix does not replace any other hotfixes.
File information
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Date Time Version Size File name ----------------------------------------------------------- 24-Mar-2004 04:17 5.0.2195.6876 388,368 Advapi32.dll 24-Mar-2004 04:17 5.0.2195.6866 69,904 Browser.dll 24-Mar-2004 04:17 5.0.2195.6824 134,928 Dnsapi.dll 24-Mar-2004 04:17 5.0.2195.6876 92,432 Dnsrslvr.dll 24-Mar-2004 04:17 5.0.2195.6883 47,888 Eventlog.dll 24-Mar-2004 04:17 5.0.2195.6890 143,632 Kdcsvc.dll 11-Mar-2004 04:37 5.0.2195.6903 210,192 Kerberos.dll 21-Sep-2003 02:32 5.0.2195.6824 71,888 Ksecdd.sys 12-May-2004 21:21 5.0.2195.6924 512,784 Lsasrv.dll 26-Feb-2004 01:59 5.0.2195.6902 33,552 Lsass.exe 11-Mar-2004 04:37 5.0.2195.6897 123,152 Msv1_0.dll 24-Mar-2004 04:17 5.0.2195.6897 312,592 Netapi32.dll 24-Mar-2004 04:17 5.0.2195.6891 371,472 Netlogon.dll 13-May-2004 00:12 5.0.2195.6924 933,136 Ntdsa.dll 24-Mar-2004 04:17 5.0.2195.6897 388,368 Samsrv.dll 24-Mar-2004 04:17 5.0.2195.6893 111,376 Scecli.dll 24-Mar-2004 04:17 5.0.2195.6903 253,200 Scesrv.dll 05-Feb-2004 22:18 5.0.2195.6896 5,869,056 Sp3res.dll 05-Apr-2004 19:26 5.4.15.0 6,656 Spmsg.dll 05-Apr-2004 19:27 5.4.15.0 158,208 Spuninst.exe 24-Mar-2004 04:17 5.0.2195.6824 50,960 W32time.dll 21-Sep-2003 02:32 5.0.2195.6824 57,104 W32tm.exe 20-Sep-2003 00:09 4,092 Eula.txt 13-May-2004 00:26 13,004 Kb842382.cat 05-Apr-2004 19:27 5.4.15.0 22,016 Spcustom.dll 05-Apr-2004 19:26 5.4.15.0 616,960 Update.exe 13-May-2004 00:06 40,668 Update.inf 13-May-2004 00:22 1,403 Update.ver
Enable the hotfix
This hotfix includes functionality that lets you perform the following operations:
- Reduce the virtual memory fragmentation that is generated by the Lsass.exe process.
- Reduce the amount of virtual memory that the Lsass.exe process consumes when it processes Lightweight Directory Access Protocol (LDAP) requests.
To enable the functionality that is included in this hotfix, you must add two registry entries.
Add the UseLowFragHeap registry entry to reduce the virtual memory fragmentation that is generated by the Lsass.exe process
To reduce the virtual memory fragmentation that is generated by the Lsass.exe process, add the UseLowFragHeap registry entry to the following registry subkey, and then set the registry entry to 1. When you do this, the Lsass.exe processes uses the Low Fragmentation Heap algorithm. This algorithm minimizes heap fragmentation and improves heap-allocation performance.
To add the UseLowFragHeap registry entry and then set this registry entry to 1, follow these steps:
- Click Start, click Run, type regedit in the Open box, and then click OK.
- Locate and then click the following registry subkey: '
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
- On the Edit menu, point to New, and then click DWORD Value.
- Type UseLowFragHeap, and then press ENTER.
- On the Edit menu, click Modify.
- In the Value data box, type 1, and then click OK.
- On the Registry menu, click Exit to quit Registry Editor.
Notes
- If you set the UseLowFragHeap registry entry to 0 (zero), or if the UseLowFragHeap registry entry does not exist, the Lsass.exe process does not use the Low Fragmentation Heap algorithm.
- The core Low Fragmentation Heap algorithm is included in the hotfix that is described in article 816542 in the Microsoft Knowledge Base. You do not have to add a registry entry to enable the functionality of the core Low Fragmentation Heap algorithm.
Add the ThreadStateHeapSize registry entry to reduce the amount of virtual memory that the Lsass.exe process consumes when it processes LDAP requests
The Ntdsa.dll component that is included in this hotfix has been modified to create smaller thread state heaps. Instead of the default heap size of 8 megabytes (MB), you can now specify the heap size that you want.
To add the ThreadStateHeapSize registry entry, follow these steps:
- Click Start, click Run, type regedit in the Open box, and then click OK.
- Locate and then click the following registry subkey: '
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters
- On the Edit menu, point to New, and then click DWORD Value.
- Type ThreadStateHeapSize, and then press ENTER.
- On the Edit menu, click Modify.
- In the Value data box, type the value that you want in bytes, and then click OK.
- On the Registry menu, click Exit to quit Registry Editor.
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
MORE INFORMATION
For additional information about how hotfix packages are named, click the following article number to view the article in the Microsoft Knowledge Base:
816915 New file naming schema for Microsoft Windows software update packages
For additional information about terminology that is used to describe Microsoft software updates, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
Additional query words: w2k
Keywords: kbqfe kbhotfixserver kbbug kbfix kbwin2000presp5fix KB842382