LSASS.exe crashing afer unlocking computer
Hi there,I have a problem with LSASS on Win7 RC (Build 7100)The computer is connected to an Active Directory domain, and I lock it every time I leave my desk. Unfortunately when I come back and unlock it, 90% of the time, lsass.exe has crashed, and the PC reboots a minute later.Here's the event from the Application Log for the latest occourance:Faulting application name: lsass.exe, version: 6.1.7100.0, time stamp: 0x49ee8a5dFaulting module name: ntdll.dll, version: 6.1.7100.0, time stamp: 0x49eea66eException code: 0xc0000374Fault offset: 0x000c2cd3Faulting process id: 0x1d0Faulting application start time: 0x01c9faae9c26cf94Faulting application path: C:\Windows\system32\lsass.exeFaulting module path: C:\Windows\SYSTEM32\ntdll.dllReport Id: 34bfabec-6705-11de-ae56-001cc0081c78I wonder if anyone has come across this before.
July 2nd, 2009 6:09pm

I am having a similar issue - my notebook is rebooting due to a problem with lsass.exe and I seethe same error event logged in the application log. I see the problem about every other day even when I'm actively using the computer. Let's compare our configuration to see if we have more in commonMy PC configAcer Aspire 4730z, Intel Pentuim Dual T3400 2.16GHz, 4 GB RAMOEM Bluetooth module installedSMC SCR3340 Smartcard readerWindows 7 build 7100 64 bitMember of W2K3 domain - small domain, one domain controllerInstalled SWMS Office 2007 SP2Virtual PC 2007Windows Mobile Device CenterActiveidentity ActivClient Smartcard middlewareAVG Free Anti-virusI had to install a set of 64 bit Vista drivers from the Acer website to support some fo the HW. My normal user account is a non-admin account.I'm hoping to limp along until the final version is released and I do a clean install but it would be nice to resolve the problem now.
Free Windows Admin Tool Kit Click here and download it now
July 8th, 2009 4:59am

Here is someone else with the same problem...http://www.neowin.net/forum/index.php?showtopic=733798From what I can see, the only thing that's common is that all three are members of Active Directory Domains.I'l get my hands on the RTM version next week (TechNet Subscriber), so I'll try it and let you know if it solves the issue.
July 8th, 2009 12:14pm

OK, seeing as RTM wasn't released when I expected. But seeing as it is now... I've upgraded.It stoppedhappening for a while on the RC, but when I clean-upgraded to RTMon the same machine, it started happening again. Also, Live Messenger now crashes on logon.Oddness.
Free Windows Admin Tool Kit Click here and download it now
August 10th, 2009 8:18pm

This just happened to me with the Windows 7 RTM. My PC is also a member of an Active Directory domain. When I unlocked the machine after an hour or so with the screen locked, I was forced to reboot. Application Log entry for the failed app : Faulting application name: lsass.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc155 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5be02b Exception code: 0xc0000374 Fault offset: 0x00000000000c6cd2 Faulting process id: 0x258 Faulting application start time: 0x01ca17baee7a0dab Faulting application path: C:\Windows\system32\lsass.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 30b241ef-85df-11de-8365-00146cc1b6f0
August 10th, 2009 10:22pm

Has anyone found an answer for this issue?I am using a Dell Precision M90 running Windows 7 Enterprise 32-bit RTM hooked up to a domain also.It does not matter whether the laptop is docked or not, only if I am plugged into the network.I have recieved two errors, the one above and this one. A critical system process, C:\Windows\system32\lsass.exe, failed with status code 255. The machine must now be restarted.
Free Windows Admin Tool Kit Click here and download it now
August 20th, 2009 9:59pm

I'll add a little more info hopefully giving someone that tidbit more to solve this issue. I've installed RC1 (build 7100) on two different computers. They are both members of a Win 2008 AD. My primary desktop was installed first with it. It took 3 reinstalls of RC1 incrementally installing less updates of drivers, until I finally have a version that gives me the error after waking up the computer, maybe once every 5th time waking it up. I am connected to a domain. My second computer, fresh install of RC1, updated a couple of drivers specific to Win 7 64-bit, from the MOBO manufacturer. When I have it as part of the domain, and I wake it up, I get the error each time. When I make the computer local to a workgroup, the error does not occur when waking it up. So clearly there is something associated with being a member of a domain running AD. My AD is Windows 2008 SP2 (not RC2). No warnings or errors occurring in any of the roles, just information messages in the Server Manager UI, everything seems to run smoothly.My computers are home builds, but I've been building computers for quite a few years now, and both computers arenew MOBO (Asus, MSI)and CPU's (i7, E8400).
August 23rd, 2009 11:11pm

I have tried shutting down any Antivirus applications and it doesn't seem to make any difference.Also as said above it ONLY happens when hooked to a Domain.How did Microsoft not catch this problem?It has been happening since the Beta release.Will keep working on it and see if I can find an answer.
Free Windows Admin Tool Kit Click here and download it now
August 25th, 2009 6:09pm

I have same issue, I have iMac 24 inch in the office that i have Windows 7 RTM running under Windows 2003 Domain. I have iMac 24 inch at home that i have Windows 7 RTM running that is NOT under any domain. Both machines same hardware same softwares. The one under domain is keep getting this error and reboots. Any suggestions or solutions greatly appreciated! Eimis
August 26th, 2009 9:16pm

any update on afix?
Free Windows Admin Tool Kit Click here and download it now
September 2nd, 2009 7:12pm

We had the same issue and it looks like by disabling the Screen lock gpo we had resolved the issueWe created a new OU just for windows 7 with no policy and it stop the reboots from happening. then we added the gpo one by one and everytime the screen lock gpo was added, the workstations would reboot when you logged back in
September 8th, 2009 5:09pm

Let's add another crasher to the party. My computer is on the domain and crashes when I unlock the computer. Occasionally it will let me unlock. Faulting application name: lsass.exe, version: 6.1.7600.16385, time stamp: 0x4a5bbf3e Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdadb Exception code: 0xc0000374 Fault offset: 0x000c283b Faulting process id: 0x240 Faulting application start time: 0x01ca331d9070ae72 Faulting application path: C:\Windows\system32\lsass.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: cae59557-9f22-11de-b81f-0011952705a1
Free Windows Admin Tool Kit Click here and download it now
September 12th, 2009 1:39am

Well, I have been doing some extensive testing the past couple days.Loaded up a dell laptop d820 with Windows 7 32-bit.Local Account Logon - no crashLocal Account Logon after hooking to a domain - no crashOur Production Domain Logon - crashDevelopmentDomain Logon - no crash yetOur development domain is just a plain Windows 2003 AD with one server no group policies implemented.So...there is something different between our Development AD and Production AD that is causing the issue.I have tried removing all group policies from my computer and account logon but it did not help.I will keep trying to find out what in our production domain is causing this to happen.It would GREAT if Microsoft would toss something into the hat....
September 15th, 2009 11:50pm

I have run for a while now without crashing after setting my desktop to static and setting all my power settings to never turn off. It lets me lock the computer without crashing anymore and I am still on the domain with Group Policies.
Free Windows Admin Tool Kit Click here and download it now
September 15th, 2009 11:52pm

Yeah, mine hasn't happened in a while either. I've not changed any power or desktop settings to my knowledge.
September 15th, 2009 11:54pm

Let me tell you what I have observed so far. The GPO is set to screen lock at 20 mins. If I boot the computer, then lock the screen and walk away for 19 minutes, I will be able to log back in. However, if I wait 21 minutes I get "The remote procedure call failed" and "The RPC server cannot be found". Then within a couple minutes the machine will reboot. I find entries on the lsass.exe failing. See these other 2 links... http://social.technet.microsoft.com/Forums/en-US/w7itprogeneral/thread/f5f44b82-b0cc-4813-8199-62964f386500 http://social.answers.microsoft.com/Forums/en-US/GettingReadyforWindows7/thread/5f88548b-5bcc-440c-9b32-058529cd9cf6
Free Windows Admin Tool Kit Click here and download it now
October 13th, 2009 1:35am

No that isn't it. The lock time in my GPO is 3 minutes. It's still random as to when it occours.
October 19th, 2009 2:02pm

Well i am going to open a case with Microsoft this week.Every Windows 7 machine we have does this.Sometimes the crash is not immediate it can take up to 1/2 hour before it fails which is odd.
Free Windows Admin Tool Kit Click here and download it now
October 19th, 2009 3:31pm

Hi,After suffering from this problem too much time both on my desktop and laptop, Ive decided to find the real workaround to this problem. All the other workarounds suggested on forums discussing this issue are not working or just partial solutions. As far as I can understand the core of the issue is some re-authentication with the domain controller that occurs when the computer is unlocked. At this point some modules that are called by lsass.exe are failing and make the service crash and you know what happens.Analyzing the crash dumps using windows debugger Ive found out that the failure related to kerberos.dll. See Exception Analysis below.So then I started to search settings related to Kerberos authentications and found 2 possible entries that can affect the Kerberos authentication process:1.Registry entry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\DefaultEncryptionType2.Policy setting located at Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Configure encryption types allowed for Kerberos, which after all sets the following registry key:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\SupportedEncryptionTypesSearching the net about this parameter reveals more information and details explanations.What solved the problem for me is setting the following registry key and values to make Windows 7 behave like Windows Server2003 regarding to Kerberos Encryption Type (KERB_ETYPE_RC4_HMAC_NT)Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ParametersType: REG_DWORDName: DefaultEncryptionTypeData: 23 (decimal) or 0x17 (hexadecimal)Now its also possible to disable the problematic encryption type with a GPO applied the Windows 7 machines or to find a way (which I didnt search for yet) to change the DefaultEncryptionType using GPO. Example Exception Analysis: FAULTING_IP: ntdll!RtlUnhandledExceptionFilter+2d200000000`776d6cd2 eb00 jmp ntdll!RtlUnhandledExceptionFilter+0x2d4 (00000000`776d6cd4) EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)ExceptionAddress: 00000000776d6cd2 (ntdll!RtlUnhandledExceptionFilter+0x00000000000002d2) ExceptionCode: c0000374 ExceptionFlags: 00000001NumberParameters: 1 Parameter[0]: 000000007774c3f0 DEFAULT_BUCKET_ID: WRONG_SYMBOLS PROCESS_NAME: lsass.exe ADDITIONAL_DEBUG_TEXT: Use '!findthebuild' command to search for the target build information.If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols. FAULTING_MODULE: 0000000077610000 ntdll DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bdfde ERROR_CODE: (NTSTATUS) 0xc0000374 - A heap has been corrupted. EXCEPTION_CODE: (NTSTATUS) 0xc0000374 - A heap has been corrupted. EXCEPTION_PARAMETER1: 000000007774c3f0 FAULTING_THREAD: 0000000000001538 PRIMARY_PROBLEM_CLASS: WRONG_SYMBOLS BUGCHECK_STR: APPLICATION_FAULT_WRONG_SYMBOLS LAST_CONTROL_TRANSFER: from 00000000776d7396 to 00000000776d6cd2 STACK_TEXT: 00000000`01f8e220 00000000`776d7396 : 00000000`00000002 00000000`00000023 00000000`00001028 00000000`00000003 : ntdll!RtlUnhandledExceptionFilter+0x2d200000000`01f8e2f0 00000000`776d86c2 : fffffa80`06ac2010 00000000`00000001 00000000`01f8eff8 00000000`7765a39e : ntdll!EtwEnumerateProcessRegGuids+0x21600000000`01f8e320 00000000`776da0c4 : 00000000`00180000 00000000`00000000 00000000`00000000 00000000`00180000 : ntdll!RtlQueryProcessLockInformation+0x95200000000`01f8e350 00000000`7767d1cd : 00000000`01b65140 00000000`00180000 00000000`01b65150 00000000`01b83010 : ntdll!RtlLogStackBackTrace+0x44400000000`01f8e380 000007fe`fce61120 : 00000000`023ed6f0 00000000`01b82f30 00000000`01b82e80 00000000`00000000 : ntdll!LdrGetProcedureAddress+0x14e0d00000000`01f8e400 000007fe`fce8bba2 : 00000000`01b82e80 00000000`00000000 00000000`023ed6f0 00000000`023a7550 : kerberos!Ordinal26+0x112000000000`01f8e430 000007fe`fce82f9c : 00000000`01b82e80 00000000`01ab3a80 00000000`00000000 00000000`01ab3af8 : kerberos!SpInitialize+0x38da00000000`01f8e460 000007fe`fce8bb82 : 00000000`01ab3b98 00000000`00000000 00000000`023a7550 00000000`023a7550 : kerberos!SpInstanceInit+0xa0800000000`01f8e490 000007fe`fce8b71f : 00000000`00000001 00000000`01ab3a80 00000000`00000000 00000000`00000000 : kerberos!SpInitialize+0x38ba00000000`01f8e4c0 000007fe`fce91c75 : 00000000`00000001 00000000`00000000 00000000`00000000 000007fe`fd29120a : kerberos!SpInitialize+0x345700000000`01f8e4f0 000007fe`fce91b67 : 00000000`00000000 00000000`00000000 00000000`023ed6f0 000007fe`fd340830 : kerberos!SpInitialize+0x99ad00000000`01f8e5c0 000007fe`fce91d0a : 00000000`00000000 00000000`01f8e700 00000000`00000000 00000000`001d4260 : kerberos!SpInitialize+0x989f00000000`01f8e660 000007fe`fd2d48c6 : 00000000`02476ac8 00000000`000000e8 00000000`023dead0 00000000`02476ac8 : kerberos!SpInitialize+0x9a4200000000`01f8ebb0 000007fe`fd29be80 : 00000000`02476ac8 00000000`00000002 00000000`000000e8 00000000`00180000 : lsasrv!LsaIAllocateHeap+0x1b77600000000`01f8ed20 000007fe`fd29b880 : 00000000`01f8f230 000007fe`fd291f61 00000000`00000002 00000000`00000002 : lsasrv!LsaIAuditLogonUsingExplicitCreds+0x2ab000000000`01f8ee60 000007fe`fd29a7d3 : 00000000`01f8f2a0 00000000`001d9578 00000000`00000000 00000000`01f8f370 : lsasrv!LsaIAuditLogonUsingExplicitCreds+0x24b000000000`01f8ef00 000007fe`fd29a30e : 00000000`0026b010 00000000`02476ac8 00000000`01f8f308 00000000`00000000 : lsasrv!LsaIAuditLogonUsingExplicitCreds+0x140300000000`01f8f1d0 000007fe`fd4018c8 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`01f8f6c8 : lsasrv!LsaIAuditLogonUsingExplicitCreds+0xf3e00000000`01f8f4e0 000007fe`fd417c5a : 00000000`00000000 00000000`01f8f6b8 00000000`00000000 00000000`00000007 : sspisrv+0x18c800000000`01f8f600 000007fe`fd41808b : 00000000`00000001 00000000`00000000 00000000`00000000 000007fe`fd417a97 : sspicli!SeciAllocateAndSetIPAddress+0x10600000000`01f8f770 000007fe`fd346813 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : sspicli!LsaLogonUser+0x8300000000`01f8f7f0 00000000`7740f56d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : lsasrv!LsaIUpdateLogonSession+0x170300000000`01f8f940 00000000`77643281 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd00000000`01f8f970 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21 FOLLOWUP_IP: kerberos!Ordinal26+1120000007fe`fce61120 eb00 jmp kerberos!Ordinal26+0x1122 (000007fe`fce61122) SYMBOL_STACK_INDEX: 5 SYMBOL_NAME: kerberos!Ordinal26+1120 FOLLOWUP_NAME: MachineOwner MODULE_NAME: kerberos IMAGE_NAME: kerberos.dll STACK_COMMAND: ~12s; .ecxr ; kb BUCKET_ID: WRONG_SYMBOLS FAILURE_BUCKET_ID: WRONG_SYMBOLS_c0000374_kerberos.dll!Ordinal26wdavid
October 19th, 2009 3:37pm

I haven't had a single crash in almost a week since I disabled the power save feature on my NIC. Previously this would happen 5-6 times a day.
Free Windows Admin Tool Kit Click here and download it now
October 19th, 2009 5:43pm

I've tryed to disable the power save feature both on my laptop and desktop and had no effect at all. Lock/unlock triggered the restart most of the time.wdavid
October 19th, 2009 5:49pm

Thanks a bunch David, it seemed to fix the issue on 2 of our computers so far.Guess it is time to upgrade my domain servers to 2008...You would have thought thiswould have beentested.
Free Windows Admin Tool Kit Click here and download it now
October 19th, 2009 8:22pm

I am experiencing the same issues you guys are. There are several other users at my company that aren't having any issues. Just wondering if you guys have Blackberry's installed? Also, As for DAVE, I have tried to find a crashdump on this, but I don't get any dumps even though I have full dumps enabled Where did you get that dump file because my computer didn't blue screan, I just get a pop-up box stating that windows has a critical error and is shutting down in one minute. Very odd. Did anyone open a case yet?
October 20th, 2009 10:16pm

Still happening for me. What is weird though, that it is happening only to me, we have about 5-10 Windows 7 machines on the network with different hardware and they run fine, no single crash. They are under same OU same Group Policies etc.,If anyone finds solution please post!Thanks
Free Windows Admin Tool Kit Click here and download it now
October 21st, 2009 12:56am

Hi,After suffering from this problem too much time both on my desktop and laptop, Ive decided to find the real workaround to this problem. All the other workarounds suggested on forums discussing this issue are not working or just partial solutions. As far as I can understand the core of the issue is some re-authentication with the domain controller that occurs when the computer is unlocked. At this point some modules that are called by lsass.exe are failing and make the service crash and you know what happens.Analyzing the crash dumps using windows debugger Ive found out that the failure related to kerberos.dll. See Exception Analysis below.So then I started to search settings related to Kerberos authentications and found 2 possible entries that can affect the Kerberos authentication process:1.Registry entry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\DefaultEncryptionType2.Policy setting located at Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Configure encryption types allowed for Kerberos, which after all sets the following registry key:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\SupportedEncryptionTypesSearching the net about this parameter reveals more information and details explanations.What solved the problem for me is setting the following registry key and values to make Windows 7 behave like Windows Server2003 regarding to Kerberos Encryption Type (KERB_ETYPE_RC4_HMAC_NT)Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ParametersType: REG_DWORDName: DefaultEncryptionTypeData: 23 (decimal) or 0x17 (hexadecimal)Now its also possible to disable the problematic encryption type with a GPO applied the Windows 7 machines or to find a way (which I didnt search for yet) to change the DefaultEncryptionType using GPO. Example Exception Analysis: FAULTING_IP: ntdll!RtlUnhandledExceptionFilter+2d200000000`776d6cd2 eb00 jmp ntdll!RtlUnhandledExceptionFilter+0x2d4 (00000000`776d6cd4) EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)ExceptionAddress: 00000000776d6cd2 (ntdll!RtlUnhandledExceptionFilter+0x00000000000002d2) ExceptionCode: c0000374 ExceptionFlags: 00000001NumberParameters: 1 Parameter[0]: 000000007774c3f0 DEFAULT_BUCKET_ID: WRONG_SYMBOLS PROCESS_NAME: lsass.exe ADDITIONAL_DEBUG_TEXT: Use '!findthebuild' command to search for the target build information.If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols. FAULTING_MODULE: 0000000077610000 ntdll DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bdfde ERROR_CODE: (NTSTATUS) 0xc0000374 - A heap has been corrupted. EXCEPTION_CODE: (NTSTATUS) 0xc0000374 - A heap has been corrupted. EXCEPTION_PARAMETER1: 000000007774c3f0 FAULTING_THREAD: 0000000000001538 PRIMARY_PROBLEM_CLASS: WRONG_SYMBOLS BUGCHECK_STR: APPLICATION_FAULT_WRONG_SYMBOLS LAST_CONTROL_TRANSFER: from 00000000776d7396 to 00000000776d6cd2 STACK_TEXT: 00000000`01f8e220 00000000`776d7396 : 00000000`00000002 00000000`00000023 00000000`00001028 00000000`00000003 : ntdll!RtlUnhandledExceptionFilter+0x2d200000000`01f8e2f0 00000000`776d86c2 : fffffa80`06ac2010 00000000`00000001 00000000`01f8eff8 00000000`7765a39e : ntdll!EtwEnumerateProcessRegGuids+0x21600000000`01f8e320 00000000`776da0c4 : 00000000`00180000 00000000`00000000 00000000`00000000 00000000`00180000 : ntdll!RtlQueryProcessLockInformation+0x95200000000`01f8e350 00000000`7767d1cd : 00000000`01b65140 00000000`00180000 00000000`01b65150 00000000`01b83010 : ntdll!RtlLogStackBackTrace+0x44400000000`01f8e380 000007fe`fce61120 : 00000000`023ed6f0 00000000`01b82f30 00000000`01b82e80 00000000`00000000 : ntdll!LdrGetProcedureAddress+0x14e0d00000000`01f8e400 000007fe`fce8bba2 : 00000000`01b82e80 00000000`00000000 00000000`023ed6f0 00000000`023a7550 : kerberos!Ordinal26+0x112000000000`01f8e430 000007fe`fce82f9c : 00000000`01b82e80 00000000`01ab3a80 00000000`00000000 00000000`01ab3af8 : kerberos!SpInitialize+0x38da00000000`01f8e460 000007fe`fce8bb82 : 00000000`01ab3b98 00000000`00000000 00000000`023a7550 00000000`023a7550 : kerberos!SpInstanceInit+0xa0800000000`01f8e490 000007fe`fce8b71f : 00000000`00000001 00000000`01ab3a80 00000000`00000000 00000000`00000000 : kerberos!SpInitialize+0x38ba00000000`01f8e4c0 000007fe`fce91c75 : 00000000`00000001 00000000`00000000 00000000`00000000 000007fe`fd29120a : kerberos!SpInitialize+0x345700000000`01f8e4f0 000007fe`fce91b67 : 00000000`00000000 00000000`00000000 00000000`023ed6f0 000007fe`fd340830 : kerberos!SpInitialize+0x99ad00000000`01f8e5c0 000007fe`fce91d0a : 00000000`00000000 00000000`01f8e700 00000000`00000000 00000000`001d4260 : kerberos!SpInitialize+0x989f00000000`01f8e660 000007fe`fd2d48c6 : 00000000`02476ac8 00000000`000000e8 00000000`023dead0 00000000`02476ac8 : kerberos!SpInitialize+0x9a4200000000`01f8ebb0 000007fe`fd29be80 : 00000000`02476ac8 00000000`00000002 00000000`000000e8 00000000`00180000 : lsasrv!LsaIAllocateHeap+0x1b77600000000`01f8ed20 000007fe`fd29b880 : 00000000`01f8f230 000007fe`fd291f61 00000000`00000002 00000000`00000002 : lsasrv!LsaIAuditLogonUsingExplicitCreds+0x2ab000000000`01f8ee60 000007fe`fd29a7d3 : 00000000`01f8f2a0 00000000`001d9578 00000000`00000000 00000000`01f8f370 : lsasrv!LsaIAuditLogonUsingExplicitCreds+0x24b000000000`01f8ef00 000007fe`fd29a30e : 00000000`0026b010 00000000`02476ac8 00000000`01f8f308 00000000`00000000 : lsasrv!LsaIAuditLogonUsingExplicitCreds+0x140300000000`01f8f1d0 000007fe`fd4018c8 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`01f8f6c8 : lsasrv!LsaIAuditLogonUsingExplicitCreds+0xf3e00000000`01f8f4e0 000007fe`fd417c5a : 00000000`00000000 00000000`01f8f6b8 00000000`00000000 00000000`00000007 : sspisrv+0x18c800000000`01f8f600 000007fe`fd41808b : 00000000`00000001 00000000`00000000 00000000`00000000 000007fe`fd417a97 : sspicli!SeciAllocateAndSetIPAddress+0x10600000000`01f8f770 000007fe`fd346813 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : sspicli!LsaLogonUser+0x8300000000`01f8f7f0 00000000`7740f56d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : lsasrv!LsaIUpdateLogonSession+0x170300000000`01f8f940 00000000`77643281 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd00000000`01f8f970 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21 FOLLOWUP_IP: kerberos!Ordinal26+1120000007fe`fce61120 eb00 jmp kerberos!Ordinal26+0x1122 (000007fe`fce61122) SYMBOL_STACK_INDEX: 5 SYMBOL_NAME: kerberos!Ordinal26+1120 FOLLOWUP_NAME: MachineOwner MODULE_NAME: kerberos IMAGE_NAME: kerberos.dll STACK_COMMAND: ~12s; .ecxr ; kb BUCKET_ID: WRONG_SYMBOLS FAILURE_BUCKET_ID: WRONG_SYMBOLS_c0000374_kerberos.dll!Ordinal26 wdavid This has worked for me, created that regkey, hasn't crashed yet!What solved the problem for me is setting the following registry key and values to make Windows 7 behave like Windows Server2003 regarding to Kerberos Encryption Type (KERB_ETYPE_RC4_HMAC_NT)Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ParametersType: REG_DWORDName: DefaultEncryptionTypeData: 23 (decimal) or 0x17 (hexadecimal)
October 23rd, 2009 6:00pm

David Weisz suggestion helped:This has worked for me, created that regkey, hasn't crashed yet!What solved the problem for me is setting the following registry key and values to make Windows 7 behave like Windows Server2003 regarding to Kerberos Encryption Type (KERB_ETYPE_RC4_HMAC_NT)Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ParametersType: REG_DWORDName: DefaultEncryptionTypeData: 23 (decimal) or 0x17 (hexadecimal)Not crashing anyomore
Free Windows Admin Tool Kit Click here and download it now
October 23rd, 2009 6:01pm

This has immediately started working or me. I will post back if I encounter any more problems after this change. Thanks
October 23rd, 2009 7:43pm

This has started happening to me again today.I have 2 Domain Controllers - one 2008 and one 2003 - is it the 2003 one that's causing the issue?
Free Windows Admin Tool Kit Click here and download it now
November 16th, 2009 1:26pm

David Weisz suggestion helped:This has worked for me, created that regkey, hasn't crashed yet!What solved the problem for me is setting the following registry key and values to make Windows 7 behave like Windows Server2003 regarding to Kerberos Encryption Type (KERB_ETYPE_RC4_HMAC_NT)Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ParametersType: REG_DWORDName: DefaultEncryptionTypeData: 23 (decimal) or 0x17 (hexadecimal)Not crashing anyomore Same here not crashing anymore, thank you guys.
January 19th, 2010 10:19am

This seems to be the exact issue. http://support.microsoft.com/default.aspx?scid=kb;en-us;976586&sd=rss&spid=14481Mark Morowczynski|MCT| MCSE 2003:Messaging, Security|MCITP:EMA 2K7,EDA Win 7,ES,SA,EA|MCTS:Windows Mobile Admin|Security+|http://almostdailytech.com
Free Windows Admin Tool Kit Click here and download it now
February 9th, 2010 5:54pm

David Weisz suggestion helped: This has worked for me, created that regkey, hasn't crashed yet! What solved the problem for me is setting the following registry key and values to make Windows 7 behave like Windows Server2003 regarding to Kerberos Encryption Type (KERB_ETYPE_RC4_HMAC_NT) Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters Type: REG_DWORD Name: DefaultEncryptionType Data: 23 (decimal) or 0x17 (hexadecimal) Not crashing anyomore Same here not crashing anymore, thank you guys. Coul´d you please specify what I am supposed to do in the registry editor... I really wouldn't like to risk the stability of my system if I mess something up :(
May 9th, 2010 11:18am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics