Re: W2K SP4 bug on DCs

From: Vladimir Markovic (VMarkovic_at_SWST.COM)
Date: 09/18/03

  • Next message: Eric Schultze: "Re: DLL checksum errors in shavlik's mssecure.xml?"
    Date:         Thu, 18 Sep 2003 10:54:16 -0500
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Hi Russ - I wanted to add to my previous email. It has come to my attention
    that fix KB824226 that resolved the reboot of the AD Domain Controllers as
    described below actually introduces a new bug - and that is a memory leak in
    LSASS. M$ has already acknowledged the issue and written a new fix that
    resolves the memory leak and it supercedes the KB824226. New article # is
    KB828297 but you may not be able to find it as of this writing since it has
    not yet been completed according to the support tech. Patch is however
    ready and I already downloaded it. good luck

    Vladimir Markovic
    Information Technology
    Southwest Securities, Inc.
    214.859.6372
    vmarkovic@swst.com

    -----Original Message-----
    From: Vladimir Markovic
    Sent: Tuesday, September 02, 2003 2:14 PM
    To: 'NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM'
    Subject: W2K SP4 bug on DCs

    Hello Russ,

    I am not sure if this is worth mentioning to the masses - but since I just
    got burned by this I wanted to make other folks aware of it. We upgraded
    our AD DCs to SP4 3 days ago and just this morning, as users were getting
    logged on all of them decided to reboot themselves. I found this in the
    event logs
    Internal event: Exception c0000005 has occurred with parameters 757b5954 and
    0 (Internal ID 0).
    And it was issued by NTDS General, Category Internal processing with the
    event IS 1173

    After a little bit of research I found a new article 824226 that describes
    this error but does not mention the severity of it. I contacted M$ and
    received the patch that is now in our Test Forrest. Hopefully tonight it
    will go into production so tomorrow can be a better day.
    http://support.microsoft.com/default.aspx?scid=kb;en-us;824226

    Vladimir Markovic
    Information Technology
    Southwest Securities, Inc.
    214.859.6372
    vmarkovic@swst.com

    ----
    Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!
    With a growth rate exceeding 110%, the TICSA security practitioner
    certification is one of the hottest IT credentials available.  And now, for
    a limited time, you can save 33% off of the TICSA certification exam! To
    learn more about the TICSA certification, and to register as a TICSA
    candidate online, just go to
    http://www.trusecure.com/offer/s0100/
    ----
    

  • Next message: Eric Schultze: "Re: DLL checksum errors in shavlik's mssecure.xml?"