I'm running Windows 7 Beta x32 build 7000 on a Dell Precision M6300 notebook.
Intel T7800, 4 gigs RAM, Quatro FX1600M, 120 gig 7200 RPM HDD
All critical and recommended patches/drivers have been installed including the NVidia Quadro driver for my display adapter.
I also had to install a patch provided for KB961402 to allow my machine to join our Active Directory domain.
At this point the only software installed is Firefox 3 and MS Office 2007 Professional. I had AVG 8 installed but I uninstalled it figuring it may be causing the problem.
What happens is before I walk away from my desk I press ALT+CTL+Del and select lock workstation so it's secure until I return.
As soon as I enter my password it returns me to my desktop and then prompts me with an error that says something to the effect "A critical error has occurred and your machine will reboot in 1 minute". Eventually it reboots and operates normally until I look it again.
This is the second installation of Windows 7 Beta build 7000 on this laptop. When I had this problem last week and could not resolve it I reloaded a 2nd time to try and clear it up, but the problem persists.
As long as I do not lock the workstation or do not require a password when the screen saver ends, I have no problems and the machine works wonderful.
Does anyone have any advice?
I have provided detailed event log data below....
In the Event Viewer I see the following 3 error entries in the Application Log:
FIRST ENTRY:
Log Name: Application
Source: Application Error
Date: 2/10/2009 12:40:29 PM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: xxxxxxxxxx.xxxxxxxxxx.com
Description:
Faulting application name: lsass.exe, version: 6.1.7000.0, time stamp: 0x4943152e
Faulting module name: ntdll.dll, version: 6.1.7000.0, time stamp: 0x49433e67
Exception code: 0xc0000374
Fault offset: 0x000c0853
Faulting process id: 0x214
Faulting application start time: 0x01c98ba1b28b136a
Faulting application path: C:\Windows\system32\lsass.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: e83c54e5-f799-11dd-ac4c-001e377e16ad
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-02-10T17:40:29.000000000Z" />
<EventRecordID>1015</EventRecordID>
<Channel>Application</Channel>
<Computer>xxxxxxxx.xxxxxxxxxx.com</Computer>
<Security />
</System>
<EventData>
<Data>lsass.exe</Data>
<Data>6.1.7000.0</Data>
<Data>4943152e</Data>
<Data>ntdll.dll</Data>
<Data>6.1.7000.0</Data>
<Data>49433e67</Data>
<Data>c0000374</Data>
<Data>000c0853</Data>
<Data>214</Data>
<Data>01c98ba1b28b136a</Data>
<Data>C:\Windows\system32\lsass.exe</Data>
<Data>C:\Windows\SYSTEM32\ntdll.dll</Data>
<Data>e83c54e5-f799-11dd-ac4c-001e377e16ad</Data>
</EventData>
</Event>
SECOND ENTRY:
Log Name: Application
Source: Windows Error Reporting
Date: 2/10/2009 12:40:30 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: xxxxxxxxxx.xxxxx.com
Description:
Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: lsass.exe
P2: 6.1.7000.0
P3: 4943152e
P4: StackHash_52be
P5: 6.1.7000.0
P6: 49433e67
P7: c0000374
P8: 000c0853
P9:
P10:
Attached files:
C:\Windows\Temp\WERCE46.tmp.appcompat.txt
C:\Windows\Temp\WERCE57.tmp.WERInternalMetadata.xml
C:\Windows\Temp\WERCE58.tmp.hdmp
C:\Windows\Temp\WERCEB7.tmp.mdmp
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_lsass.exe_db822d789c398dd2a8adfd6b9494bb22bb6b1e7_cab_05e4cf30
Analysis symbol:
Rechecking for solution: 0
Report Id: e83c54e5-f799-11dd-ac4c-001e377e16ad
Report Status: 20
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Windows Error Reporting" />
<EventID Qualifiers="0">1001</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-02-10T17:40:30.000000000Z" />
<EventRecordID>1016</EventRecordID>
<Channel>Application</Channel>
<Computer>xxxxxxxxxx.xxxxx.com</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>0</Data>
<Data>APPCRASH</Data>
<Data>Not available</Data>
<Data>0</Data>
<Data>lsass.exe</Data>
<Data>6.1.7000.0</Data>
<Data>4943152e</Data>
<Data>StackHash_52be</Data>
<Data>6.1.7000.0</Data>
<Data>49433e67</Data>
<Data>c0000374</Data>
<Data>000c0853</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
C:\Windows\Temp\WERCE46.tmp.appcompat.txt
C:\Windows\Temp\WERCE57.tmp.WERInternalMetadata.xml
C:\Windows\Temp\WERCE58.tmp.hdmp
C:\Windows\Temp\WERCEB7.tmp.mdmp</Data>
<Data>C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_lsass.exe_db822d789c398dd2a8adfd6b9494bb22bb6b1e7_cab_05e4cf30</Data>
<Data>
</Data>
<Data>0</Data>
<Data>e83c54e5-f799-11dd-ac4c-001e377e16ad</Data>
<Data>20</Data>
</EventData>
</Event>
THIRD ENTRY:
Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 2/10/2009 12:40:30 PM
Event ID: 1015
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: xxxxxxxxxx.xxxxx.com
Description:
A critical system process, C:\Windows\system32\lsass.exe, failed with status code 255. The machine must now be restarted.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="49152">1015</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-02-10T17:40:30.000000000Z" />
<EventRecordID>1017</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>xxxxxxxxxx.xxxxx.com</Computer>
<Security />
</System>
<EventData>
<Data>C:\Windows\system32\lsass.exe</Data>
<Data>255</Data>
</EventData>
</Event>
Hi,
I have had this error off and on for over a year on Windows XP. Any answers would be extremely appreciated.
Patrick
I have had this error off and on for over a year on Windows XP. Any answers would be extremely appreciated.
Patrick
could you please post the Dump file (packed as 7zip archive) here?
It's not creating one. Just to be sure I set the dump file path to c:\temp and locked/unlocked the workstation, it notified me of the critical error and rebooted (not a BSOD mind you, just a dialog box popping up), it rebooted, and no memory.dmp file. What gives?
By the way, I noticed that when I'm at home and not connected to the AD domain everything is fine. I can lock/unlock without any trouble.
When I'm at work is when the fun begins. The only difference is at work it's in a dock. Hmm, maybe I should try it out of the dock but still connected to the network to see if the docking hardware has something to do with it.
Quote - (MagicAndre1981 @ Feb 10 2009, 17:15) 
could you please post the Dump file (packed as 7zip archive) here?
By the way, I noticed that when I'm at home and not connected to the AD domain everything is fine. I can lock/unlock without any trouble.
When I'm at work is when the fun begins. The only difference is at work it's in a dock. Hmm, maybe I should try it out of the dock but still connected to the network to see if the docking hardware has something to do with it.
Hi,
After suffering from this problem too much time both on my desktop and laptop, I’ve decided to find the real workaround to this problem. All the other workarounds suggested on forums discussing this issue are not working or just partial solutions.
As far as I can understand the core of the issue is some re-authentication with the domain controller that occurs when the computer is unlocked. At this point some modules that are called by lsass.exe are failing and make the service crash and you know what happens.
Analyzing the crash dumps using windows debugger I’ve found out that the failure related to kerberos.dll. See Exception Analysis below.
So then I started to search settings related to Kerberos authentications and found 2 possible entries that can affect the Kerberos authentication process:
1. Registry entry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\DefaultEncryptionType
2. Policy setting located at “Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Configure encryption types allowed for Kerberos”, which after all sets the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\SupportedEncryptionTypes
Searching the net about this parameter reveals more information and details explanations.
What solved the problem for me is setting the following registry key and values to make Windows 7 behave like Windows Server2003 regarding to Kerberos Encryption Type (KERB_ETYPE_RC4_HMAC_NT)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Type: REG_DWORD
Name: DefaultEncryptionType
Data: 23 (decimal) or 0x17 (hexadecimal)
Now it’s also possible to disable the problematic encryption type with a GPO applied the Windows 7 machines or to find a way (which I didn’t search for yet) to change the DefaultEncryptionType using GPO.
Example Exception Analysis:
FAULTING_IP:
ntdll!RtlUnhandledExceptionFilter+2d2
00000000`776d6cd2 eb00 jmp ntdll!RtlUnhandledExceptionFilter+0x2d4 (00000000`776d6cd4)
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00000000776d6cd2 (ntdll!RtlUnhandledExceptionFilter+0x00000000000002d2)
ExceptionCode: c0000374
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 000000007774c3f0
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
PROCESS_NAME: lsass.exe
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
FAULTING_MODULE: 0000000077610000 ntdll
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bdfde
ERROR_CODE: (NTSTATUS) 0xc0000374 - A heap has been corrupted.
EXCEPTION_CODE: (NTSTATUS) 0xc0000374 - A heap has been corrupted.
EXCEPTION_PARAMETER1: 000000007774c3f0
FAULTING_THREAD: 0000000000001538
PRIMARY_PROBLEM_CLASS: WRONG_SYMBOLS
BUGCHECK_STR: APPLICATION_FAULT_WRONG_SYMBOLS
LAST_CONTROL_TRANSFER: from 00000000776d7396 to 00000000776d6cd2
STACK_TEXT:
00000000`01f8e220 00000000`776d7396 : 00000000`00000002 00000000`00000023 00000000`00001028 00000000`00000003 : ntdll!RtlUnhandledExceptionFilter+0x2d2
00000000`01f8e2f0 00000000`776d86c2 : fffffa80`06ac2010 00000000`00000001 00000000`01f8eff8 00000000`7765a39e : ntdll!EtwEnumerateProcessRegGuids+0x216
00000000`01f8e320 00000000`776da0c4 : 00000000`00180000 00000000`00000000 00000000`00000000 00000000`00180000 : ntdll!RtlQueryProcessLockInformation+0x952
00000000`01f8e350 00000000`7767d1cd : 00000000`01b65140 00000000`00180000 00000000`01b65150 00000000`01b83010 : ntdll!RtlLogStackBackTrace+0x444
00000000`01f8e380 000007fe`fce61120 : 00000000`023ed6f0 00000000`01b82f30 00000000`01b82e80 00000000`00000000 : ntdll!LdrGetProcedureAddress+0x14e0d
00000000`01f8e400 000007fe`fce8bba2 : 00000000`01b82e80 00000000`00000000 00000000`023ed6f0 00000000`023a7550 : kerberos!Ordinal26+0x1120
00000000`01f8e430 000007fe`fce82f9c : 00000000`01b82e80 00000000`01ab3a80 00000000`00000000 00000000`01ab3af8 : kerberos!SpInitialize+0x38da
00000000`01f8e460 000007fe`fce8bb82 : 00000000`01ab3b98 00000000`00000000 00000000`023a7550 00000000`023a7550 : kerberos!SpInstanceInit+0xa08
00000000`01f8e490 000007fe`fce8b71f : 00000000`00000001 00000000`01ab3a80 00000000`00000000 00000000`00000000 : kerberos!SpInitialize+0x38ba
00000000`01f8e4c0 000007fe`fce91c75 : 00000000`00000001 00000000`00000000 00000000`00000000 000007fe`fd29120a : kerberos!SpInitialize+0x3457
00000000`01f8e4f0 000007fe`fce91b67 : 00000000`00000000 00000000`00000000 00000000`023ed6f0 000007fe`fd340830 : kerberos!SpInitialize+0x99ad
00000000`01f8e5c0 000007fe`fce91d0a : 00000000`00000000 00000000`01f8e700 00000000`00000000 00000000`001d4260 : kerberos!SpInitialize+0x989f
00000000`01f8e660 000007fe`fd2d48c6 : 00000000`02476ac8 00000000`000000e8 00000000`023dead0 00000000`02476ac8 : kerberos!SpInitialize+0x9a42
00000000`01f8ebb0 000007fe`fd29be80 : 00000000`02476ac8 00000000`00000002 00000000`000000e8 00000000`00180000 : lsasrv!LsaIAllocateHeap+0x1b776
00000000`01f8ed20 000007fe`fd29b880 : 00000000`01f8f230 000007fe`fd291f61 00000000`00000002 00000000`00000002 : lsasrv!LsaIAuditLogonUsingExplicitCreds+0x2ab0
00000000`01f8ee60 000007fe`fd29a7d3 : 00000000`01f8f2a0 00000000`001d9578 00000000`00000000 00000000`01f8f370 : lsasrv!LsaIAuditLogonUsingExplicitCreds+0x24b0
00000000`01f8ef00 000007fe`fd29a30e : 00000000`0026b010 00000000`02476ac8 00000000`01f8f308 00000000`00000000 : lsasrv!LsaIAuditLogonUsingExplicitCreds+0x1403
00000000`01f8f1d0 000007fe`fd4018c8 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`01f8f6c8 : lsasrv!LsaIAuditLogonUsingExplicitCreds+0xf3e
00000000`01f8f4e0 000007fe`fd417c5a : 00000000`00000000 00000000`01f8f6b8 00000000`00000000 00000000`00000007 : sspisrv+0x18c8
00000000`01f8f600 000007fe`fd41808b : 00000000`00000001 00000000`00000000 00000000`00000000 000007fe`fd417a97 : sspicli!SeciAllocateAndSetIPAddress+0x106
00000000`01f8f770 000007fe`fd346813 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : sspicli!LsaLogonUser+0x83
00000000`01f8f7f0 00000000`7740f56d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : lsasrv!LsaIUpdateLogonSession+0x1703
00000000`01f8f940 00000000`77643281 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
00000000`01f8f970 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21
FOLLOWUP_IP:
kerberos!Ordinal26+1120
000007fe`fce61120 eb00 jmp kerberos!Ordinal26+0x1122 (000007fe`fce61122)
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: kerberos!Ordinal26+1120
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: kerberos
IMAGE_NAME: kerberos.dll
STACK_COMMAND: ~12s; .ecxr ; kb
BUCKET_ID: WRONG_SYMBOLS
FAILURE_BUCKET_ID: WRONG_SYMBOLS_c0000374_kerberos.dll!Ordinal26
After suffering from this problem too much time both on my desktop and laptop, I’ve decided to find the real workaround to this problem. All the other workarounds suggested on forums discussing this issue are not working or just partial solutions.
As far as I can understand the core of the issue is some re-authentication with the domain controller that occurs when the computer is unlocked. At this point some modules that are called by lsass.exe are failing and make the service crash and you know what happens.
Analyzing the crash dumps using windows debugger I’ve found out that the failure related to kerberos.dll. See Exception Analysis below.
So then I started to search settings related to Kerberos authentications and found 2 possible entries that can affect the Kerberos authentication process:
1. Registry entry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\DefaultEncryptionType
2. Policy setting located at “Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Configure encryption types allowed for Kerberos”, which after all sets the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\SupportedEncryptionTypes
Searching the net about this parameter reveals more information and details explanations.
What solved the problem for me is setting the following registry key and values to make Windows 7 behave like Windows Server2003 regarding to Kerberos Encryption Type (KERB_ETYPE_RC4_HMAC_NT)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Type: REG_DWORD
Name: DefaultEncryptionType
Data: 23 (decimal) or 0x17 (hexadecimal)
Now it’s also possible to disable the problematic encryption type with a GPO applied the Windows 7 machines or to find a way (which I didn’t search for yet) to change the DefaultEncryptionType using GPO.
Example Exception Analysis:
FAULTING_IP:
ntdll!RtlUnhandledExceptionFilter+2d2
00000000`776d6cd2 eb00 jmp ntdll!RtlUnhandledExceptionFilter+0x2d4 (00000000`776d6cd4)
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00000000776d6cd2 (ntdll!RtlUnhandledExceptionFilter+0x00000000000002d2)
ExceptionCode: c0000374
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 000000007774c3f0
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
PROCESS_NAME: lsass.exe
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
FAULTING_MODULE: 0000000077610000 ntdll
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bdfde
ERROR_CODE: (NTSTATUS) 0xc0000374 - A heap has been corrupted.
EXCEPTION_CODE: (NTSTATUS) 0xc0000374 - A heap has been corrupted.
EXCEPTION_PARAMETER1: 000000007774c3f0
FAULTING_THREAD: 0000000000001538
PRIMARY_PROBLEM_CLASS: WRONG_SYMBOLS
BUGCHECK_STR: APPLICATION_FAULT_WRONG_SYMBOLS
LAST_CONTROL_TRANSFER: from 00000000776d7396 to 00000000776d6cd2
STACK_TEXT:
00000000`01f8e220 00000000`776d7396 : 00000000`00000002 00000000`00000023 00000000`00001028 00000000`00000003 : ntdll!RtlUnhandledExceptionFilter+0x2d2
00000000`01f8e2f0 00000000`776d86c2 : fffffa80`06ac2010 00000000`00000001 00000000`01f8eff8 00000000`7765a39e : ntdll!EtwEnumerateProcessRegGuids+0x216
00000000`01f8e320 00000000`776da0c4 : 00000000`00180000 00000000`00000000 00000000`00000000 00000000`00180000 : ntdll!RtlQueryProcessLockInformation+0x952
00000000`01f8e350 00000000`7767d1cd : 00000000`01b65140 00000000`00180000 00000000`01b65150 00000000`01b83010 : ntdll!RtlLogStackBackTrace+0x444
00000000`01f8e380 000007fe`fce61120 : 00000000`023ed6f0 00000000`01b82f30 00000000`01b82e80 00000000`00000000 : ntdll!LdrGetProcedureAddress+0x14e0d
00000000`01f8e400 000007fe`fce8bba2 : 00000000`01b82e80 00000000`00000000 00000000`023ed6f0 00000000`023a7550 : kerberos!Ordinal26+0x1120
00000000`01f8e430 000007fe`fce82f9c : 00000000`01b82e80 00000000`01ab3a80 00000000`00000000 00000000`01ab3af8 : kerberos!SpInitialize+0x38da
00000000`01f8e460 000007fe`fce8bb82 : 00000000`01ab3b98 00000000`00000000 00000000`023a7550 00000000`023a7550 : kerberos!SpInstanceInit+0xa08
00000000`01f8e490 000007fe`fce8b71f : 00000000`00000001 00000000`01ab3a80 00000000`00000000 00000000`00000000 : kerberos!SpInitialize+0x38ba
00000000`01f8e4c0 000007fe`fce91c75 : 00000000`00000001 00000000`00000000 00000000`00000000 000007fe`fd29120a : kerberos!SpInitialize+0x3457
00000000`01f8e4f0 000007fe`fce91b67 : 00000000`00000000 00000000`00000000 00000000`023ed6f0 000007fe`fd340830 : kerberos!SpInitialize+0x99ad
00000000`01f8e5c0 000007fe`fce91d0a : 00000000`00000000 00000000`01f8e700 00000000`00000000 00000000`001d4260 : kerberos!SpInitialize+0x989f
00000000`01f8e660 000007fe`fd2d48c6 : 00000000`02476ac8 00000000`000000e8 00000000`023dead0 00000000`02476ac8 : kerberos!SpInitialize+0x9a42
00000000`01f8ebb0 000007fe`fd29be80 : 00000000`02476ac8 00000000`00000002 00000000`000000e8 00000000`00180000 : lsasrv!LsaIAllocateHeap+0x1b776
00000000`01f8ed20 000007fe`fd29b880 : 00000000`01f8f230 000007fe`fd291f61 00000000`00000002 00000000`00000002 : lsasrv!LsaIAuditLogonUsingExplicitCreds+0x2ab0
00000000`01f8ee60 000007fe`fd29a7d3 : 00000000`01f8f2a0 00000000`001d9578 00000000`00000000 00000000`01f8f370 : lsasrv!LsaIAuditLogonUsingExplicitCreds+0x24b0
00000000`01f8ef00 000007fe`fd29a30e : 00000000`0026b010 00000000`02476ac8 00000000`01f8f308 00000000`00000000 : lsasrv!LsaIAuditLogonUsingExplicitCreds+0x1403
00000000`01f8f1d0 000007fe`fd4018c8 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`01f8f6c8 : lsasrv!LsaIAuditLogonUsingExplicitCreds+0xf3e
00000000`01f8f4e0 000007fe`fd417c5a : 00000000`00000000 00000000`01f8f6b8 00000000`00000000 00000000`00000007 : sspisrv+0x18c8
00000000`01f8f600 000007fe`fd41808b : 00000000`00000001 00000000`00000000 00000000`00000000 000007fe`fd417a97 : sspicli!SeciAllocateAndSetIPAddress+0x106
00000000`01f8f770 000007fe`fd346813 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : sspicli!LsaLogonUser+0x83
00000000`01f8f7f0 00000000`7740f56d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : lsasrv!LsaIUpdateLogonSession+0x1703
00000000`01f8f940 00000000`77643281 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
00000000`01f8f970 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21
FOLLOWUP_IP:
kerberos!Ordinal26+1120
000007fe`fce61120 eb00 jmp kerberos!Ordinal26+0x1122 (000007fe`fce61122)
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: kerberos!Ordinal26+1120
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: kerberos
IMAGE_NAME: kerberos.dll
STACK_COMMAND: ~12s; .ecxr ; kb
BUCKET_ID: WRONG_SYMBOLS
FAILURE_BUCKET_ID: WRONG_SYMBOLS_c0000374_kerberos.dll!Ordinal26
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.