Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

How to configure and troubleshoot external password filters in Windows 8 and in Windows Server 2012


View products that this article applies to.

Summary

In Windows 8 and in Windows Server 2012, processes can opt into Safe DLL Search mode. By default, processes that are running in this mode only try to load binaries in the following folder:
%windir%\system32
The Local Security Authority Subsystem Service (LSASS) process hosts the password filter notification logic. By default, Safe DLL Search mode is enabled for the LSASS process in Windows 8 and in Windows Server 2012. This is for improved security. Therefore, the registration instructions for external password filters that apply to earlier versions of Windows are insufficient if you want to enable notifications in Windows 8 or in Windows 2012.

This article describes how to configure external password filters in Windows 8 and in Windows Server 2012. This article also contains information about how to troubleshoot external password filter issues.

↑ Back to the top


How to configure external password filters

To use password notification DLLs that are not in the %windir%\system32 folder, follow these steps:
  1. Make sure that you are running one of the following operating systems:
    • Windows 8
    • Windows Server 2012
    • Windows 8 Release Preview
    • Windows Server 2012 Release Candidate
  2. Verify that the Notification Packages registry entry contains the full or absolute path of each external password notification package. The registry entry should be configured as follows:
    Registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA
    Registry entry: Notification Packages
    Registry type: Multi_SZ
    Registry value:
    <Drive>:\<Path>\<File1 name>.dll
    <Drive>:\<Path>\<File2 name>.dll
    <Drive>:\<Path>\<File3 name>.dll
  3. Verify that all related or supporting files for each password notification DLL are located in the same folder as the password notification DLL or in the %windir%\system32 folder.
  4. Verify that the System security context has Read access to the following folders and files:
    • The parent folders that contain the external password notification DLLs
    • The external password notification DLLs
    • All related files in each external password notification directory

↑ Back to the top


More information

If an external password notification DLL cannot be loaded in Windows 8 or in Windows Server 2012, an event that resembles the following is logged in the System�log:

Event Source: System
Event ID: 16953
Event Message Text:

The password notification DLL File name failed to load with error Error code. Please verify that the notification DLL path defined in the registry, %2%3, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898.

The following table lists the possible error codes that may appear in the 16953 event, the causes of each error code, and how to resolve each error code:
Error codePossible causesResolution
126 (ERROR_MOD_NOT_FOUND)
  1. The path of the notification DLL in the registry entry is a relative or invalid path.
  2. One or more of the dependencies is missing.
  1. Verify that the path of the notification DLL is correct and absolute.
  2. Verify that all the dependencies are in the same directory as the notification DLL.
193 (ERROR_BAD_EXE_FORMAT)The architecture of the notification DLL differs from that of the computer. Verify that the architecture of the notification DLL and its dependencies is the same as the architecture of the computer.

↑ Back to the top


Keywords: KB2686224, kbexpertiseinter, kbsurveynew, kbhowto

↑ Back to the top

Article Info
Article ID : 2686224
Revision : 9
Created on : 8/13/2012
Published on : 8/13/2012
Exists online : False
Views : 702