Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

You receive an ERROR_HANDLE_NOT_CLOSABLE error code and the Lsass.exe process crashes when an application calls the LsaLogonUser function together with the KERB_TICKET_LOGON structure in Windows Server 2008 and Windows Vista SP1


View products that this article applies to.

Symptoms

When an application calls the LsaLogonUser function together with the KERB_TICKET_LOGON structure to submit an authentication request on a Windows Server 2008-based computer or on a Windows Vista Service pack 1 (SP1)-based computer, the LsaLogonUser function returns an ERROR_HANDLE_NOT_CLOSABLE error code. Additionally, the Lsass.exe process crashes. Additionally, you receive the following message, and then the computer restarts:
You are about to be logged off
Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now.
After the computer restarts, the following event is logged in the event log:

Event Type: Information
Event Source: Application Popup
Event Category: None
Event ID: 26
Description: Application popup:
System Shutdown: The system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by NT AUTHORITY\SYSTEM. Shutdown will begin in number seconds. Shutdown message: The system process 'C: \WINDOWS\system32\lsass.exe' terminated unexpectedly with status code error code. The system will now shut down and restart.

This problem occurs if the application submits the authentication request by using stored credentials information on the computer.

↑ Back to the top


Cause

This issue occurs because a NULL pointer is dereferenced when the KERB_TICKET_LOGON structure is processed in the Lsass.exe process. An unexpected access violation occurs in the Lsass.exe process. Therefore, the computer restarts for security reasons.

↑ Back to the top


Resolution

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Important Windows Vista and Windows Server 2008 hotfixes are included in the same packages. However, only one of these products may be listed on the �Hotfix Request� page. To request the hotfix package that applies to both Windows Vista and Windows Server 2008, just select the product that is listed on the page.

Prerequisites

To apply this hotfix, you must have Windows Server 2008 or Windows Vista SP1 installed on the computer.

Restart requirement

You may have to restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other previously released hotfixes.

Registry information

To use this hotfix, you do not have to make any changes to the registry.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

Windows Server 2008 and Windows Vista note

The .manifest files and the .mum files that are installed in each environment are listed separately in the "Additional file information for Windows Server 2008 and for Windows Vista" section. These files and their associated .cat (security catalog) files are critical to maintaining the state of the updated component. The .cat files are signed with a Microsoft digital signature. The attributes of these security files are not listed.
For all supported x86-based versions of Windows Server 2008 and Windows Vista
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Kerberos.dll6.0.6001.22325498,17609-Dec-200804:29x86
For all supported x64-based versions of Windows Server 2008 and Windows Vista
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatformService branch
Kerberos.dll6.0.6001.22325655,36009-Dec-200805:01x64Not Applicable
Kerberos.dll6.0.6001.22325498,17609-Dec-200804:29x86WOW
For all supported Itanium-based versions of Windows Server 2008
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatformService branch
Kerberos.dll6.0.6001.223251,389,56809-Dec-200804:57IA-64Not Applicable
Kerberos.dll6.0.6001.22325498,17609-Dec-200804:29x86WOW

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top


More information

For more information about the LsaLogonUser function, visit the following Microsoft Developer Network (MSDN) Web site: For more information about the KERB_TICKET_LOGON structure, visit the following MSDN Web site: For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
824684� Description of the standard terminology that is used to describe Microsoft software updates

Additional file information for Windows Server 2008

Additional files for all supported x86-based versions of Windows Server 2008
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Package_for_kb960375_client_1~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,36710-Dec-200801:30Not Applicable
Package_for_kb960375_client~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,43110-Dec-200801:30Not Applicable
Package_for_kb960375_sc_0~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,42110-Dec-200801:30Not Applicable
Package_for_kb960375_sc~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,42310-Dec-200801:30Not Applicable
Package_for_kb960375_server_0~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,42510-Dec-200801:30Not Applicable
Package_for_kb960375_server~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,43110-Dec-200801:30Not Applicable
Package_for_kb960375_winpesrv_0~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,42210-Dec-200801:30Not Applicable
Package_for_kb960375_winpesrv~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,42910-Dec-200801:30Not Applicable
X86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.22325_none_e74fdf5cc9f6e0a5.manifestNot Applicable38,32609-Dec-200804:55Not Applicable
Additional files for all supported x64-based versions of Windows Server 2008
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.22325_none_436e7ae0825451db.manifestNot Applicable38,36209-Dec-200805:44Not Applicable
Package_for_kb960375_client_1~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,37510-Dec-200801:30Not Applicable
Package_for_kb960375_client~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,43910-Dec-200801:30Not Applicable
Package_for_kb960375_sc_0~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,42910-Dec-200801:30Not Applicable
Package_for_kb960375_sc~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,43110-Dec-200801:30Not Applicable
Package_for_kb960375_server_0~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,43310-Dec-200801:30Not Applicable
Package_for_kb960375_server~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,43910-Dec-200801:30Not Applicable
Package_for_kb960375_winpesrv_0~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,43010-Dec-200801:30Not Applicable
Package_for_kb960375_winpesrv~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,43710-Dec-200801:30Not Applicable
Wow64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.22325_none_4dc32532b6b513d6.manifestNot Applicable38,93909-Dec-200804:45Not Applicable
Additional files for all supported Itaniuim-based versions of Windows Server 2008
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Ia64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.22325_none_e7518352c9f4e9a1.manifestNot Applicable38,34409-Dec-200806:09Not Applicable
Package_for_kb960375_sc_0~31bf3856ad364e35~ia64~~6.0.1.0.mumNot Applicable1,42510-Dec-200801:30Not Applicable
Package_for_kb960375_sc~31bf3856ad364e35~ia64~~6.0.1.0.mumNot Applicable1,42610-Dec-200801:30Not Applicable
Package_for_kb960375_server_0~31bf3856ad364e35~ia64~~6.0.1.0.mumNot Applicable1,42910-Dec-200801:30Not Applicable
Package_for_kb960375_server~31bf3856ad364e35~ia64~~6.0.1.0.mumNot Applicable1,43410-Dec-200801:30Not Applicable
Package_for_kb960375_winpesrv_0~31bf3856ad364e35~ia64~~6.0.1.0.mumNot Applicable1,42610-Dec-200801:30Not Applicable
Package_for_kb960375_winpesrv~31bf3856ad364e35~ia64~~6.0.1.0.mumNot Applicable1,43310-Dec-200801:30Not Applicable
Wow64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.22325_none_4dc32532b6b513d6.manifestNot Applicable38,93909-Dec-200804:45Not Applicable

↑ Back to the top


Keywords: kbautohotfix, kbexpertiseadvanced, kbfix, kbsurveynew, kbqfe, kbhotfixserver, KB960375

↑ Back to the top

Article Info
Article ID : 960375
Revision : 1
Created on : 12/30/2008
Published on : 12/30/2008
Exists online : False
Views : 313