Q190441: XADM: Access Violation Deleting NT Accounts Using DAPI
Article: Q190441
Product(s): Microsoft Exchange
Version(s): WINDOWS:5.5
Operating System(s):
Keyword(s):
Last Modified: 02-MAY-1999
-------------------------------------------------------------------------------
The information in this article applies to:
- Microsoft Exchange Server, version 5.5
-------------------------------------------------------------------------------
SYMPTOMS
========
When using the Exchange Directory Application Program Interface (DAPI) to delete
Windows NT user accounts, an access violation occurs. The failing application
may cause a Drwtsn32.log file to be generated with an entry similar to the
following:
Application exception occurred:
App: LSDXAMEX.DBG (pid=107)
When: 07/27/1998 @ 15:44:40.623
Exception number: c0000005 (access violation)
If you look at the thread ID that shows a FAULT, you will see something similar
to the following:
State Dump for Thread Id 0x120
eax=00d30d0c ebx=011902dc ecx=00000000 edx=00000003 esi=00000000
edi=011902dc
eip=77f7b6f4 esp=00f9fbe0 ebp=00f9fc30 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000212
function: RtlEqualPrefixSid
77F7B6EA 56 push esi
77F7B6EB 57 push edi
77F7B6EC 8B74240C mov esi,dword ptr [esp+0Ch]
77F7B6F0 8B7C2410 mov edi,dword ptr [esp+10h]
FAULT ->77F7B6F4 8A06 mov al,byte ptr [esi]
77F7B6F6 3807 cmp byte ptr [edi],al
77F7B6F8 7565 jne _RtlEqualPrefixSid@8+75h
77F7B6FA 8A4602 mov al,byte ptr [esi+2]
77F7B6FD 384702 cmp byte ptr [edi+2],al
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Function Name
0319f3c8 77dc2751 00000000 0cda3fb8 00cf04de ntdll!RtlEqualPrefixSid+0xb
0319f3d4 00cf04de 00000000 0cda3fb8 6724bd78 ADVAPI32!EqualPrefixSid+0xe
0319fc18 00cf109c 0012ec90 0cda3fb8 00000001 DAPI!GetDomainDescrBySid
0319fc5c 00cf1b46 00000000 0cda3fb8 00000001 DAPI!GetDomainInfoBySid
0319fee0 00cf3031 0cda3fb8 6724bd78 67201590 DAPI!SidToFullAccount
0319ff28 00cf56e2 0319ff50 0319ff54 0012ec08 DAPI!GetAssociatedNTAccount
0319ff7c 00cf59bb 0cda1fe0 6724bd78 67201590 DAPI!ProcessSecurityRequest
0319ffb8 77f04f2c 01fd4fa8 6724bd78 67201590 DAPI!SecurityThread
0319ffec 00000000 00cf5970 01fd4fa8 00000000 KERNEL32!BaseThreadStart
CAUSE
=====
DAPI was attempting to compare two Security Identifier (SID) structures for
equality, however, one of these was NULL. When RtlEqualPrefixSid() attempted to
access the memory pointed to by the NULL pointer, it resulted in an access
violation.
WORKAROUND
==========
None.
STATUS
======
Microsoft has confirmed this to be a problem in Microsoft Exchange Server
version 5.5. This problem has been corrected in the latest U.S. service pack for
Microsoft Exchange Server version 5.5. For information on obtaining the service
pack, query on the following word in the Microsoft Knowledge Base (without the
spaces):
S E R V P A C K
Additional query words: Lotus Notesc DirSync Crash Av Failure
======================================================================
Keywords :
Technology : kbExchangeSearch kbExchange550 kbZNotKeyword2
Version : WINDOWS:5.5
Issue type : kbbug
Solution Type : kbfix
=============================================================================
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
Copyright Microsoft Corporation 1986-2002.