FIX: Message Screener Causes Handle Leak in Lsass.exe (816621)
The information in this article applies to:
- Microsoft Internet Security and Acceleration Server 2000
- Microsoft Internet Security and Acceleration Server 2000 SP1
SYMPTOMSYou cannot run reports in Internet Security and Acceleration
(ISA) Server 2000, and the following event ID message is logged in the event
log:Event Type: Error
Event Source: Microsoft ISA
report generator Event
Category: None
Event ID: 21026
Date:
2002-10-13
Time: 00:50:00
Description: The action to create the
scheduled report, "Weekly Report", with the specified credentials, failed. The
error code in the Data area of the event properties indicates the cause.
Data: 0000: 0d 00 00 00 To get the Win32 error for the status
code 13 (0x0d) in the Data field of the event, type the following line at a
command prompt:
net helpmsg 13
This
command returns the following output: The data is
invalidNote This problem occurs only if ISA Server and the ISA Server SMTP
Message Screener (Fltrsnk1.dll) are installed and running on the same computer.
To verify that the message screener is installed, follow the steps in the "More
Information" section of this article.CAUSEThis problem occurs because the message screener is running
in the Inetinfo process and is causing a handle leak in the LSAOpenPolicy handle table. The LSAOpenPolicy handle table is hosted by the Lsass.exe process.
After
approximately 8 to 14 days, the maximum number of available handles is reached.
After this occurs, the Report Generator (Repgen.exe) process fails when it
calls LSAOpenPolicy. The Report Generator process fails because it uses the same
parameter as the message screener to call LSAOpenPolicy. Any other processes or components that use the same parameter as
the message screener to call LSAOpenPolicy also fail. WORKAROUNDTo work around this issue, shut down and then restart the
Inetinfo process. The handles that are held by the Inetinfo process are now
available to the handle table in Lsass.exe. RESOLUTIONA supported fix is now available from Microsoft, but it is only
intended to correct the problem that is described in this article. Apply it
only to computers that are experiencing this specific problem. This fix may
receive additional testing. Therefore, if you are not severely affected by this
problem, Microsoft recommends that you wait for the next Internet Security and
Acceleration Server 2000 service pack that contains this hotfix. To
resolve this problem immediately, contact Microsoft Product Support Services to
obtain the fix. For a complete list of Microsoft Product Support Services phone
numbers and information about support costs, visit the following Microsoft Web
site: NOTE: In special cases, charges that are ordinarily incurred for
support calls may be canceled if a Microsoft Support Professional determines
that a specific update will resolve your problem. The typical support costs
will apply to additional support questions and issues that do not qualify for
the specific update in question. The English version of this fix has the file
attributes (or later) that are listed in the following table. The dates and
times for these files are listed in coordinated universal time (UTC). When you
view the file information, it is converted to local time. To find the
difference between UTC and local time, use the Time Zone tab
in the Date and Time tool in Control Panel.
Date Time Version Size File name
--------------------------------------------------
23-Mar-2003 18:32 3.0.1200.258 60,688 Fltrsnk1.dll STATUS Microsoft
has confirmed that this is a problem in the Microsoft products that are listed
at the beginning of this article.
| Modification Type: | Major | Last Reviewed: | 9/18/2006 |
|---|
| Keywords: | kbHotfixServer kbQFE kbISAServ2000preSP2fix kbbug kbfix KB816621 kbAudDeveloper |
|---|
|