Error code when an application uses the CredSSP if the authenticated user account is a member of many security groups on a computer that is running Windows Vista or Windows Server 2008: "0x80090329"

Article ID: 975943 - View products that this article applies to.
Expand all | Collapse all

On This Page

SYMPTOMS

Consider the following scenario:
  • You run an application that uses the Credential Security Support Provider (CredSSP) to perform user authentication on a computer that is running Windows Server 2008 or Windows Vista.
  • The authenticated user account is a member of many security groups.
In this scenario, the authentication may fail and the application returns the 0x80090329 error code.

You frequently encounter this problem in the following scenario:
  • You use the Remote Desktop Connection utility on a client computer that is running Windows Server 2008 or Windows Vista to try to log on to a terminal server that is running Windows Server 2008.
  • On the terminal server, the Allow connection only from computers running remote desktop with network level authentication option is enabled for the RDP-Tcp connection.
  • The user account that you specify in the Remote Desktop Protocol (RDP) client is a member of many security groups.
In this scenario, you cannot start the terminal server session. Additionally, you receive the following error message:
An authentication error has occurred (Code: 0x80090329).
Back to the top | Give Feedback

CAUSE

This problem occurs because the CredSSP incorrectly encrypts the data because the size of the security token of the user account exceeds 16 kilobyte (KB).
Back to the top | Give Feedback

RESOLUTION

Hotfix information

To resolve this problem, install this hotfix on the client computer and on the server.
A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support
(http://support.microsoft.com/contactus/?ws=support)
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Important Windows Vista and Windows Server 2008 hotfixes are included in the same packages. However, only one of these products may be listed on the “Hotfix Request” page. To request the hotfix package that applies to both Windows Vista and Windows Server 2008, just select the product that is listed on the page.

Prerequisites

To apply this hotfix, the computer must be running one of the following operating systems:
  • Windows Vista Service Pack 1 (SP1)
  • Windows Vista Service Pack 2 (SP2)
  • Windows Server 2008
  • Windows Server 2008 Service Pack 2 (SP2)

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfix.

File information

The global version of this hotfix has the file attributes (or later file attributes) that are listed in the following table.
Windows Vista and Windows Server 2008 file information notes
  • The files that apply to a specific product, SR_Level (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table.
    Collapse this tableExpand this table
    VersionProductSR_LevelService branch
    6.0.600 0 . 16xxxWindows VistaRTMGDR
    6.0.600 0 . 20xxxWindows VistaRTMLDR
    6.0.600 1 . 18xxxWindows Vista and Windows Server 2008SP1GDR
    6.0.600 1 . 22xxxWindows Vista and Windows Server 2008SP1LDR
    6.0.600 2 . 18xxxWindows Vista and Windows Server 2008SP2GDR
    6.0.600 2 . 22xxxWindows Vista and Windows Server 2008SP2LDR
  • Service Pack 1 is integrated into the original release of Windows Server 2008.
  • The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are listed separately. MUM and MANIFEST files, and the associated security catalog (.cat) files, are critical to maintaining the state of the updated component. The security catalog files (attributes not listed) are signed with a Microsoft digital signature.
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
For all supported x86-based versions of Windows Server 2008 and of Windows Vista
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatformService branch
Credssp.dll6.0.6001.2252816,38422-Sep-200912:26x86X86_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.dll6.0.6001.2252862,46422-Sep-200912:31x86X86_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.mofNot applicable96401-Apr-200919:14Not applicableX86_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Credssp.dll6.0.6002.2223016,38422-Sep-200912:27x86X86_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.dll6.0.6002.2223062,97622-Sep-200912:30x86X86_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.mofNot applicable96403-Apr-200921:46Not applicableX86_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Icaapi.dll6.0.6001.2252815,87222-Sep-200912:27x86Not applicable
Tssecsrv.sys6.0.6001.2252824,57622-Sep-200910:26x86Not applicable
Icaapi.dll6.0.6002.2223015,87222-Sep-200912:27x86Not applicable
Tssecsrv.sys6.0.6002.2223024,57622-Sep-200910:10x86Not applicable
For all supported x64-based versions of Windows Server 2008 and of Windows Vista
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatformService branch
Credssp.dll6.0.6001.2252819,45622-Sep-200912:47x64AMD64_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.dll6.0.6001.2252878,84822-Sep-200912:51x64AMD64_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.mofNot applicable96401-Apr-200916:42Not applicableAMD64_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Credssp.dll6.0.6002.2223019,45622-Sep-200912:06x64AMD64_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.dll6.0.6002.2223078,84822-Sep-200912:10x64AMD64_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.mofNot applicable96403-Apr-200921:07Not applicableAMD64_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Icaapi.dll6.0.6001.2252820,48022-Sep-200912:48x64Not applicable
Tssecsrv.sys6.0.6001.2252830,20822-Sep-200910:50x64Not applicable
Icaapi.dll6.0.6002.2223020,48022-Sep-200912:07x64Not applicable
Tssecsrv.sys6.0.6002.2223030,20822-Sep-200910:23x64Not applicable
For all supported Itanium-based versions of Windows Server 2008
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatformService branch
Credssp.dll6.0.6001.2252846,08022-Sep-200912:18IA-64IA64_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.dll6.0.6001.22528177,15222-Sep-200912:24IA-64IA64_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.mofNot applicable96401-Apr-200916:42Not applicableIA64_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Credssp.dll6.0.6002.2223046,08022-Sep-200912:04IA-64IA64_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.dll6.0.6002.22230177,15222-Sep-200912:10IA-64IA64_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.mofNot applicable96403-Apr-200921:08Not applicableIA64_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Icaapi.dll6.0.6001.2252843,52022-Sep-200912:20IA-64Not applicable
Tssecsrv.sys6.0.6001.2252874,24022-Sep-200910:33IA-64Not applicable
Icaapi.dll6.0.6002.2223043,52022-Sep-200912:06IA-64Not applicable
Tssecsrv.sys6.0.6002.2223074,24022-Sep-200910:23IA-64Not applicable
Back to the top | Give Feedback

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Back to the top | Give Feedback

MORE INFORMATION

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base: -
824684
(http://support.microsoft.com/kb/824684/ )
Description of the standard terminology that is used to describe Microsoft software updates

Additional file information for Windows Vista and for Windows Server 2008

Additional files for all supported x86-based versions of Windows Vista and of Windows Server 2008

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Package_for_kb975943_client_1~31bf3856ad364e35~x86~~6.0.1.0.mumNot applicable1,36723-Sep-200901:24Not applicable
Package_for_kb975943_client_2~31bf3856ad364e35~x86~~6.0.1.0.mumNot applicable1,36523-Sep-200901:24Not applicable
Package_for_kb975943_client~31bf3856ad364e35~x86~~6.0.1.0.mumNot applicable1,71323-Sep-200901:24Not applicable
Package_for_kb975943_sc_0~31bf3856ad364e35~x86~~6.0.1.0.mumNot applicable1,42123-Sep-200901:24Not applicable
Package_for_kb975943_sc_1~31bf3856ad364e35~x86~~6.0.1.0.mumNot applicable1,36123-Sep-200901:24Not applicable
Package_for_kb975943_sc~31bf3856ad364e35~x86~~6.0.1.0.mumNot applicable1,70123-Sep-200901:24Not applicable
Package_for_kb975943_server_0~31bf3856ad364e35~x86~~6.0.1.0.mumNot applicable1,42523-Sep-200901:24Not applicable
Package_for_kb975943_server_1~31bf3856ad364e35~x86~~6.0.1.0.mumNot applicable1,36523-Sep-200901:24Not applicable
Package_for_kb975943_server~31bf3856ad364e35~x86~~6.0.1.0.mumNot applicable1,71323-Sep-200901:24Not applicable
X86_microsoft-windows-security-credssp_31bf3856ad364e35_6.0.6001.22528_none_c434384abab69bd1.manifestNot applicable12,93622-Sep-200915:48Not applicable
X86_microsoft-windows-security-credssp_31bf3856ad364e35_6.0.6002.22230_none_c607d7f6b7ec422e.manifestNot applicable12,93622-Sep-200913:58Not applicable
X86_microsoft-windows-t..nalservices-drivers_31bf3856ad364e35_6.0.6001.22528_none_51cc1f210fa0e10e.manifestNot applicable8,48522-Sep-200915:51Not applicable
X86_microsoft-windows-t..nalservices-drivers_31bf3856ad364e35_6.0.6002.22230_none_539fbecd0cd6876b.manifestNot applicable8,48522-Sep-200914:01Not applicable

Additional files for all supported x64-based versions of Windows Vista and of Windows Server 2008

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.0.6001.22528_none_2052d3ce73140d07.manifestNot applicable12,95822-Sep-200914:30Not applicable
Amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.0.6002.22230_none_2226737a7049b364.manifestNot applicable12,95822-Sep-200913:30Not applicable
Amd64_microsoft-windows-t..nalservices-drivers_31bf3856ad364e35_6.0.6001.22528_none_adeabaa4c7fe5244.manifestNot applicable8,76322-Sep-200914:32Not applicable
Amd64_microsoft-windows-t..nalservices-drivers_31bf3856ad364e35_6.0.6002.22230_none_afbe5a50c533f8a1.manifestNot applicable8,76322-Sep-200913:33Not applicable
Package_for_kb975943_client_1~31bf3856ad364e35~amd64~~6.0.1.0.mumNot applicable1,37523-Sep-200901:24Not applicable
Package_for_kb975943_client_2~31bf3856ad364e35~amd64~~6.0.1.0.mumNot applicable1,37323-Sep-200901:24Not applicable
Package_for_kb975943_client~31bf3856ad364e35~amd64~~6.0.1.0.mumNot applicable1,72323-Sep-200901:24Not applicable
Package_for_kb975943_sc_0~31bf3856ad364e35~amd64~~6.0.1.0.mumNot applicable1,42923-Sep-200901:24Not applicable
Package_for_kb975943_sc_1~31bf3856ad364e35~amd64~~6.0.1.0.mumNot applicable1,36923-Sep-200901:24Not applicable
Package_for_kb975943_sc~31bf3856ad364e35~amd64~~6.0.1.0.mumNot applicable1,71123-Sep-200901:24Not applicable
Package_for_kb975943_server_0~31bf3856ad364e35~amd64~~6.0.1.0.mumNot applicable1,43323-Sep-200901:24Not applicable
Package_for_kb975943_server_1~31bf3856ad364e35~amd64~~6.0.1.0.mumNot applicable1,37323-Sep-200901:24Not applicable
Package_for_kb975943_server~31bf3856ad364e35~amd64~~6.0.1.0.mumNot applicable1,72323-Sep-200901:24Not applicable

Additional files for all supported Itanium-based versions of Windows Server 2008

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Ia64_microsoft-windows-security-credssp_31bf3856ad364e35_6.0.6001.22528_none_c435dc40bab4a4cd.manifestNot applicable12,94722-Sep-200913:44Not applicable
Ia64_microsoft-windows-security-credssp_31bf3856ad364e35_6.0.6002.22230_none_c6097becb7ea4b2a.manifestNot applicable12,94722-Sep-200913:21Not applicable
Ia64_microsoft-windows-t..nalservices-drivers_31bf3856ad364e35_6.0.6001.22528_none_51cdc3170f9eea0a.manifestNot applicable8,75622-Sep-200913:47Not applicable
Ia64_microsoft-windows-t..nalservices-drivers_31bf3856ad364e35_6.0.6002.22230_none_53a162c30cd49067.manifestNot applicable8,75622-Sep-200913:25Not applicable
Package_for_kb975943_sc_0~31bf3856ad364e35~ia64~~6.0.1.0.mumNot applicable1,42523-Sep-200901:24Not applicable
Package_for_kb975943_sc_1~31bf3856ad364e35~ia64~~6.0.1.0.mumNot applicable1,36523-Sep-200901:24Not applicable
Package_for_kb975943_sc~31bf3856ad364e35~ia64~~6.0.1.0.mumNot applicable1,70623-Sep-200901:24Not applicable
Package_for_kb975943_server_0~31bf3856ad364e35~ia64~~6.0.1.0.mumNot applicable1,42923-Sep-200901:24Not applicable
Package_for_kb975943_server_1~31bf3856ad364e35~ia64~~6.0.1.0.mumNot applicable1,36823-Sep-200901:24Not applicable
Package_for_kb975943_server~31bf3856ad364e35~ia64~~6.0.1.0.mumNot applicable1,71823-Sep-200901:24Not applicable
Back to the top | Give Feedback

REFERENCES

For more information about the CredSSP, click the following article number to view the article in the Microsoft Knowledge Base:
951608
(http://support.microsoft.com/kb/951608/ )
Description of the Credential Security Support Provider (CredSSP) in Windows XP Service Pack 3

For more information about the 0x80090329 error code, visit the following Microsoft Web sites:
Back to the top | Give Feedback

Properties

Article ID: 975943 - Last Review: October 27, 2009 - Revision: 1.0
APPLIES TO
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
  • Windows Vista Business
  • Windows Vista Business 64-bit Edition
  • Windows Vista Enterprise
  • Windows Vista Home Basic
  • Windows Vista Home Premium
  • Windows Vista Ultimate
  • Windows Vista Enterprise 64-bit Edition
  • Windows Vista Home Basic 64-bit Edition
  • Windows Vista Home Premium 64-bit Edition
  • Windows Vista Ultimate 64-bit Edition
Keywords: 
kbsurveynew kbexpertiseadvanced kbhotfixserver kbautohotfix kbqfe kbfix KB975943
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top