A memory leak issue in the Lsass.exe process causes an application or a service to stop responding if the application or the service uses the NTLM authentication on a computer that is running Windows Server 2008 or Windows Vista.

Article translations Article translations
Article ID: 971265 - View products that this article applies to.
Expand all | Collapse all

On This Page

SYMPTOMS

An application or a service that uses the NTLM authentication runs on a computer that is running Windows Server 2008 or Windows Vista. In this scenario, the memory usage of the Lsass.exe process keeps increasing. If this issue lasts for a long time, the application or the service may stop responding or encounter an exception because the available memory is too low.

For example, this issue occurs when a Web server uses NTLM for outgoing authentication. After this issue occurs, the Web server stops responding, and you must restart the server to recover from the issue.

CAUSE

This issue occurs because the NTLM authentication module does not release allocated memory correctly.

RESOLUTION

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.


Important Windows Vista and Windows Server 2008 hotfixes are included in the same packages. However, only one of these products may be listed on the “Hotfix Request” page. To request the hotfix package that applies to both Windows Vista and Windows Server 2008, just select the product that is listed on the page.

Prerequisites

To apply this hotfix, your computer must be running one of the following operating systems:
  • Windows Server 2008
  • Windows Server 2008 Service Pack 2 (SP2)
  • Windows Vista Service Pack 1 (SP1)
  • Windows Vista Service Pack 2 (SP2)

Restart requirement

You must restart the computer after you apply this hotfix.

Registry information

You do not have to make any change to the registry.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
For all supported x86-based versions of Windows Server 2008 and of Windows Vista
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Msv1_0.dll6.0.6001.22436213,50420-May-200912:39x86
Msv1_0.dll6.0.6002.22139217,60020-May-200912:31x86
For all supported x64-based versions of Windows Server 2008 and of Windows Vista
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Msv1_0.dll6.0.6001.22436269,31220-May-200912:53x64SP1Not Applicable
Msv1_0.dll6.0.6001.22436213,50420-May-200912:39x86SP1WOW
Msv1_0.dll6.0.6002.22139269,31220-May-200912:33x64SP2Not Applicable
Msv1_0.dll6.0.6002.22139217,60020-May-200912:31x86SP2WOW
For all supported Itanium-based versions of Windows Server 2008
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Msv1_0.dll6.0.6001.22436570,36820-May-200912:41IA-64SP1Not Applicable
Msv1_0.dll6.0.6001.22436213,50420-May-200912:39x86SP1WOW
Msv1_0.dll6.0.6002.22139570,36820-May-200912:27IA-64SP2Not Applicable
Msv1_0.dll6.0.6002.22139217,60020-May-200912:31x86SP2WOW

WORKAROUND

To work around this issue, use the Kerberos authentication.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 971265 - Last Review: October 7, 2011 - Revision: 2.0
APPLIES TO
  • Windows Server 2008 for Itanium-Based Systems
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
  • Windows Vista Enterprise 64-bit Edition
  • Windows Vista Home Basic 64-bit Edition
  • Windows Vista Home Premium 64-bit Edition
  • Windows Vista Ultimate 64-bit Edition
  • Windows Vista Business
  • Windows Vista Business 64-bit Edition
  • Windows Vista Enterprise
  • Windows Vista Home Basic
  • Windows Vista Home Premium
  • Windows Vista Ultimate
Keywords: 
kbautohotfix kbexpertiseadvanced kbfix kbsurveynew kbqfe KB971265

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com