New AFD connections fail when software that uses TDI drivers is installed on a Windows Server 2008 or Windows Vista SP1 system that is running on a computer that has multiple processors

Article translations Article translations
Article ID: 961775 - View products that this article applies to.
Expand all | Collapse all

On This Page

SYMPTOMS

When software that uses Transport Driver Interface (TDI) drivers, such as some antivirus software, is installed on a Windows Server 2008 system or on Windows Vista Service Pack 1 (SP1) system, the handle count of the system process keeps increasing. This problem occurs if the Windows Server 2008 system or the Windows Vista Service Pack 1 (SP1) system is running on a computer that has multiple processors. If this issue occurs for some time, the computer begins to run out of system resources. Therefore, any new Ancillary Function Driver for WinSock (AFD) connection to this computer fails.

Additionally, the following problems may occur if the computer is a domain controller:
  • User authentication fails.
  • Sysvol replication fails.
  • Events 404 and 408 appear in the DNS server log.
  • One of the following Netlogon events occurs:
    • Netlogon event 5775
    • Netlogon event 5792
    • Netlogon event 5792
    • Netlogon event 5719
For example, the following is a sample event when Netlogon event 5775 occurs:

Log Name: System
Source: NETLOGON
Event ID: 5775
Level: Error
Keywords: Classic
Description:
The dynamic deletion of the DNS record '<record name>. 600 IN SRV 0 100 389 <computer name>.' failed on the following DNS server:
DNS server IP address: <IP address>
Returned Response Code (RCODE): 5
Returned Status Code: 10055
USER ACTION
To prevent remote computers from connecting unnecessarily to the domain controller, delete the record manually or troubleshoot the failure to dynamically delete the record. To learn more about debugging DNS, see Help and Support Center.

ADDITIONAL DATA
Error Value: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.

CAUSE

This problem occurs because of a race condition in which the Tdx.sys driver does not send a disconnect input/output request packet (IRP) indication to the afd.sys driver. When this occurs, the reference count on the AFD socket is not decremented. Eventually, the AFD connection is orphaned. The process that owns the orphaned AFD connection is also orphaned.

After the issue occurs for some time, all available ports are consumed. Therefore, many orphaned processes appear. When resources become exhausted, the problem occurs that the "Symptoms" section describes.

RESOLUTION

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Important Windows Vista and Windows Server 2008 hotfixes are included in the same packages. However, only one of these products may be listed on the “Hotfix Request” page. To request the hotfix package that applies to both Windows Vista and Windows Server 2008, just select the product that is listed on the page.

Prerequisites

To apply this hotfix, you must have Windows Vista Service Pack 1 or Windows Server 2008 installed on the computer.

Restart requirement

You have to restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other previously released hotfixes.

Registry information

To use this hotfix, you do not have to make any changes to the registry.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

Windows Vista and Windows Server 2008 file information note

The .manifest files and the .mum files that are installed in each environment are listed separately in the "Additional file information for Windows Server 2008 and for Windows Vista" section. These files and their associated .cat (security catalog) files are critical to maintaining the state of the updated component. The .cat files are signed with a Microsoft digital signature. The attributes of these security files are not listed.
For all supported x86-based versions of Windows Vista and Windows Server 2008
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Tdx.sys6.0.6001.2237472,19211-Feb-200903:28x86
Afd.sys6.0.6001.22374273,92011-Feb-200903:29x86
For all supported x64-based versions of Windows Vista and Windows Server 2008
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Tdx.sys6.0.6001.2237494,72011-Feb-200903:57x64
Afd.sys6.0.6001.22374408,57611-Feb-200903:58x64
For all supported Itanium-based versions of Windows Server 2008
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Tdx.sys6.0.6001.22374228,86411-Feb-200902:52IA-64
Afd.sys6.0.6001.22374985,60011-Feb-200902:54IA-64

WORKAROUND

To work around this problem, use one of the following methods:
  • Run the computer in Single Processor mode. To do this, follow these steps:
    1. Open the Msconfig.exe utility.
    2. On the Boot tab, click Advanced Options.
    3. Click to select the Number of Processors check box, and then select 1 in the next box.
    4. Click OK, and then click OK again.
    5. Restart the computer.
  • Uninstall the TDI-based driver according to the instructions from the driver manufacturer.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

This problem most commonly occurs on domain controllers that are running the Microsoft System Center Operations Manager agent. The agent makes repeated local queries to LSASS on port 389. The queries cause the number of orphaned connections to increase rapidly. Because of this, the domain controller fails after a few days.

Additional file information for Windows Vista and Windows Server 2008

Additional files for all supported x86-based versions of Windows Vista and Windows Server 2008

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Package_for_kb961775_client_1~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,36711-Feb-200916:35Not Applicable
Package_for_kb961775_client~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,43111-Feb-200916:35Not Applicable
Package_for_kb961775_sc_0~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,42111-Feb-200916:35Not Applicable
Package_for_kb961775_sc~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,42311-Feb-200916:35Not Applicable
Package_for_kb961775_server_0~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,42511-Feb-200916:35Not Applicable
Package_for_kb961775_server~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,43111-Feb-200916:35Not Applicable
Package_for_kb961775_winpesrv_0~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,42211-Feb-200916:35Not Applicable
Package_for_kb961775_winpesrv~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,42911-Feb-200916:35Not Applicable
X86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.22374_none_ea7fba96f5686bc2.manifestNot Applicable4,59011-Feb-200905:55Not Applicable
X86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22374_none_d82a34dd77bfe25b.manifestNot Applicable30,06411-Feb-200906:02Not Applicable

Additional files for all supported x64-based versions of Windows Vista and Windows Server 2008

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.22374_none_469e561aadc5dcf8.manifestNot Applicable4,85411-Feb-200906:22Not Applicable
Amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22374_none_3448d061301d5391.manifestNot Applicable30,32811-Feb-200906:30Not Applicable
Package_for_kb961775_client_1~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,37511-Feb-200916:35Not Applicable
Package_for_kb961775_client~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,43911-Feb-200916:35Not Applicable
Package_for_kb961775_sc_0~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,42911-Feb-200916:35Not Applicable
Package_for_kb961775_sc~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,43111-Feb-200916:35Not Applicable
Package_for_kb961775_server_0~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,43311-Feb-200916:35Not Applicable
Package_for_kb961775_server~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,43911-Feb-200916:35Not Applicable
Package_for_kb961775_winpesrv_0~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,43011-Feb-200916:35Not Applicable
Package_for_kb961775_winpesrv~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,43711-Feb-200916:35Not Applicable

Additional files for all supported Itanium-based versions of Windows Server 2008

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Ia64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.22374_none_ea815e8cf56674be.manifestNot Applicable4,84911-Feb-200905:06Not Applicable
Ia64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22374_none_d82bd8d377bdeb57.manifestNot Applicable30,32211-Feb-200905:11Not Applicable
Package_for_kb961775_sc_0~31bf3856ad364e35~ia64~~6.0.1.0.mumNot Applicable1,42511-Feb-200916:35Not Applicable
Package_for_kb961775_sc~31bf3856ad364e35~ia64~~6.0.1.0.mumNot Applicable1,42611-Feb-200916:35Not Applicable
Package_for_kb961775_server_0~31bf3856ad364e35~ia64~~6.0.1.0.mumNot Applicable1,42911-Feb-200916:35Not Applicable
Package_for_kb961775_server~31bf3856ad364e35~ia64~~6.0.1.0.mumNot Applicable1,43411-Feb-200916:35Not Applicable
Package_for_kb961775_winpesrv_0~31bf3856ad364e35~ia64~~6.0.1.0.mumNot Applicable1,42611-Feb-200916:35Not Applicable
Package_for_kb961775_winpesrv~31bf3856ad364e35~ia64~~6.0.1.0.mumNot Applicable1,43311-Feb-200916:35Not Applicable
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 961775 - Last Review: November 27, 2009 - Revision: 3.0
APPLIES TO
  • Windows Server 2008 Datacenter without Hyper-V
  • Windows Server 2008 Enterprise without Hyper-V
  • Windows Server 2008 Standard without Hyper-V
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
  • Windows Vista Enterprise 64-bit Edition
  • Windows Vista Home Basic 64-bit Edition
  • Windows Vista Home Premium 64-bit Edition
  • Windows Vista Ultimate 64-bit Edition
  • Windows Vista Business
  • Windows Vista Business 64-bit Edition
  • Windows Vista Enterprise
  • Windows Vista Home Basic
  • Windows Vista Home Premium
  • Windows Vista Ultimate
Keywords: 
kbexpertiseinter kbautohotfix kbfix kbsurveynew kbqfe kbhotfixserver KB961775

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com