Under specific conditions, a handle leak may occur in the Local Security Authority Subsystem Service (Lsass.exe) process on a server that is running Microsoft Forefront Unified Access Gateway (UAG) 2010. This problem can be seen in Performance Monitor by using the Process(process_name)\Handle Count counter for the Lsass object instance.
This problem occurs because of an issue in Forefront UAG. This problem causes a handle leak in the Lsass.exe process when Outlook Anywhere is published, and Kerberos constrained delegation (KCD) is used.
To resolve this problem, install Service Pack 4 for Microsoft Forefront Unified Access Gateway 2010.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
See the terminology Microsoft uses to describe software updates.