A handle leak occurs in Lsass.exe on a Forefront Unified Access Gateway 2010 server

Applies to: Forefront Unified Access Gateway 2010Microsoft Forefront Unified Access Gateway 2010 Service Pack 1

Symptoms


Under specific conditions, a handle leak may occur in the Local Security Authority Subsystem Service (Lsass.exe) process on a server that is running Microsoft Forefront Unified Access Gateway (UAG) 2010. This problem can be seen in Performance Monitor by using the Process(process_name)\Handle Count counter for the Lsass object instance.

Cause


This problem occurs because of an issue in Forefront UAG. This problem causes a handle leak in the Lsass.exe process when Outlook Anywhere is published, and Kerberos constrained delegation (KCD) is used.

Resolution


To resolve this problem, install Service Pack 4 for Microsoft Forefront Unified Access Gateway 2010.

Status


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

References


See the terminology Microsoft uses to describe software updates.