Your Windows 2000-based computer stops responding, you cannot log on to Windows, or your CPU usage for the System process approaches 100 percent

Symptoms

After you install the security update that is described in Microsoft Security Bulletin MS04-011 on a Microsoft Windows 2000-based computer, you may experience any one of the following symptoms:
  • Your computer appears to stop responding at startup.
  • You cannot log on to Windows.
  • Your CPU usage for the System process approaches 100 percent.
Note This problem does not occur when you install the security update that is described in Microsoft Security Bulletin MS04-011 on a computer that is running Microsoft Windows XP or Microsoft Windows Server 2003.

To view Microsoft Security Bulletin MS04-011, visit the following Microsoft Web site:

Cause

The security update that is described in Microsoft Security Bulletin MS04-011 contains an issue that causes Microsoft Windows 2000 to try repeatedly to load drivers that do not load successfully. Microsoft has confirmed that this problem occurs if any one of the following drivers is installed:
  • Ipsecw2k.sys
  • Imcide.sys
  • Dlttape.sys
For example, Microsoft has confirmed that this problem occurs if you have the Nortel Networks VPN client installed and if the IPSec Policy Agent is set to Manual or Automatic for the startup type.

Resolution

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

This hotfix requires Windows 2000 Service Pack 3.

Restart requirement

You must restart your computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfixes.

File Information

The English version of this hotfix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Date         Time    Version            Size   File name 
--------------------------------------------------------------
24-Mar-2004 02:17 5.0.2195.6824 42,256 Basesrv.dll
21-Sep-2003 00:45 5.0.2195.6824 236,304 Cmd.exe
24-Mar-2004 02:17 5.0.2195.6898 242,448 Gdi32.dll
24-Mar-2004 00:46 502 Hfsecper.inf
17-Mar-2004 21:50 502 Hfsecupd.inf
24-Mar-2004 02:17 5.0.2195.6897 742,160 Kernel32.dll
10-Feb-2004 19:47 5.0.2195.6897 30,160 Mountmgr.sys
24-Mar-2004 02:17 5.0.2195.6824 54,544 Mpr.dll
24-Mar-2004 02:17 5.0.2195.6895 335,120 Msgina.dll
24-Mar-2004 02:17 5.0.2195.6899 497,936 Ntdll.dll
30-Apr-2004 02:35 5.0.2195.6927 1,701,312 Ntkrnlmp.exe
30-Apr-2004 02:35 5.0.2195.6927 1,700,992 Ntkrnlpa.exe
30-Apr-2004 02:35 5.0.2195.6927 1,722,624 Ntkrpamp.exe
30-Apr-2004 02:35 5.0.2195.6927 1,678,144 Ntoskrnl.exe
24-Mar-2004 02:17 5.0.2195.6892 90,264 Rdpwd.sys
05-Feb-2004 20:18 5.0.2195.6896 5,869,056 Sp3res.dll
24-Mar-2004 02:17 5.0.2195.6897 403,216 User32.dll
05-Aug-2003 22:14 5.0.2195.6794 385,808 Userenv.dll
11-Mar-2004 02:37 5.0.2195.6897 1,720,368 Win32k.sys
11-Mar-2004 02:37 5.0.2195.6898 181,520 Winlogon.exe
25-Sep-2003 18:08 5.0.2195.6826 243,984 Winsrv.dll
24-Mar-2004 02:17 5.0.2195.6897 742,160 Kernel32.dll
24-Mar-2004 02:17 5.0.2195.6899 497,936 Ntdll.dll
11-Mar-2004 02:37 5.0.2195.6897 1,720,368 Win32k.sys
25-Sep-2003 18:08 5.0.2195.6826 243,984 Winsrv.dll
03-May-2004 21:50 14,478 Kb841382.cat

Workaround

To work around this problem if you use the Nortel Networks VPN client, disable the IPSec Policy Agent service from Safe Mode or from the Recovery Console.

Note This problem may occur if other drivers or services do not load successfully. This workaround is specific to the Nortel Networks VPN client drivers.

To disable the IPSec Policy Agent service from Safe Mode

  1. Restart your computer.
  2. When you receive the "Please select the operating system to start" message, press F8.
  3. Select safemode, press ENTER, and then press ENTER at the operating system selection page.
  4. Click Start, click Run, type compmgmt.msc /s, and then click
    OK.
  5. In the Computer Management console, expand Services and Applications, click Services, and then double-click IPSec Policy Agent.
  6. Click Services, and then, on the
    General tab, click Disabled as the Startup type.
  7. Click OK, and then restart your computer.

To disable the IPSec Policy Agent service from Recovery Console

  1. Either insert the Windows 2000 startup disk in the floppy disk drive, or insert the Windows 2000 CD-ROM in the CD-ROM drive or the DVD-ROM drive, and then restart the computer.
  2. Click to select any options that are required to start the computer from the CD-ROM drive or the DVD-ROM drive if you are prompted to do so.
  3. At the Setup screen, press R to repair the installation, and then press C to start Recovery Console.
  4. If you have a dual-boot or a multiple-boot computer, select the installation that you want to access from the Recovery Console.
  5. Type the administrator password.

    If the administrator password is blank, press ENTER.
  6. At the command prompt, type disable policyagent to disable the IPSec Policy Agent service.
  7. To exit the Recovery Console, type
    exit at the command prompt, and then press ENTER.
  8. Restart your computer.

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Microsoft is researching this problem and will post more information in this article when the information becomes available.

More Information

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.
Properties

Article ID: 841382 - Last Review: Feb 15, 2017 - Revision: 3

Feedback