You have a Web application that is running in Internet Information Services (IIS) 7.0 on a Windows Vista-based computer or on a Windows Server 2008-based computer.
You have both Windows Authentication and Kernel Mode authentication enabled.
Note This is by default.
You have the useAppPoolCredentials attribute set to true in the authentication section in the Applicationhost.config file. You may have added this attribute to allow the use of Kerberos authentication when you use a domain account for the application pool identity. For example, this attribute must be added when you are running a Microsoft Office SharePoint Server site. The authentication section resembles the following.
Note The Applicationhost.config file is located in the Drive:\Windows\System32\inetsrv\config folder.
In this scenario, the operating system may crash. Additionally, you receive a Stop 0x0000007e error message on a blue screen.
Note This problem typically occurs on Web servers that host Office SharePoint Server 2007. This problem occurs because of the configuration requirements of Office SharePoint Server 2007 when Kerberos authentication is used. However, the problem may occur for any kind of Web site that is using Kernel Mode authentication, Kerberos authentication, and a domain account as the custom application pool identity.
This problem occurs because of a bug in the HTTP kernel-mode driver (HTTP.sys).
A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
Important Windows Vista and Windows Server 2008 hotfixes are included in the same packages. However, only one of these products may be listed on the “Hotfix Request” page. To request the hotfix package that applies to both Windows Vista and Windows Server 2008, just select the product that is listed on the page.
You must have Windows Vista Service Pack 1 (SP1) or Windows Server 2008 installed to apply this hotfix.
You must restart the computer after you apply this hotfix.
Hotfix replacement information
This hotfix does not replace a previously released hotfix.
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
IIS 7.0, x86
IIS 7.0, x64
IIS 7.0, IA-64
To work around this problem, disable Kernel Mode authentication by using one of the following methods.
Set the value of the useKernelMode element to false in the appropriate windowsauthentication section in the ApplicationHost.config file.
Disable Kernel Mode authentication by using IIS Manager. To do this, follow these steps:
Click Start, click Run, type inetmgr.exe, and then click OK.
In IIS Manager, expand server name, expand Web sites, and then click the Web site that you want to change.
Double-click Authentication, click Windows Authentication to highlight it, and then click Advanced Settings in the Action pane.
Click to clear the Enable Kernel-mode authentication box.
After you disable Kernel Mode authentication, you must restart the HTTP service. This will stop IIS. Run the following commands at an elevated command prompt.
NET STOP HTTP
NET START HTTP
Note These commands will stop the HTTP service. When you stop the HTTP service, you receive a warning message that the services that depend on the HTTP service will also be stopped. Take careful note of these dependent services so that you can determine whether you want to continue and so that you can restart them after you restart the HTTP service. The services that depend on the HTTP service will depend on the Windows roles and applications that are currently installed on the computer.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Call stack output
If you use the Debugging Tools for Windows and the Microsoft symbol server to examine the memory dump file that is created after the crash occurs, you will notice a call stack that resembles the following:
Microsoft Internet Information Services 7.0, Windows Server 2008 Enterprise without Hyper-V, Windows Server 2008 for Itanium-Based Systems, Windows Server 2008 Standard without Hyper-V, Windows Server 2008 Enterprise, Windows Server 2008 Standard, Windows Web Server 2008, Windows Vista Enterprise 64-bit Edition, Windows Vista Ultimate 64-bit Edition, Windows Vista Business, Windows Vista Business 64-bit Edition, Windows Vista Enterprise, Windows Vista Ultimate