NT 4.0 Post-SP6a Bug Fixes; NTFS Bug Fix

NT 4.0 Post-SP6a Bug Fixes
It’s time for an update on Windows NT 4.0 bugs that have surfaced since Microsoft released Service Pack 6a (SP6a). Following are brief descriptions of four access violations and two blue-screen crashes. You might not need to install all the bug fixes; some of these problems occur only under a rare combination of circumstances.

  • Lsass.exe access violation. You might receive a Dr. Watson error message when you run lsass.exe on an NT 4.0 server in a Windows 2000-based mixed-mode domain—specifically, when lsass.exe performs SID lookups. According to Microsoft article Q267578, the problem occurs when a deleted domain SID is the first entry in a list of permissions or local groups on the member server and a Local Security Authority (LSA) Lookup SID is requested from the domain controller. Call Microsoft Support for the bug fix, a new version of lsass.exe released July 10.
  • Cluster access violation. According to Microsoft article Q266782, when you run a script that contains the command
    cluster group "service resource" /off /wait 

    to move cluster resources between nodes, cluster.exe might commit an access violation. The problem occurs when the function that runs the command fails to check its parameters properly. Microsoft has a June 27 version of cluster.exe that eliminates the problem. Contact Microsoft Support directly to get the bug fix.

  • Cmd.exe access violation. Microsoft article Q264076 indicates that in some cases, cmd.exe fails with an access violation when you use the FOR /F statement in a script. This behavior can occur if you use a statement similar to the following and the first argument (the %1 parameter) contains a line with more than 256 characters:
    for /f "tokens=2,3,5,8,10 delims=," %%i in (%1) do if %%k==10 call :loop %%i
        %%j %%l "%%m"

    The problem is that cmd.exe corrupts the heap while reading the token file. Call Microsoft Support for the bug fix, a new version of cmd.exe released June 9.

  • Remote procedure call (RPC) service access violation. The Remote Procedure Call Server service (RPCSS) might, in certain situations, cause an access violation. A problem occurs when the system sends a corrupted RPC packet to the RPC service, and the code that unpacks the data fails. Microsoft article Q261298 (http://support.microsoft.com/support/kb/articles/q261/2/98.asp) documents the RPCSS failure and indicates that you can call Microsoft Support for the bug fix, which requires updated versions of rpcrt4.dll and rpcss.exe released April 25.
  • LPC blue screen. If an NT 4.0 server tries to use a local procedure call (LPC) and the server process responds with an NtReplyPort function call instead of the NtAcceptConnectPort and NtCompletePort function calls, the server might hang and display the blue-screen error message
  • "Stop 0x00000050 PAGE_FAULT_IN_NONPAGED_AREA." To solve the problem, call Microsoft Support for an April 25 update of two kernel components, ntkrnlmp.exe and ntoskrnl.exe. See Microsoft article Q259773 (http://support.microsoft.com/support/kb/articles/q259/7/73.asp) for more information.
  • C2 security blue screen. When you change the domain password with the C2 security Registry entry enabled, your system might crash and display the blue-screen error message "Stop 0x1E." The problem occurs if you have installed SP6a and set the following Registry entry:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
    Value: EnhancedSecurityLevel (REG_DWORD)
    Data: 1

This setting ensures that Object Manager can change a kernel object's attributes in the Object table for the current process if—and only if—the previous mode of the is kernel mode. Microsoft article Q265720 indicates that you can call Microsoft Support for the bug fix, which requires new versions of ntkrnlmp.exe and ntoskrnl.exe released on June 23.

NTFS Bug Fix
On a multiple-processor computer with two or more programs that can access the same files using the same? file function (e.g., CreateFile), one of the programs might receive a STATUS_FILE_CORRUPT_ERROR response and generate an error message similar to "FILE.TXT--Corrupt File. The file or directory \dir\temp is corrupt and unreadable, please run the Chkdsk utility."

However, when you run chkdsk.exe, the utility finds no file corruption. The source of the problem is an NTFS timing issue. As both programs attempt to access the same file at the same time, the system erroneously returns a STATUS_FILE_CORRUPT_ERROR response to one of the programs. Microsoft article Q259167 documents the problem and indicates that you can install a new version of ntfs.sys released April 4. Note that this problem should occur only on multiprocessor systems.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.