Access Gateway server reboots while windows lsass.exe process crashes.
search cancel

Access Gateway server reboots while windows lsass.exe process crashes.

book

Article ID: 251299

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder)

Issue/Introduction

In a production environment, CA Access Gateway servers unexpectedly reboots.

Meanwhile, windows lsass.exe process crashes with mini core dump generated.

CA Access Gateway runs NTLM authentication on Java (AdoptOpenJDK) in this instance.

Environment

Release : 12.8.05

Component : SITEMINDER SECURE PROXY SERVER

Cause

lsass.exe crashed when authenticating a user through NTLM. CA Access Gateway uses NTLM authentication.

Even though Microsoft suspects Access Gateway sends two requests in two threads at the same time, which causes lsass.exe to crash.

There is no full lsass.exe process dump ever collected or logs to support that claim.

SiteMinder Code review shows NTLM request is simple and straight forward that executes under synchronized locks with the handle being used in the right manner.

And keep in mind, the process crashed is Microsoft process, not a SiteMinder process, so only Microsoft has the appropriate tools and library to analyze the lsass.exe dump.

Below is windows event log:

LSASS Crashes Server with 0xc0000409 and Forces Reboot

A critical system process, C:\Windows\system32\lsass.exe, failed with status code c0000409. The machine must now be restarted.

Log Name: Application

Source: Application Error

Date: 6/27/2022 12:15:38 PM

Event ID: 1000

Task Category: (100)

Level: Error

Keywords: Classic

User: N/A

Computer: *****

Description:

Faulting application name: lsass.exe, version: 10.0.17763.2686, time stamp: 0xcb5bd01a

Faulting module name: lsasrv.dll, version: 10.0.17763.2867, time stamp: 0x68320141

Exception code: 0xc0000409

Fault offset: 0x000000000007e5c3

Faulting process id: 0x30c

Faulting application start time: 0x01d88a33104102da

Faulting application path: C:\Windows\system32\lsass.exe

Faulting module path: C:\Windows\system32\lsasrv.dll

Report Id: efcdd1c3-f3ed-477c-bce4-cd3a06e31ab4

Faulting package full name:

Faulting package-relative application ID

Resolution

The Access Gateway servers have not rebooted since the registry entry below was made and recommended by Microsoft.

Path: HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
Setting: TrackLoopbackForSession
Type: DWORD
Value: 0

We found the below resource from Broadcom pointing to the same issue and workaround, but for a different product.

https://knowledge.broadcom.com/external/article/211919/sso-xflowservice-point-crashes-windows-s.html

Additional Information

DE543261
 
Generate a Full Crash-Dump on Windows
https://knowledge.broadcom.com/external/article?articleId=236059
Powered by Wolken Software