G
Gokhan I.T. _
Hi Guys,
I am trying to trace whats causing lsass to crash on my server which essentially kills everything on AD services.
Here is the !analyze -v output from WinDbg
Password sync DLL related to Gsuite password sync agent to Google.
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(1e4.444): Unknown exception - code e0010004 (first/second chance not available)
ntdll!NtWaitForMultipleObjects+0xa:
00007fff`a439b13a c3 ret
0:026> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for password_sync_dll.DLL -
GetUrlPageData2 (WinHttp) failed: 12002.
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
Timeline: !analyze.Start
Name: <blank>
Time: 2018-11-17T07:36:11.319Z
Diff: 158646319 mSec
Timeline: Dump.Current
Name: <blank>
Time: 2018-11-15T11:32:05.0Z
Diff: 0 mSec
Timeline: Process.Start
Name: <blank>
Time: 2018-11-15T11:30:51.0Z
Diff: 74000 mSec
Timeline: OS.Boot
Name: <blank>
Time: 2018-11-15T11:30:43.0Z
Diff: 82000 mSec
DUMP_CLASS: 2
DUMP_QUALIFIER: 400
CONTEXT: (.ecxr)
rax=000000f90000007f rbx=00000000fffff9bf rcx=000000f90000007f
rdx=000000000000007f rsi=00007fffa08d2d30 rdi=0000000000000001
rip=00007fffa1a75bf8 rsp=000000f97422c550 rbp=000000f97422c730
r8=000000f974839dee r9=000000f9f40000f4 r10=000000f97422c6f0
r11=000000f974839850 r12=0000000000000000 r13=0000000000000000
r14=0000000002080169 r15=00000000e0010004
iopl=0 nv up ei pl nz na pe nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
KERNELBASE!RaiseException+0x68:
00007fff`a1a75bf8 488b8c24c0000000 mov rcx,qword ptr [rsp+0C0h] ss:000000f9`7422c610=000093807a478e1c
Resetting default scope
FAULTING_IP:
KERNELBASE!RaiseException+68
00007fff`a1a75bf8 488b8c24c0000000 mov rcx,qword ptr [rsp+0C0h]
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 00007fffa1a75bf8 (KERNELBASE!RaiseException+0x0000000000000068)
ExceptionCode: e0010004
ExceptionFlags: 00000000
NumberParameters: 3
Parameter[0]: 00000000fffff9bf
Parameter[1]: 0000000000000000
Parameter[2]: 0000000002080169
DEFAULT_BUCKET_ID: APPLICATION_FAULT
ERROR_CODE: (NTSTATUS) 0xe0010004 - <Unable to get error code text>
EXCEPTION_CODE: (NTSTATUS) 0xe0010004 - <Unable to get error code text>
EXCEPTION_CODE_STR: e0010004
EXCEPTION_PARAMETER1: 00000000fffff9bf
EXCEPTION_PARAMETER2: 0000000000000000
EXCEPTION_PARAMETER3: 0000000002080169
WATSON_BKT_PROCSTAMP: 5215e25f
WATSON_BKT_PROCVER: 6.3.9600.16384
PROCESS_VER_PRODUCT: Microsoft® Windows® Operating System
WATSON_BKT_MODULE: KERNELBASE.dll
WATSON_BKT_MODSTAMP: 532954fb
WATSON_BKT_MODOFFSET: 5bf8
WATSON_BKT_MODVER: 6.3.9600.17055
MODULE_VER_PRODUCT: Microsoft® Windows® Operating System
BUILD_VERSION_STRING: 6.3.9600.17031 (winblue_gdr.140221-1952)
MODLIST_WITH_TSCHKSUM_HASH: 29d3eb60c062e32e596ed06404b60186d3da5722
MODLIST_SHA1_HASH: 59c71ef8060c0fe053711e52442b1d7160076c19
NTGLOBALFLAG: 0
PROCESS_BAM_CURRENT_THROTTLED: 0
PROCESS_BAM_PREVIOUS_THROTTLED: 0
APPLICATION_VERIFIER_FLAGS: 0
PRODUCT_TYPE: 2
SUITE_MASK: 400
DUMP_FLAGS: 8000c07
DUMP_TYPE: 3
PROCESS_NAME: unknown
ANALYSIS_SESSION_HOST: ISIK-SPC-ADC
ANALYSIS_SESSION_TIME: 11-17-2018 18:36:11.0319
ANALYSIS_VERSION: 10.0.17763.1 amd64fre
THREAD_ATTRIBUTES:
OS_LOCALE: ENA
BUGCHECK_STR: APPLICATION_FAULT
PRIMARY_PROBLEM_CLASS: APPLICATION_FAULT
PROBLEM_CLASSES:
ID: [0n320]
Type: [APPLICATION_FAULT]
Class: Primary
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
BUCKET_ID
Name: Add
Data: Omit
PID: [Unspecified]
TID: [Unspecified]
Frame: [0]
LAST_CONTROL_TRANSFER: from 00007fffa064728f to 00007fffa1a75bf8
STACK_TEXT:
000000f9`7422c550 00007fff`a064728f : 00007fff`a08d3260 00007fff`a04b1ea8 000000f9`636e8e20 00007fff`a030294e : KERNELBASE!RaiseException+0x68
000000f9`7422c630 00007fff`a05fff3c : 000000f9`43630ce0 000000f9`7483b6e0 000000f9`00000001 00000000`00000000 : ntdsai!RaiseDsaExcept+0xea
000000f9`7422c830 00007fff`a0705531 : 000000f9`7422c9f0 000000f9`00000000 000000f9`7422cab0 00000000`00000000 : ntdsai!DBFindDNT+0xffffffff`fffbb284
000000f9`7422c870 00007fff`a068b0ea : 00000000`00000000 000000f9`7483b6e0 00000000`00000000 000000f9`75cc35c0 : ntdsai!SampDsQueryFineGrainPasswordPolicyPresent+0xa1
000000f9`7422c8e0 00007fff`a0a513da : 00000000`00000000 00000000`00000001 000000f9`7422c9f0 00000000`00000000 : ntdsai!SampDsMustQueryFineGrainedAccountSettings+0x52
000000f9`7422c980 00007fff`a11ba761 : 000000f9`74355200 000000f9`74355200 00000000`00000000 000000f9`7422cf90 : ntdsa!SampDsMustQueryFineGrainedAccountSettings+0x88
000000f9`7422c9b0 00007fff`a11b47a5 : 00000000`00000040 000000f9`74355200 00000000`00000001 00000000`00000000 : samsrv!SampGetReverseMembershipTransitive+0x1a4
000000f9`7422d160 00007fff`a063de94 : 000000f9`7422dc70 00000000`00000000 000000f9`74355200 00000000`00000000 : samsrv!SampQueryInformationUserInternal+0x2c5
000000f9`7422db70 00007fff`a0a51328 : 00000000`000000f5 00000000`00000000 000090a9`79502675 000000f9`76524400 : ntdsai!SampDsGetUserLogonInformation+0x3dd
000000f9`7422dda0 00007fff`a11d7beb : 00000000`00000000 00000000`00000000 000000f9`3a674cd0 000000f9`39052d30 : ntdsa!SampDsGetUserLogonInformation+0x14a
000000f9`7422de40 00007fff`9c3f848c : 000000f9`39050000 00000000`00000008 00000000`00000020 00007fff`a4337442 : samsrv!SamIGetUserLogonInformation3+0x23b
000000f9`7422e190 00007fff`9c3f7cd7 : 000000f9`7422e900 00007fff`00000001 000000f9`7422e900 000000f9`39390304 : kdcsvc!KdcGetTicketInfo+0x22c
000000f9`7422e550 00007fff`9c3e7684 : 00000002`cb417801 00000000`00000000 000000f9`7422e9c0 00000000`00000000 : kdcsvc!KdcNormalize+0x4d7
000000f9`7422e740 00007fff`9c3f25d9 : 00000002`cb417800 00000000`00000001 00000000`00000700 00000000`00000000 : kdcsvc!KdcCheckTgsLogonRestrictions+0xf8
000000f9`7422e8d0 00007fff`9c3f3164 : 000000f9`7430c564 000000f9`00000002 00000000`00000001 00000000`00000701 : kdcsvc!HandleTGSRequest+0x2a29
000000f9`7422f7e0 00007fff`9c3e6ce4 : 000000f9`743726a8 00007fff`a04fb770 00000000`00000000 00000000`00000000 : kdcsvc!KdcGetTicket+0x8b4
000000f9`7422fcc0 00007fff`a04f11d1 : 000000f9`7422fd80 000000f9`743726a0 00000000`00000001 00000000`abcdef01 : kdcsvc!KdcAtqIoCompletion+0x164
000000f9`7422fd70 00007fff`a04f12a4 : 00000000`ffffffff 00000000`0001216d 00000000`00000001 00000000`00000000 : ntdsatq!AtqpProcessContext+0xc9
000000f9`7422fdb0 00007fff`a29116ad : 00000000`00000000 00000000`00000000 00000000`00000705 000000f9`743726a0 : ntdsatq!AtqPoolThread+0x1aa
000000f9`7422fe40 00007fff`a4374629 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
000000f9`7422fe70 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d
THREAD_SHA1_HASH_MOD_FUNC: b93b6576faa49b30901d7080862e2be270262313
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 7e05f90aba71e5b793b37bca2fac63366dd49e72
THREAD_SHA1_HASH_MOD: c982d7e04da6ddaf95f85cfa0a9329b87a3b52b4
FOLLOWUP_IP:
ntdsai!RaiseDsaExcept+ea
00007fff`a064728f 488b8dc0000000 mov rcx,qword ptr [rbp+0C0h]
FAULT_INSTR_CODE: c08d8b48
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: ntdsai!RaiseDsaExcept+ea
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ntdsai
IMAGE_NAME: ntdsai.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 52d9619c
STACK_COMMAND: ~26s ; .ecxr ; kb
BUCKET_ID: APPLICATION_FAULT_ntdsai!RaiseDsaExcept+ea
FAILURE_EXCEPTION_CODE: e0010004
FAILURE_IMAGE_NAME: ntdsai.dll
BUCKET_ID_IMAGE_STR: ntdsai.dll
FAILURE_MODULE_NAME: ntdsai
BUCKET_ID_MODULE_STR: ntdsai
FAILURE_FUNCTION_NAME: RaiseDsaExcept
BUCKET_ID_FUNCTION_STR: RaiseDsaExcept
BUCKET_ID_OFFSET: ea
BUCKET_ID_MODTIMEDATESTAMP: 52d9619c
BUCKET_ID_MODCHECKSUM: 389db0
BUCKET_ID_MODVER_STR: 6.3.9600.16517
BUCKET_ID_PREFIX_STR: APPLICATION_FAULT_
FAILURE_PROBLEM_CLASS: APPLICATION_FAULT
FAILURE_SYMBOL_NAME: ntdsai.dll!RaiseDsaExcept
FAILURE_BUCKET_ID: APPLICATION_FAULT_e0010004_ntdsai.dll!RaiseDsaExcept
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOn...055/532954fb/e0010004/00005bf8.htm?Retriage=1
TARGET_TIME: 2018-11-15T11:32:05.000Z
OSBUILD: 9600
OSSERVICEPACK: 17056
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
OSPLATFORM_TYPE: x64
OSNAME: Windows 8.1
OSEDITION: Windows 8.1 LanManNt TerminalServer DataCenter SingleUserTS
USER_LCID: 0
OSBUILD_TIMESTAMP: 2014-03-20 12:17:16
BUILDDATESTAMP_STR: 140221-1952
BUILDLAB_STR: winblue_gdr
BUILDOSVER_STR: 6.3.9600.17031
ANALYSIS_SESSION_ELAPSED_TIME: 69a7
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:application_fault_e0010004_ntdsai.dll!raisedsaexcept
FAILURE_ID_HASH: {11ded626-0b1c-72b0-15e7-09199f5ba6f8}
Followup: MachineOwner
---------
Gokhan Cil
Continue reading...
I am trying to trace whats causing lsass to crash on my server which essentially kills everything on AD services.
Here is the !analyze -v output from WinDbg
Password sync DLL related to Gsuite password sync agent to Google.
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(1e4.444): Unknown exception - code e0010004 (first/second chance not available)
ntdll!NtWaitForMultipleObjects+0xa:
00007fff`a439b13a c3 ret
0:026> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for password_sync_dll.DLL -
GetUrlPageData2 (WinHttp) failed: 12002.
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
Timeline: !analyze.Start
Name: <blank>
Time: 2018-11-17T07:36:11.319Z
Diff: 158646319 mSec
Timeline: Dump.Current
Name: <blank>
Time: 2018-11-15T11:32:05.0Z
Diff: 0 mSec
Timeline: Process.Start
Name: <blank>
Time: 2018-11-15T11:30:51.0Z
Diff: 74000 mSec
Timeline: OS.Boot
Name: <blank>
Time: 2018-11-15T11:30:43.0Z
Diff: 82000 mSec
DUMP_CLASS: 2
DUMP_QUALIFIER: 400
CONTEXT: (.ecxr)
rax=000000f90000007f rbx=00000000fffff9bf rcx=000000f90000007f
rdx=000000000000007f rsi=00007fffa08d2d30 rdi=0000000000000001
rip=00007fffa1a75bf8 rsp=000000f97422c550 rbp=000000f97422c730
r8=000000f974839dee r9=000000f9f40000f4 r10=000000f97422c6f0
r11=000000f974839850 r12=0000000000000000 r13=0000000000000000
r14=0000000002080169 r15=00000000e0010004
iopl=0 nv up ei pl nz na pe nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
KERNELBASE!RaiseException+0x68:
00007fff`a1a75bf8 488b8c24c0000000 mov rcx,qword ptr [rsp+0C0h] ss:000000f9`7422c610=000093807a478e1c
Resetting default scope
FAULTING_IP:
KERNELBASE!RaiseException+68
00007fff`a1a75bf8 488b8c24c0000000 mov rcx,qword ptr [rsp+0C0h]
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 00007fffa1a75bf8 (KERNELBASE!RaiseException+0x0000000000000068)
ExceptionCode: e0010004
ExceptionFlags: 00000000
NumberParameters: 3
Parameter[0]: 00000000fffff9bf
Parameter[1]: 0000000000000000
Parameter[2]: 0000000002080169
DEFAULT_BUCKET_ID: APPLICATION_FAULT
ERROR_CODE: (NTSTATUS) 0xe0010004 - <Unable to get error code text>
EXCEPTION_CODE: (NTSTATUS) 0xe0010004 - <Unable to get error code text>
EXCEPTION_CODE_STR: e0010004
EXCEPTION_PARAMETER1: 00000000fffff9bf
EXCEPTION_PARAMETER2: 0000000000000000
EXCEPTION_PARAMETER3: 0000000002080169
WATSON_BKT_PROCSTAMP: 5215e25f
WATSON_BKT_PROCVER: 6.3.9600.16384
PROCESS_VER_PRODUCT: Microsoft® Windows® Operating System
WATSON_BKT_MODULE: KERNELBASE.dll
WATSON_BKT_MODSTAMP: 532954fb
WATSON_BKT_MODOFFSET: 5bf8
WATSON_BKT_MODVER: 6.3.9600.17055
MODULE_VER_PRODUCT: Microsoft® Windows® Operating System
BUILD_VERSION_STRING: 6.3.9600.17031 (winblue_gdr.140221-1952)
MODLIST_WITH_TSCHKSUM_HASH: 29d3eb60c062e32e596ed06404b60186d3da5722
MODLIST_SHA1_HASH: 59c71ef8060c0fe053711e52442b1d7160076c19
NTGLOBALFLAG: 0
PROCESS_BAM_CURRENT_THROTTLED: 0
PROCESS_BAM_PREVIOUS_THROTTLED: 0
APPLICATION_VERIFIER_FLAGS: 0
PRODUCT_TYPE: 2
SUITE_MASK: 400
DUMP_FLAGS: 8000c07
DUMP_TYPE: 3
PROCESS_NAME: unknown
ANALYSIS_SESSION_HOST: ISIK-SPC-ADC
ANALYSIS_SESSION_TIME: 11-17-2018 18:36:11.0319
ANALYSIS_VERSION: 10.0.17763.1 amd64fre
THREAD_ATTRIBUTES:
OS_LOCALE: ENA
BUGCHECK_STR: APPLICATION_FAULT
PRIMARY_PROBLEM_CLASS: APPLICATION_FAULT
PROBLEM_CLASSES:
ID: [0n320]
Type: [APPLICATION_FAULT]
Class: Primary
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
BUCKET_ID
Name: Add
Data: Omit
PID: [Unspecified]
TID: [Unspecified]
Frame: [0]
LAST_CONTROL_TRANSFER: from 00007fffa064728f to 00007fffa1a75bf8
STACK_TEXT:
000000f9`7422c550 00007fff`a064728f : 00007fff`a08d3260 00007fff`a04b1ea8 000000f9`636e8e20 00007fff`a030294e : KERNELBASE!RaiseException+0x68
000000f9`7422c630 00007fff`a05fff3c : 000000f9`43630ce0 000000f9`7483b6e0 000000f9`00000001 00000000`00000000 : ntdsai!RaiseDsaExcept+0xea
000000f9`7422c830 00007fff`a0705531 : 000000f9`7422c9f0 000000f9`00000000 000000f9`7422cab0 00000000`00000000 : ntdsai!DBFindDNT+0xffffffff`fffbb284
000000f9`7422c870 00007fff`a068b0ea : 00000000`00000000 000000f9`7483b6e0 00000000`00000000 000000f9`75cc35c0 : ntdsai!SampDsQueryFineGrainPasswordPolicyPresent+0xa1
000000f9`7422c8e0 00007fff`a0a513da : 00000000`00000000 00000000`00000001 000000f9`7422c9f0 00000000`00000000 : ntdsai!SampDsMustQueryFineGrainedAccountSettings+0x52
000000f9`7422c980 00007fff`a11ba761 : 000000f9`74355200 000000f9`74355200 00000000`00000000 000000f9`7422cf90 : ntdsa!SampDsMustQueryFineGrainedAccountSettings+0x88
000000f9`7422c9b0 00007fff`a11b47a5 : 00000000`00000040 000000f9`74355200 00000000`00000001 00000000`00000000 : samsrv!SampGetReverseMembershipTransitive+0x1a4
000000f9`7422d160 00007fff`a063de94 : 000000f9`7422dc70 00000000`00000000 000000f9`74355200 00000000`00000000 : samsrv!SampQueryInformationUserInternal+0x2c5
000000f9`7422db70 00007fff`a0a51328 : 00000000`000000f5 00000000`00000000 000090a9`79502675 000000f9`76524400 : ntdsai!SampDsGetUserLogonInformation+0x3dd
000000f9`7422dda0 00007fff`a11d7beb : 00000000`00000000 00000000`00000000 000000f9`3a674cd0 000000f9`39052d30 : ntdsa!SampDsGetUserLogonInformation+0x14a
000000f9`7422de40 00007fff`9c3f848c : 000000f9`39050000 00000000`00000008 00000000`00000020 00007fff`a4337442 : samsrv!SamIGetUserLogonInformation3+0x23b
000000f9`7422e190 00007fff`9c3f7cd7 : 000000f9`7422e900 00007fff`00000001 000000f9`7422e900 000000f9`39390304 : kdcsvc!KdcGetTicketInfo+0x22c
000000f9`7422e550 00007fff`9c3e7684 : 00000002`cb417801 00000000`00000000 000000f9`7422e9c0 00000000`00000000 : kdcsvc!KdcNormalize+0x4d7
000000f9`7422e740 00007fff`9c3f25d9 : 00000002`cb417800 00000000`00000001 00000000`00000700 00000000`00000000 : kdcsvc!KdcCheckTgsLogonRestrictions+0xf8
000000f9`7422e8d0 00007fff`9c3f3164 : 000000f9`7430c564 000000f9`00000002 00000000`00000001 00000000`00000701 : kdcsvc!HandleTGSRequest+0x2a29
000000f9`7422f7e0 00007fff`9c3e6ce4 : 000000f9`743726a8 00007fff`a04fb770 00000000`00000000 00000000`00000000 : kdcsvc!KdcGetTicket+0x8b4
000000f9`7422fcc0 00007fff`a04f11d1 : 000000f9`7422fd80 000000f9`743726a0 00000000`00000001 00000000`abcdef01 : kdcsvc!KdcAtqIoCompletion+0x164
000000f9`7422fd70 00007fff`a04f12a4 : 00000000`ffffffff 00000000`0001216d 00000000`00000001 00000000`00000000 : ntdsatq!AtqpProcessContext+0xc9
000000f9`7422fdb0 00007fff`a29116ad : 00000000`00000000 00000000`00000000 00000000`00000705 000000f9`743726a0 : ntdsatq!AtqPoolThread+0x1aa
000000f9`7422fe40 00007fff`a4374629 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
000000f9`7422fe70 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d
THREAD_SHA1_HASH_MOD_FUNC: b93b6576faa49b30901d7080862e2be270262313
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 7e05f90aba71e5b793b37bca2fac63366dd49e72
THREAD_SHA1_HASH_MOD: c982d7e04da6ddaf95f85cfa0a9329b87a3b52b4
FOLLOWUP_IP:
ntdsai!RaiseDsaExcept+ea
00007fff`a064728f 488b8dc0000000 mov rcx,qword ptr [rbp+0C0h]
FAULT_INSTR_CODE: c08d8b48
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: ntdsai!RaiseDsaExcept+ea
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ntdsai
IMAGE_NAME: ntdsai.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 52d9619c
STACK_COMMAND: ~26s ; .ecxr ; kb
BUCKET_ID: APPLICATION_FAULT_ntdsai!RaiseDsaExcept+ea
FAILURE_EXCEPTION_CODE: e0010004
FAILURE_IMAGE_NAME: ntdsai.dll
BUCKET_ID_IMAGE_STR: ntdsai.dll
FAILURE_MODULE_NAME: ntdsai
BUCKET_ID_MODULE_STR: ntdsai
FAILURE_FUNCTION_NAME: RaiseDsaExcept
BUCKET_ID_FUNCTION_STR: RaiseDsaExcept
BUCKET_ID_OFFSET: ea
BUCKET_ID_MODTIMEDATESTAMP: 52d9619c
BUCKET_ID_MODCHECKSUM: 389db0
BUCKET_ID_MODVER_STR: 6.3.9600.16517
BUCKET_ID_PREFIX_STR: APPLICATION_FAULT_
FAILURE_PROBLEM_CLASS: APPLICATION_FAULT
FAILURE_SYMBOL_NAME: ntdsai.dll!RaiseDsaExcept
FAILURE_BUCKET_ID: APPLICATION_FAULT_e0010004_ntdsai.dll!RaiseDsaExcept
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOn...055/532954fb/e0010004/00005bf8.htm?Retriage=1
TARGET_TIME: 2018-11-15T11:32:05.000Z
OSBUILD: 9600
OSSERVICEPACK: 17056
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
OSPLATFORM_TYPE: x64
OSNAME: Windows 8.1
OSEDITION: Windows 8.1 LanManNt TerminalServer DataCenter SingleUserTS
USER_LCID: 0
OSBUILD_TIMESTAMP: 2014-03-20 12:17:16
BUILDDATESTAMP_STR: 140221-1952
BUILDLAB_STR: winblue_gdr
BUILDOSVER_STR: 6.3.9600.17031
ANALYSIS_SESSION_ELAPSED_TIME: 69a7
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:application_fault_e0010004_ntdsai.dll!raisedsaexcept
FAILURE_ID_HASH: {11ded626-0b1c-72b0-15e7-09199f5ba6f8}
Followup: MachineOwner
---------
Gokhan Cil
Continue reading...