Password change/set hang after a few hours

Brought to you by: brianpclayton, nobull, rresnick

#5 Password change/set hang after a few hours

Milestone: v1.0 (example)

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2022-09-19

Created: 2019-05-20

Creator: Laurent FRANCFORT

Private: No

Hello,

Configuration : 2 domain controllers with Windows Server 216. I installed passwdhk on both. I'm using the .bat sample in postchange configuration.
Everything seems to work well, but after a few hours, all actions leading to password change/set freeze : user password reset (using AD U&C console or powershell, user creation, PC join to the domain.
I need to restart the DC for these actions to be ok again.

How can I dig into this issue ?

Thank you !

Laurent

Discussion

Laurent FRANCFORT - 2019-06-25

Hi, I did the following :
Add a Windows Server 2012 R2 as DC to the same domain
Install password filter on this WinSrv2012 server
Execute a lot of password modifications on this specific server.

Everything ran fine.

So it seems the issue is not with AD, but with the DC OS.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Ragnarok - 2019-08-30

I have same issue on 2012R2 with only 1 server acting as DC.
Also, after few hours the i cannot join pc's to domain or adduser, change password, etc...
It's hang and i need to restat the server to work again :(
event log do not show anything related..
any idea?

Last edit: Ragnarok 2019-08-30

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Laurent FRANCFORT - 2020-01-13

I did several tests at different customer sites, and it seems that the password filter works well with Windows Server 2008 R2 and Windows Server 2019, but has issues with WinSRV2012 and WinSRV2016. When installed on a WinSRV2012R2/2016 box, LSASS hangs when it receives a password change request (new user, change password through ADU&C or CTRL-ALT-DEL...)

I didn't understand why LSASS freeze.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

soisik - 2021-09-28

We've experimented the same problem in WinSRV2016: the first password change is immediate but subsequent changes hangs for several minutes and sometime indefinitely, forcing a reboot. We have found that it only happen when logLevel is 0 or 1; Setting logLevel at 2 or 3, the execution of the script do not hang anymore.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Ragnarok - 2021-09-28
  
  thanks, i will try your workaround
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

soisik - 2021-09-28

Actually, it didn't work: after a few hours, password change processes hanged again. It seems the loglevel is just delaying the freeze of the DLL...

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

snowdvl - 2022-09-19

Hi Soisik
Could it be that you had the option SkipComp enabled? Because I think there is a bug in the util.cpp file. I'm no C++ expert. But at line 216 and 217 you will find the following statement.
// Get mutex - unfortunately, this whole section must be mutually exclusive so that the log doesn't get garbled by overlapping writes from multiple threads
// ** Must be released before return!
However in the skipcomp if block (line 228 - 237) PSHK_SUCCESS got returned without closing the log and releasing the mutex. I can imagine that would cause some troubles on the server after a while.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.