XADM: Crash in Srvrmax.exe (RtlQueryInformationAcl) During Setup

ID: Q152529

The information in this article applies to:
  • Microsoft Exchange Server, versions 4.0, 5.0

SYMPTOMS

When you upgrade Microsoft Exchange Server 4.0 (Enterprise or Standard edition) to Microsoft Exchange Server 4.0 Service Pack 4 or to Microsoft Exchange Server 5.0, the process may terminate unexpectedly with an access violation (Dr. Watson).


CAUSE

A call being made to retrieve the security descriptor on a key in the registry is returning a NULL parameter. Setup does not handle a NULL parameter being returned and access violates.


WORKAROUND

To work around this problem:

WARNING: Using the Registry Editor incorrectly can cause serious problems that may require you to reinstall Windows NT. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

  1. Start Registry Editor (Regedt32.exe).


  2. Under the HKEY_LOCAL_MACHINE subtree, go to the following subkey: 
    
      System\CurrentControlSet\Services\EventLog\Application


  3. Starting with the first key under Application, select Permissions from the Security menu. Make sure the Windows NT account being used as the Microsoft Exchange service account is in the list and has FULL CONTROL rights. Repeat this for each key down the list.

    When you find a key that does not contain the service account in its list, it is the key that is most likely causing the problem.


  4. Compare the name of this key with what is in the "Raw Stack Dump" of the Drwtsn32.log. For example, in the sample log in the More Information section of this article, the stack dump lists: 
    
      .......
      0012d37c  00 00 00 00 49 00 6e 00 - 74 00 57 00 69 00 72 00
      ....I.n.t.W.i.r.
      0012d38c  65 00 4d 00 73 00 67 00 - 53 00 65 00 72 00 76 00
      e.M.s.g.S.e.r.v.
      0012d39c  65 00 72 00 00 00 00 00 - 6f 00 6e 00 6e 00 65 00
      e.r.....o.n.n.e.
      0012d3ac  63 00 74 00 6f 00 72 00 - 00 00 65 00 63 00 74 00
      c.t.o.r...e.c.t.

    This points to the Integra Wireless Messaging Server Key (in the registry as IntWireMsgServer) under: 
    
      HKEY_LOCAL_MACHINE\ 
      System\CurrentControlSet\Services\EventLog\Application


  5. In the Permissions dialog box, click Add and select System as Full Control and Creator Owner as Full Control and click OK. (It is also possible to delete this particular key to resolve the problem; however, the consequences must be fully known before proceeding with the deletion)


  6. Quit Registry Editor.


  7. Run Microsoft Exchange Server Setup again.



STATUS

Microsoft has confirmed this to be a problem in Microsoft Exchange Server version 4.0. This problem has been corrected in the latest U.S. Service Pack for Microsoft Exchange Server version 4.0. For information on obtaining the Service Pack, query on the following word in the Microsoft Knowledge Base (without the spaces):

S E R V P A C K
Microsoft has confirmed this to be a problem in Microsoft Exchange Server version 5.0. This problem has been corrected in the latest U.S. Service Pack for Microsoft Exchange Server version 5.0. For information on obtaining the Service Pack, query on the following word in the Microsoft Knowledge Base (without the spaces):
S E R V P A C K


MORE INFORMATION

This problem has been seen mainly when upgrading a computer running Microsoft Exchange Server 4.0 that has the Integra Wireless Messaging Server for Microsoft Exchange installed.

The Drwtsn32.log will look similar to the following: 


   Application exception occurred:
      App: srvrmax.dbg (pid=303)
        When: 3/13/1997 @ 17:38:38.203
        Exception number: c0000005 (access violation)

   function: RtlQueryInformationAcl
      77fb407c 55               push    ebp
      77fb407d 8bec             mov     ebp,esp
      77fb407f 83ec04           sub     esp,0x4
      77fb4082 56               push    esi
      77fb4083 8b7508           mov     esi,[ebp+0x8]
   ss:00bfbba6=????????
   FAULT ->77fb4086 8a0e             mov     cl,[esi]
   ds:00000000=??
      77fb4088 80f902           cmp     cl,0x2
      77fb408b 7407             jz      RtlQueryInformationAcl+0x18
   (77fb4094)
      77fb408d b80d0000c0       mov     eax,0xc000000d
      77fb4092 eb7f             jmp     RtlQueryInformationAcl+0x97
   (77fb4113)
      77fb4094 8b4514           mov     eax,[ebp+0x14]
   ss:00bfbba6=????????
      77fb4097 83f801           cmp     eax,0x1
      77fb409a 740c             jz      RtlQueryInformationAcl+0x2c
   (77fb40a8)
      77fb409c 83f802           cmp     eax,0x2
      77fb409f 741e             jz      RtlQueryInformationAcl+0x43
   (77fb40bf)
      77fb40a1 b8030000c0       mov     eax,0xc0000003
      77fb40a6 eb6b             jmp     RtlQueryInformationAcl+0x97
   (77fb4113)

*----> Stack Back Trace <----*

   FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
   0012d284 77e24756 00000000 0012d2e8 0000000c 00000002
   ntdll!RtlQueryInformationAcl
   0012d29c 0041c291 00000000 0012d2e8 0000000c 00000002
   advapi32!GetAclInformation
   00000014 00000000 00000000 00000000 00000000 00000000
      srvrmax!<nosymbols>

*----> Raw Stack Dump <----*

   0012d27c  00 00 00 00 90 d2 12 00 - 9c d2 12 00 56 47 e2 77
   ............VG.w
   0012d28c  00 00 00 00 e8 d2 12 00 - 0c 00 00 00 02 00 00 00
   ................
   0012d29c  14 00 00 00 91 c2 41 00 - 00 00 00 00 e8 d2 12 00
   ......A.........
   0012d2ac  0c 00 00 00 02 00 00 00 - 14 00 00 00 80 d3 12 00
   ................
   0012d2bc  00 00 00 00 a4 dd 12 00 - 00 00 00 00 00 00 00 00
   ................
   0012d2cc  00 00 00 00 10 f3 16 00 - 40 00 00 00 14 00 00 00
   ........@.......
   0012d2dc  f8 d2 12 00 00 00 00 00 - 1b 00 06 00 28 d3 12 00
   ............(...
   0012d2ec  80 d3 12 00 00 00 00 00 - 01 00 00 00 00 00 00 00
   ................
   0012d2fc  01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
   ................
   0012d30c  00 00 00 00 6d c1 41 00 - b4 00 00 00 a4 dd 12 00
   ....m.A.........
   0012d31c  00 00 00 00 00 00 00 00 - a4 dd 12 00 b4 00 00 00
   ................
   0012d32c  52 c0 41 00 14 00 00 00 - 80 d3 12 00 a4 dd 12 00
   R.A.............
   0012d33c  00 00 00 00 0e 00 00 00 - a4 dd 12 00 14 00 00 00
   ................
   0012d34c  00 00 00 00 00 00 00 00 - f3 c0 41 00 14 00 00 00
   ..........A.....
   0012d35c  80 d3 12 00 a4 dd 12 00 - 4d 24 e3 77 00 00 00 00
   ........M$.w....
   0012d36c  00 00 00 00 a4 dd 12 00 - 80 d3 12 00 05 01 00 00
   ................
   0012d37c  00 00 00 00 49 00 6e 00 - 74 00 57 00 69 00 72 00
   ....I.n.t.W.i.r.
   0012d38c  65 00 4d 00 73 00 67 00 - 53 00 65 00 72 00 76 00
   e.M.s.g.S.e.r.v.
   0012d39c  65 00 72 00 00 00 00 00 - 6f 00 6e 00 6e 00 65 00
   e.r.....o.n.n.e.
   0012d3ac  63 00 74 00 6f 00 72 00 - 00 00 65 00 63 00 74 00
   c.t.o.r...e.c.t.

The Integra Wireless Messaging Server is manufactured by Integra, a vendor independent of Microsoft; we make no warranty, implied or otherwise, regarding this product's performance or reliability.

Additional query words: hang crash sp1

Keywords : kbusage kbbug4.00 kbbug5.00 XADM kbfix5.00.sp1
Version : winnt:4.0,5.0
Platform : winnt
Issue type : kbbug


Last Reviewed: March 26, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.