After some update, I see following issue on all Windows Server 2003 member servers (x86 only): LogonUser, and LogonUserEx calls are failing with error 1337 (The security ID structure is invalid).
Basically, following code fails:
HANDLE token;
BOOL b = LogonUserA( "username", "DOMAIN", "password",
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &token );
I also noticed following
- Running same LogonUser code as localsystem works ok
- Running this code on Windows Server 2003 unpatched for a long time works fine
- After latest patches, WS2003 x86 fails, GetLastError() returns 1337
- Configuring “act as part of operating system” privilege does not help. Neither does enabling SE_TCB_NAME privilege explicitly in the code.
- Runas /user:DOMAIN\username works ok, whether computer is patched or not
Have anybody ran into the same problem? Have Microsoft recognized it as a bug?
Is there a workaround? Since runas is working, I assume there is an alternative way to do what LogonUser does.