views:

58

answers:

1

After some update, I see following issue on all Windows Server 2003 member servers (x86 only): LogonUser, and LogonUserEx calls are failing with error 1337 (The security ID structure is invalid).

Basically, following code fails:

HANDLE token;
BOOL b = LogonUserA( "username", "DOMAIN", "password", 
           LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &token );

I also noticed following

  • Running same LogonUser code as localsystem works ok
  • Running this code on Windows Server 2003 unpatched for a long time works fine
  • After latest patches, WS2003 x86 fails, GetLastError() returns 1337
  • Configuring “act as part of operating system” privilege does not help. Neither does enabling SE_TCB_NAME privilege explicitly in the code.
  • Runas /user:DOMAIN\username works ok, whether computer is patched or not

Have anybody ran into the same problem? Have Microsoft recognized it as a bug?

Is there a workaround? Since runas is working, I assume there is an alternative way to do what LogonUser does.