"Invalid Page Fault in Module Negotiat.dll" Error Message During Domain Logon or Internet Browsing (310495)

SYMPTOMS

You may receive the following error message during domain logon, during Internet browsing, or when you run a Winsock program:

This program has performed an illegal operation
and will be shut down.

If the problem persists, contact the program
vendor.

When you click Details, you receive the following error message (see the "More Information" section of this article for the complete error message):

Program name caused an invalid page fault in module Negotiat.dll at 0167:01ab3e43.

The problem occurs only if all of the following conditions are true during an attempt to verify user credentials against a Microsoft Internet Security and Acceleration (ISA) server:

The Directory Services Client for Windows is installed on the client computer.
The Microsoft Firewall Client is installed on the client computer.
The ISA server is set up as a firewall, and it requires client authentication (enforces user and group access policy through Site and Content Rules, and through Protocol Rules).

MORE INFORMATION

When the issue described in the "Symptoms" section of this article occurs, a dialog box similar to the following is displayed:

Title:	MODULE NAME (IEXPLORE, MPREXE, ...)
Icon:	X in red circle (MB_ICONERROR)
Text:	This program has performed an illegal operation   [Close]
	and will be shut down.

	If the problem persists, contact the program      [Details>>]
	vendor.

The following are sample contents from the Details control in the dialog box. Note that the significant value is in the EAX register, which is being used as a pointer.

If you try to access a Web site through the ISA proxy, the Details control displays the following:

IEXPLORE caused an invalid page fault in
module NEGOTIAT.DLL at 0167:01ab3e43.
Registers:
EAX=a0000001 CS=0167 EIP=01ab3e43 EFLGS=00010282
EBX=00443c5c SS=016f ESP=0198faf8 EBP=0198fca0
ECX=00442084 DS=016f ESI=00443cbc FS=3837
EDX=0042003c ES=016f EDI=0198fb10 GS=2a76
Bytes at CS:EIP:
ff 70 04 e8 29 ef ff ff 85 c0 74 0d 83 7d 0c 10 
Stack dump:
00442084 00000000 00000008 00000000 00000000 00000000 ffffffff 0198fb38
bff7b498 00420000 bff7b9c5 818433d4 00443c38 10003940 1000d1a0 1000d1a0

During logon, the Details control displays the following:

MPREXE caused an invalid page fault in
module NEGOTIAT.DLL at 0167:00413e43.
Registers:
EAX=a0000021 CS=0167 EIP=00413e43 EFLGS=00010286
EBX=015b1d78 SS=016f ESP=022ffaf8 EBP=022ffca0
ECX=021e2654 DS=016f ESI=015b1dd8 FS=1a7f
EDX=0051002c ES=016f EDI=022ffb10 GS=1cce
Bytes at CS:EIP:
ff 70 04 e8 29 ef ff ff 85 c0 74 0d 83 7d 0c 10 
Stack dump:
021e2654 00000000 00000008 00000000 00000000 00000000 00000000 022ffb38
bff7b498 00510000 bff7b9c5 8181cd00 015b1d54 10003940 1000d1a0 1000d1a0

For additional information about ISA Client and Server detection, click the article numbers below to view the articles in the Microsoft Knowledge Base:

260210 Description of WinSock Proxy Auto Detect Support

For additional information about the Directory Services client update for Windows 98, click the following article number to view the article in the Microsoft Knowledge Base:

323455 Directory Services client update for Windows 98

For additional information about Windows 98 and Windows 98 Second Edition hotfixes, click the article number below to view the article in the Microsoft Knowledge Base:

206071 General Information About Windows 98 and Windows 98 Second Edition Hotfixes

"Invalid Page Fault in Module Negotiat.dll" Error Message During Domain Logon or Internet Browsing (310495)

SYMPTOMS

CAUSE

WORKAROUND

STATUS

MORE INFORMATION