Dsamain.exe Generates an Access Violation and Then Stops Unexpectedly (829075)


The information in this article applies to:

  • Microsoft Exchange Server 5.5

SYMPTOMS

The Microsoft Exchange Server 5.5 directory service (Dsamain.exe) generates an access violation and then stops unexpectedly.

CAUSE

This problem occurs when a client makes a call for the ptagPrimarySMTPAddress property in Unicode. Remote procedure call (RPC) tries to determine how large a buffer to allocate to the data that is returned by the nspi_QueryRows call. The data that was sent by the client contains names and e-mail addresses; the e-mail addresses are in the Microsoft Windows ANSI character set even though they are marked as Unicode. One of the pieces of data that the client sent is the ptagPrimarySMTPAddress property. The ptagPrimarySMTPAddress property is a constructed MAPI attribute that is parsed from the proxy-addresses property. The ptagPrimarySMTPAddress property is supposed to be in Unicode, but the data that the client sent is in the ASCII character set. Because the data that the client sent to Exchange Server is not in Unicode, the last e-mail address is written beyond the buffer that was allocated; this problem causes the access violation in the MIDL_wchar_strlen function.

RESOLUTION

Hotfix Information

A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that this article describes. Apply it only to systems that are experiencing this specific problem.

To resolve this problem, contact Microsoft Product Support Services to obtain the hotfix. For a complete list of Microsoft Product Support Services telephone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

Prerequisites

This hotfix requires Microsoft Exchange Server 5.5 Service Pack 4 (SP4).

Restart Requirement

You do not have to restart your computer after you apply this hotfix.

Hotfix Replacement Information

This hotfix does not replace any other hotfixes.

File Information

The English version of this hotfix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel. 

Date         Time   Version        Size      File name
-------------------------------------------------------------- 
11-Nov-2003  21:44  5.5.2657.78    507,152   Dsamain.exe
11-Nov-2003  21:42  5.5.2657.78    239,376   Dsmsg.dll
11-Nov-2003  21:43  5.5.2657.78     47,376   Oabgen.dll

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section of this article.

Stack Output

If the correct symbol files are installed on the server, the Dr. Watson log (Drwtsn32.log) or the corresponding User.dmp file may contain a call stack that is similar to the following:

ChildEBP RetAddr  Args to Child              

09bafaa4 77e13b72 09bb7fe5 0045517e 09bb7fe5 RPCRT4!MIDL_wchar_strlen+0xf
09bafabc 77e13cfe 09bafd44 09bb7fe5 0045517e RPCRT4!NdrpConformantStringBufferSize+0x74
09bafacc 77e12564 09bafd44 09bb7fe5 0045517e RPCRT4!NdrConformantStringBufferSize+0x2c
09bafaf0 77e13d2d 09bafd44 09bb7fe5 0045517c RPCRT4!NdrpPointerBufferSize+0x69
09bafb04 77e21bf6 09bafd44 09bb7fe5 0045517c RPCRT4!NdrPointerBufferSize+0x2c
09bafb24 77e21a7d 09bafd44 09bb7a90 004550e8 RPCRT4!NdrpUnionBufferSize+0xf3
09bafb48 77e14e7f 09bafd44 09bb7a90 004550e0 RPCRT4!NdrNonEncapsulatedUnionBufferSize+0x2d
09bafb84 77e1a6a5 09bafd44 09bb7a88 004552b0 RPCRT4!NdrComplexStructBufferSize+0x208
09bafbd8 77e24e44 09bafd44 09bb7a88 004552c0 RPCRT4!NdrpComplexArrayBufferSize+0x1f6
09bafbf8 77e12564 09bafd44 09bb7a08 004552c0 RPCRT4!NdrComplexArrayBufferSize+0x41
09bafc1c 77e244aa 09bafd44 09bb7a08 0045530a RPCRT4!NdrpPointerBufferSize+0x69
09bafc50 77e137de 09bafd44 09bb0edc 09bafc84 RPCRT4!NdrpEmbeddedRepeatPointerBufferSize+0xa6
09bafc74 77e146d2 09bafd44 09bb0e28 004552fe RPCRT4!NdrpEmbeddedPointerBufferSize+0x4b
09bafc94 77e12564 09bafd44 09bb0e28 004552f6 RPCRT4!NdrConformantStructBufferSize+0x6a
09bafcb8 77e13d2d 09bafd44 09bb0e28 004550dc RPCRT4!NdrpPointerBufferSize+0x69
09bafccc 77e12564 09bafd44 09bb0e28 004550dc RPCRT4!NdrPointerBufferSize+0x2c
09bafcf0 77e13d2d 09bafd44 09bafd40 004550d8 RPCRT4!NdrpPointerBufferSize+0x69
09bafd04 0040b1f5 09bafd44 09bafd40 004550d8 RPCRT4!NdrPointerBufferSize+0x2c
09bafe20 77e11423 09bafef0 00159e70 09bafef0 dsamain!nspi_NspiQueryRows+0x1f5
09bafe5c 77e111dc 0040b03c 09bafef0 09baff34 RPCRT4!DispatchToStubInC+0x34
09bafeb0 77e114f9 09bafef0 00000000 09baff34 RPCRT4!RPC_INTERFACE::DispatchToStubWorker+0x124
09bafed0 77e1e02f 09bafef0 00000000 09baff34 RPCRT4!RPC_INTERFACE::DispatchToStub+0x5d
09baff40 77e1ff1b 0017daa8 000000b0 09baff90 RPCRT4!OSF_SCONNECTION::ReceiveOriginalCall+0x376
09baff60 77e1daa7 0017daa8 000000b0 00145c70 RPCRT4!OSF_SCONNECTION::DispatchPacket+0x20f
09baff90 77e1f495 77e17bd3 00145c70 09baffec RPCRT4!OSF_ADDRESS::ReceiveLotsaCalls+0x81
09baff94 77e17bd3 00145c70 09baffec 776a1f7d RPCRT4!ReceiveLotsaCallsWrapper+0x9
09baffac 77e17c09 0016cba8 001559e0 77f04ede RPCRT4!BaseCachedThreadRoutine+0x9f
09baffb8 77f04ede 001642d8 776a1f7d 001559e0 RPCRT4!ThreadStartRoutine+0x17

Modification Type:MinorLast Reviewed:10/26/2005
Keywords:kbHotfixServer kbQFE kbHotfixServer kbQFE kbExchange550preSP5fix kbQFE kbfix kbbug KB829075 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.