List of Domain Controllers (DC’s) related hotfixes post SP2 for Windows Server 2003 SP2 or Windows Server 2003 R2 SP2
Applies to:
Windows Server 2003 R2 Service Pack 2
Windows Server 2003 R2 SP2
W2K3 R2 Service Pack 2
W2K3 R2 SP2
Windows Server 2003 Service Pack 2
Windows Server 2003 SP2
W2K3 Service Pack 2
W2K3 SP2
Note: You should check https://support.microsoft.com for the latest version of the different files.
Note 2: Most of these are not a part of Windows Update or WSUS.
List of Domain Controllers (DC’s) related hotfixes post SP2 for Windows Server 2003 SP2 or Windows Server 2003 R2 SP2 as of Jul. 2013:
2581130 Many services do not start successfully after you restart a Windows Server 2003-based domain controller
https://support.microsoft.com/?id=2581130
Update(s):
Lsasrv.dll 5.2.3790.4886Supersede(s):
2539164 Windows Server 2003 does not start after you install security update 979683 (MS10-021)
2536720
Third-party applications or services encounter an authentication failure when security update 2478960 is installed in Windows Server 2003
2478960 MS11-014: Vulnerability in Local Security Authority Subsystem Service could allow local elevation of privilege
2283089 The “0x80070553” error code occurs on a Windows Server 2003-based computer when you start an application or service that is configured to run by using a hard-coded user account
2257912 The Lsass.exe process crashes on a computer that is running a 64-bit version of Windows Server 2003 SP2
982893 The "LsaLogonUser" function fails in Windows Server 2003 SP2 if a driver installs a hook to LSA
955575 The InitializeSecurityContext function fails with a status of "STATUS_INSUFFICIENT_RESOURCES (0xC000009A)" when the token size of a security principal is greater than 20,000 bytes in Windows Server 2003
944043 Description of the Windows Server 2008 read-only domain controller compatibility pack for Windows Server 2003 clients and for Windows XP clients and for Windows Vista
936182 In Windows Server 2003, a random extra character appears at the end of the Source Workstation field in event ID 680
931543 The Lsass.exe process may stop unexpectedly and the computer restarts in an x64-based version of Windows Server 2003
931307 Memory leak in the Lsass.exe process after you enable the Active Directory Lookup feature on a Windows Server 2003 R2-based computer
930499 You cannot prevent EFS from generating a self-signed certificate when you try to encrypt an EFS file on a Windows Server 2003-based computer
2548145 Active Directory size increases rapidly on a Windows Server 2003 or Windows Server 2008 R2 domain controller that hosts the DNS Server role
https://support.microsoft.com/?id=2548145
Update(s):
Afd.sys 5.2.3790.4898
Dns.exe 5.2.3790.4928
Dnsperf.dll 5.2.3790.4460
Dnsperf.h
Dnsperf.ini
Mswsock.dll 5.2.3790.4318
Tcpip.sys 5.2.3790.4573
Tcpip6.sys 5.2.3790.4662
W03a3409.dll 5.2.3790.4715
Wdnsperf.dll 5.2.3790.4460
Wmswsock.dll 5.2.3790.4318
Ww03a3409.dll 5.2.3790.4715
2621146 MS11-095: Description of the security update for Active Directory: December 13, 2011
2601626 MS11-086: Description of the security update for Active Directory: November 8, 2011
2542040 Windows Server 2003-based domain controller that has many locales configured stops handling authentication requests for a while when many NSPI client requests are received
https://support.microsoft.com/?id=2542040
Update(s):
Ntdsa.dll 5.2.3790.4859
Wntdsa.dll 5.2.3790.4859Supersede(s):
981259 A domain controller that is running Windows Server 2003 SP2 stops responding intermittently
976361 A domain controller that is running Windows Server 2003 may restart unexpectedly if the Name Service Provider Interface API is used to query user account information that contains non-English characters
972122 A query takes a long time to complete and increases CPU usage to a high level on the domain controllers that are running Windows Server 2003 when you use NSPI API functions to query address book information
953235 MS08-035: Vulnerability in Active Directory could allow denial of service
951323 Error message when you add a group as a member of another group from a different domain in Windows Server 2003 Active Directory: "Directory Service is too busy"
948925 Event IDs 1173 and 1925 are logged after you perform an authoritative restore on a Windows Server 2003-based domain controller to restore an application partition that was previously deleted
943576 Active Directory objects may not be replicated from the restored server after an authoritative restore on a Windows Server 2003-based domain controller
941084 When you use a WMI script to query the Win32_PerfFormattedData_NTDS_NTDS class on a Windows Server 2003-based domain controller, the script returns a 0x80041010 error
937855 After you restore deleted objects by performing an authoritative restoration on a Windows Server 2003-based domain controller, the linked attributes of some objects are not replicated to the other domain controllers
934407 Error message when you run an LDAP script that queries for Active Directory information after you bind to a Windows Server 2003-based domain controller: "Error 3021 No Record Found"
932834 You may be unable to connect to a Windows Server 2003-based domain controller by using LDAP over an SSL connection
927342 A Windows Server 2003-based domain controller may restart unexpectedly when it handles an LDAP query
2285736 A ticket request for a service principal name that includes an instance name of SQL Server fails on a domain controller that is running Windows Server 2003
https://support.microsoft.com/?id=
Update(s):
Ntdsapi.dll 5.2.3790.4777
Wntdsapi.dll 5.2.3790.4777
Supersede(s):
959202 The Active Directory Users and Computers snap-in cannot display service principal names (SPNs) that have non-numeric port values when you configure the Delegation properties of a computer account in Windows Server 2003
944434 An application that calls the DsUnBind function may crash on a Windows Server 2003-based computer
944043 Description of the Windows Server 2008 read-only domain controller compatibility pack for Windows Server 2003 clients and for Windows XP clients and for Windows Vista
925027 Error message when you add a member to a DFSR group on a computer that is running Windows Server 2003 R2: "The domain of the distinguished name cannot be determined"
Note: The official list of DFS is in KB 958802 "List of currently available hotfixes for Distributed File System (DFS) technologies in Windows Server 2003 and in Windows Server 2003 R2"
https://support.microsoft.com/?id=958802
2215778 The RODCs are not included in a response to a DFS referral request from a computer that is running Windows Server 2003 SP2
https://support.microsoft.com/?id=2215778
Update(s):
Dfssvc.exe 5.2.3790.4740
Wdfssvc.exe 5.2.3790.4740
Supersede(s):
945050 The private bytes that the DFS service consumes continue to increase on a Windows Server 2003-based domain controller that hosts the PDC emulator role
979290 "A referral was returned from the server" error message when you use the IADsUser::ChangePassword method in Windows Server 2003 SP2
https://support.microsoft.com/?id=979290
Update(s):
Adsmsext.dll 5.2.3790.4674
Supersede(s):
953988 An application that uses the IEnumVARIANT interface triggers a memory leak, and this causes system performance to decrease on a Windows Server 2003-based computer
2478971 MS11-013: Description of the security update for Kerberos in Windows XP and in Windows Server 2003: February 8, 2011
2063562 The operations, services, and processes that require authentication may stop responding in Windows Server 2003 SP2
979159 Kerberos authentication failure occurs when the TGT renewal lifetime expires on an application server in Windows Server 2003 SP2
https://support.microsoft.com/?id=979159
Update(s):
Kerberos.dll 5.2.3790.4650
Wkerberos.dll 5.2.3790.4650Supersede(s):
961160 The Lsass.exe process may randomly stop responding on Kerberos-based clients that are running Windows Server 2003 or Windows XP Professional x64 Edition after you update the Kerberos KDC server to include support for the PKINIT protocol
960077 Applications or services that call the LSA Kerberos functions by using 32-bit processes encounter an exception and crash in Windows Server 2003 64-bit or Windows XP 64-bit systems
940925 A Windows Server 2003-based domain controller restarts unexpectedly after you install hotfix 918442 or Windows Server 2003 Service Pack 2
937919 The GetUserNameEx function returns the user name in an incorrect format in Windows Server 2003
2633207 A decrease in performance occurs on an Exchange server that is running Windows Server 2003 when the Store.exe process receives many requests
977073 FIX: Digest authentication fails on a Windows Server 2003 member server when authenticating against a Windows Server 2008 R2 domain controller.
https://support.microsoft.com/?id=977073
Update(s):
Wdigest.dll 5.2.3790.4612
Wwwdigest.dll 5.2.3790.4612Supersede(s):
904942 Authentication fails when you use Outlook or Outlook Express to try to log on to an HTTP-based mail server if you use Internet Explorer
2288059 The Net Logon service does not start in Windows Server 2003 or in Windows Server 2008 after you restart the computer
976947 The memory usage of the Lsass.exe process keeps increasing on one or more domain controllers that are running Windows Server 2003 if an application or a service calls the DsrAddressToSiteNamesExW function to translate a list of socket addresses
https://support.microsoft.com/?id=976947
Update(s):
Netlogon.dll 5.2.3790.4612
Wnetlogon.dll 5.2.3790.4612Supersede(s):
969429 Windows 7 clients cannot locate the Active Directory Management Gateway service that is installed on Windows Server 2003-based domain controllers
947861 Authentication of trusted users fails on a Windows Server 2003-based server if the UPN format is used and if the value of the LmCompatibilityLevel entry is equal to or larger than 3
942636 Windows Server 2003-based domain controllers may incorrectly return the "NO_SUCH_USER (0xc0000064)" status code in response to logon requests
939252 The domain controller locator cannot find an appropriate domain controller on a computer that is running Windows XP or Windows Server 2003
974803 The domain controller runs slower or stops responding when the garbage collection process runs
https://support.microsoft.com/?id=974803
Update(s):
Ntdsutil.exe 5.2.3790.4650
Wntdsutil.exe 5.2.3790.4650Supersede(s):
951320 The ntdsutil.exe utility in Windows Server 2003 writes out too many links to .ldf files during an authoritative restore process
948925 Event IDs 1173 and 1925 are logged after you perform an authoritative restore on a Windows Server 2003-based domain controller to restore an application partition that was previously deleted
973667 A Windows Server 2003-based domain controller may incorrectly return the "NO_SUCH_USER (0xc0000064)" status code in response to logon requests when the domain controller is shutting down or restarting
https://support.microsoft.com/?id=973667
Update(s):
Ksecdd.sys 5.2.3790.4616
Msv1_0.dll 5.2.3790.4616
Schannel.dll 5.2.3790.4530
Wmsv1_0.dll 5.2.3790.4616
Wschannel.dll 5.2.3790.4530Supersede(s):
933430 Clients cannot make connections if you require client certificates on a Web site or if you use IAS in Windows Server 2003
931310 You receive a warning message that does not correctly describe the password requirements when you set a new password that does not meet the requirements in Windows Server 2003
931309 The Local Security Authority Service (Lsass.exe) process shows extensive memory usage and then stops responding on Windows Server 2003-based domain controllers that are part of a cluster environment
973502 The size of the Ntds.dit file becomes larger on one or more domain controllers that are running Windows Server 2003 or Windows Server 2008 after you enable the credential roaming feature for the domain
https://support.microsoft.com/?id=973502
Update(s):
Dimsroam.dll 5.2.3790.4550
Wdimsroam.dll 5.2.3790.4550
973284 ADAM service runs slowly or stops responding during garbage collection
https://support.microsoft.com/?id=973284
Update(s):
Dsdbutil.exe 1.1.3790.4663
969429 Windows 7 clients cannot locate the Active Directory Management Gateway service that is installed on Windows Server 2003-based domain controllers
https://support.microsoft.com/?id=969429
Update(s):
Netapi32.dll 5.2.3790.4482
Netlogon.dll 5.2.3790.4482
Wnetapi32.dll 5.2.3790.4482
Wnetlogon.dll 5.2.3790.4482
Supersede(s):
939252 The domain controller locator cannot find an appropriate domain controller on a computer that is running Windows XP or Windows Server 2003
962994 Windows Server 2003 SP2-based domain controllers return incorrect error code to Kerberos requests during the shutdown process
https://support.microsoft.com/?id=962994
Update(s):
Kdcsvc.dll 5.2.3790.4478
Supersede(s):
955410 A memory leak occurs every time that you use a smart card to authenticate against a Windows Server 2003-based domain controller
944402 The password of the wrong user account is reset when you use the Active Directory Users and Computers MMC snap-in to reset a password on a Windows Server 2003-based member server
959873 You cannot send Start TLS requests from a computer that is running Windows Server 2003 or Windows XP or Windows Vista to a server that is running OpenLDAP Software
https://support.microsoft.com/?id=959873
Update(s):
Wldap32.dll 5.2.3790.4413
Wwldap32.dll 5.2.3790.4413
959202 The Active Directory Users and Computers snap-in cannot display service principal names (SPNs) that have non-numeric port values when you configure the Delegation properties of a computer account in Windows Server 2003
https://support.microsoft.com/?id=
Update(s):
Adprop.dll 5.2.3790.4403
Dsprop.dll 5.2.3790.4403
Ntdsapi.dll 5.2.3790.4403
W03a3409.dll 5.2.3790.4357
Wadprop.dll 5.2.3790.4403
Wdsprop.dll 5.2.3790.4403
Wntdsapi.dll 5.2.3790.4403
Ww03a3409.dll 5.2.3790.4357
958147 The Member ID field is logged incorrectly in the audit event on a Windows Server 2003 domain controller if you add a user of a different domain to a universal group
https://support.microsoft.com/?id=958147
Update(s):
Samsrv.dll 5.2.3790.4395
Supersede(s):
939820 Events 1925, 1006, 1645, 1055, 40961 on a Windows Server 2008-based domain controller or authentication errors
955610 You cannot connect to an ADAM instance in Windows Server 2003 by using the Secure Sockets Layer 3 protocol together with a certificate that is larger than 1024 bytes
https://support.microsoft.com/?id=955610
Update(s):
Adamdsa.dll 1.1.3790.3192
958876 When you try to update a file that has a newer version on a Windows Server 2003 R2-based DFSR server, the operation fails, the original file is deleted from the replication partners, and event 4412 and event 4502 are logged
https://support.microsoft.com/?id=958876
Update(s):
Dfsr.exe
958246 The logoff process may take a long time when a user makes a terminal session from a Windows Server 2003 terminal server in a trusted domain, and the terminal service roaming profiles are used
https://support.microsoft.com/?id=958246
Update(s):
Userenv.dllSupesede(s):
953663 Group Policy objects are removed from Windows Server 2003-based clients if the WMI filter evaluation fails
958147 The Member ID field is logged incorrectly in the audit event on a Windows Server 2003 domain controller if you add a user of a different domain to a universal group
https://support.microsoft.com/?id=958147
Update(s):
Samsrv
955575 The InitializeSecurityContext function fails with a status of "STATUS_INSUFFICIENT_RESOURCES (0xC000009A)" when the token size of a security principal is greater than 20,000 bytes in Windows Server 2003
https://support.microsoft.com/?id=955575
Update(s):
Lsasrv
955410 A memory leak occurs every time that you use a smart card to authenticate against a Windows Server 2003-based domain controller
https://support.microsoft.com/?id=955410
Update(s):
Kdcsvc.dllSupersede(s):
941761 You cannot log on to a computer in the Windows Server 2003 trusting domain by using a user account in the Windows Server 2003 trusted domain
954968 Subfolder file content on an upstream member does not match subfolder file content on downstream members in a DFSR configuration in Windows Server 2003 R2
https://support.microsoft.com/?id=954968
Update(s):
Quota.sys
953527 An event ID 6002 that references Distributed File System replication is logged several times a day on a Windows Server 2003 R2-based computer
https://support.microsoft.com/?id=953527
Update(s):
Dfsmgmt.dll 5.2.3790.4420
950474 Error message when you run the SharePoint Products and Technologies Configuration Wizard on a Windows Server 2003-based computer: "Application has generated an exception that could not be handled"
https://support.microsoft.com/?id=950474
Update(s):
Crypt32
944043 Description of the Windows Server 2008 read-only domain controller compatibility pack for Windows Server 2003 clients and for Windows XP clients
https://support.microsoft.com/?id=944043
Update(s):
adsldp.dll
adsmsext.dll
dsuiext.dll
gptext.dll
localspl.dll
lsasrv.dll
Mmsv1_0.dll
netlogon.dll
ntdsa.dll
ntdsapi.dlll
policeman.dll
w32time.dll
w32tm.exe
wkssvc.dll
942636 Windows Server 2003-based domain controllers may incorrectly return the "NO_SUCH_USER (0xc0000064)" status code in response to logon requests
https://support.microsoft.com/?id=939268
Update(s):
Msv1_0.dll 5.2.3790.4152
Wmsv1_0.dll 5.2.3790.4152
Netlogon.dll 5.2.3790.4152 (This is updated by a newer KB)
Wnetlogon.dll 5.2.3790.4152 (This is updated by a newer KB)
Supersede(s):
939268 A Windows Server 2003 Service Pack 1 or Service Pack 2-based computer seems to stop responding when the Lsass.exe process consumes lots of memory and uses 100% of the CPU
941084 When you use a WMI script to query the Win32_PerfFormattedData_NTDS_NTDS class on a Windows Server 2003-based domain controller, the script returns a 0x80041010 error
https://support.microsoft.com/?id=941084
Update(s):
Ntdsa.dll (This is updated by a newer KB)
Ntdsperf.dll
940925 A Windows Server 2003-based domain controller restarts unexpectedly after you install hotfix 918442 or Windows Server 2003 Service Pack
https://support.microsoft.com/?id=940925
Update(s):
Kerberos.dll 5.2.3790.4160
Wkerberos.dll 5.2.3790.4160
940527 A WMI query that uses the GroupComponent property does not return information about domain local groups in a native Windows Server 2003 domain
that has Identity Management for UNIX installed
https://support.microsoft.com/?id=940527
Update(s):
Cimwin32.dll 5.2.3790.4130
Supersede(s):
933593 The Wmiprvse.exe process stops responding on a domain controller that is running Windows Server 2003
939667 On a Windows Server 2003-based domain controller, the "Authentications in Error" performance counter of the FileReplicaSet performance object and of the FileReplicaConn performance object display incorrect values
https://support.microsoft.com/?id=939667
Update(s):
Ntfrs.exe 5.2.3790.4107
Wntfrs.exe 5.2.3790.4107
938656 You receive an error message and the computer automatically restarts when you change the password of a user account on a Windows Server 2003 R2-based domain controller that has Identity Management for UNIX installed
https://support.microsoft.com/?id=938656
Update(s):
Pswdsync.dll 9.0.3790.4106
933071 The "Effective Permissions" tab may report incorrect permissions in Windows Server 2003
https://support.microsoft.com/?id=933071
Update(s):
Authz.dll 5.2.3790.4383
Wauthz.dll 5.2.3790.4383
930850 Error message when you install Active Directory in Windows Server 2003: "Active Directory could not replicate the directory partition"
https://support.microsoft.com/?id=930850
Update(s):
Rpcrt4.dll 5.2.3790.4004
928576 Netlogon performance counters for Windows Server 2003
https://support.microsoft.com/?id=928576
Update(s):
Netapi32.dll 5.2.3790.4106
Netlogon.dll 5.2.3790.4106
Nlctrs.h
Nlperf.dll 5.2.3790.4106
Nlperf.ini
Nlctrs.h
Nlperf.dll 5.2.3790.4106
Nlperf.ini
Nlctrs.h
Nlperf.dll 5.2.3790.4106
Nlperf.ini
Wnetapi32.dll 5.2.3790.4106
Wnetlogon.dll 5.2.3790.4106
Wnlperf.dll 5.2.3790.4106
925066 In a domain environment, Windows Explorer may stop responding on a client computer that is running Windows XP or Windows Server 2003, and CPU usage is very high on the primary domain controller
https://support.microsoft.com/?id=925066
Update(s):
Twext.dll 6.0.3790.4127
Wtwext.dll 6.0.3790.4127
Related:
List of Domain Controllers (DC’s) related hotfixes post SP1 for Windows Server 2008 R2 SP1