Hello,

We have a Visual Basic application which runs on three Windows 2000 sp4
servers
that perform an Server https(ssl) post to ColdFusion MX servers through a
firewall.
The ColdFusion servers are win2003 running IIS 6.0.  This process has been
running fine for the past 3 month.  Up until a couple of weeks ago we have
been hit with the following error with the lsasrv.dll (error 5000):

"The security package Microsoft Unified Security Protocol Provider generated
an exception.  The package is now disabled. The exception information is the
data."

Our posting application reports an 500 (internal server error) and also
returns the
reponse data which is an html ColdFusion error that our ColdFusion folk are
currently reviewing.


At this point any SSL traffic is dead and the only recourse is to reboot the
box.
We have recently applied the MS04-011 and rebooted but with no success.

My question are many but here are a few.

Could  ColdFusion be causing a buffer overrun in lsasrv.dll ?
What can we do to mitigate this problem ?
Is it possible to startup lsasrv without rebooting the server ?

thanks
Chris.

[ Post a follow-up to this message ]