AcceptSecurityContext() failed with SEC_E_INTERNAL_ERROR 0x80090304 error.

VijayBK 1 Reputation point
2022-10-27T05:07:51.847+00:00

I have two applications

  1. (Client) - Command line utility which takes input like local windows username, password from user to authenticate.
  2. (Server) - Windows service which creates security context with above command line utility (Server) windows service runs under local service user context and process token ownership has been updated to Service SID instead of local service user SID.

To establish security context client and server are using "Negotiate" SSP package which internally uses "Kerberos" or "NTLM".

Below is the overall flow between client and server.

  1. Client accepts username, password from command line input. It acquire credentials using AcquireCredentialsHandle().
  2. Client calls InitializeSecurityContextW() function to start creating/establish security context. Handle acquired in 1st step is passed to this function.
  3. On server side (service) calls AcceptSecurityContext () and returns SEC_I_CONTINUE_NEEDED -0x00090312
  4. Client again calls InitializeSecurityContextW() 5. On server side (service) it calls AcceptSecurityContext() second time and here it fails and returns SEC_E_INTERNAL_ERROR 0x80090304.

This error code does not match with any sspi error code.

This is generally function failure.

NOTE: When process token ownership is local service user SID then this function successfully returns and does not fail but when we change process token ownership to service SID then it starts to fail in second iteration.

additional Information: Both server and client running on same machine. I saw audit event which is logon failure which has following details: -

  • <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  • <System> <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" /> <EventID>4625</EventID> <Version>0</Version> <Level>0</Level> <Task>12544</Task> <Opcode>0</Opcode> <Keywords>0x8010000000000000</Keywords> <TimeCreated SystemTime="2022-10-26T12:08:20.791949200Z" /> <EventRecordID>6549320</EventRecordID> <Correlation ActivityID="{8be63969-e908-0000-f739-e68b08e9d801}" /> <Execution ProcessID="136" ThreadID="10076" /> <Channel>Security</Channel> <Computer>Avng17</Computer> <Security /> </System>
  • <EventData> <Data Name="SubjectUserSid">S-1-0-0</Data> <Data Name="SubjectUserName">-</Data> <Data Name="SubjectDomainName">-</Data> <Data Name="SubjectLogonId">0x0</Data> <Data Name="TargetUserSid">S-1-0-0</Data> <Data Name="TargetUserName">administrator</Data> <Data Name="TargetDomainName">avng17</Data> <Data Name="Status">0xc000005a</Data> <Data Name="FailureReason">%%2304</Data> <Data Name="SubStatus">0x0</Data> <Data Name="LogonType">3</Data> <Data Name="LogonProcessName">NtLmSsp</Data> <Data Name="AuthenticationPackageName">NTLM</Data> <Data Name="WorkstationName">AVNG17</Data> <Data Name="TransmittedServices">-</Data> <Data Name="LmPackageName">-</Data> <Data Name="KeyLength">0</Data> <Data Name="ProcessId">0x0</Data> <Data Name="ProcessName">-</Data> <Data Name="IpAddress">-</Data> <Data Name="IpPort">-</Data> </EventData> </Event>
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,732 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Wesley Li-MSFT 4,381 Reputation points Microsoft Vendor
    2022-10-28T08:25:08.723+00:00

    Hi

    When you encounter the 0x80090304 error when installing or running an application, it means that the local security authority could not be contacted.

    First of all, you need to confirm whether the application is Microsoft's own. It seems that the application must be requested as the user.

    Usually, this error message points to network congestion preventing secure connections to the server, but this problem can also occur if the server is configured to use TLS for secure connections, and the client attempting the RDP connection does not support TLS.

    Since the client and server are using the "negotiated" way to secure the connection, this method uses TLS1.0 to authenticate the server if TLS is supported, and will not authenticate the server if TLS is not supported.

    To resolve the issue, change the remote desktop security on the RD server to RDP Security Layer to allow a secure connection using Remote Desktop Protocol encryption. Below are the steps:

    1.Navigate to Start > Administrative Tools > Remote Desktop Services > Remote Desktop Session Host Configuration.
    2.With RD Session Host Configuration selected view under Connections.
    3.Right-click RDP Listener with connection type Microsoft RDP 6.1 and choose Properties.
    4.In general tab of properties dialog box under Security, select RDP Security Layer as the Security Layer.
    5.Select OK.

    Best Regards,
    Wesley Li

  2. Wesley Li-MSFT 4,381 Reputation points Microsoft Vendor
    2022-11-08T03:34:01.24+00:00

    Hello

    Do you have any other questions?

    If the above reply is helpful to you, please mark it as answer.

    Thanks