Sure. I will post this question to the forum you have provided.
AcceptSecurityContext() failed with SEC_E_INTERNAL_ERROR 0x80090304 error.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
I have two applications
- (Client) - Command line utility which takes input like local windows username, password from user to authenticate.
- (Server) - Windows service which creates security context with above command line utility
(Server) windows service runs under local service user context and process token ownership has been updated to Service SID instead of local service user SID.
To establish security context client and server using "Negotiate" SSP package which internally uses "Kerberos" or "NTLM".
Below is the overall flow between client and server.
- Client accepts username, password from command line input. It acquire credentials using AcquireCredentialsHandle().
- Client calls InitializeSecurityContextW() function to start creating/establish security context. Handle acquired in 1st step is passed to this function.
- On server side (service) calls AcceptSecurityContext () and returns SEC_I_CONTINUE_NEEDED -0x00090312
- Client again calls InitializeSecurityContextW() 5. On server side (service) it calls AcceptSecurityContext() second time and here it fails and returns SEC_E_INTERNAL_ERROR 0x80090304.
This error code does not match with any sspi error code.
This is generally function failure.
additional Information: Both server and client running on same machine. I saw audit event which is logon failure which has following details: -
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>4625</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12544</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2022-10-26T12:08:20.791949200Z" />
<EventRecordID>6549320</EventRecordID>
<Correlation ActivityID="{8be63969-e908-0000-f739-e68b08e9d801}" />
<Execution ProcessID="136" ThreadID="10076" />
<Channel>Security</Channel>
<Computer>Avng17</Computer>
<Security />
</System>
- <EventData>
<Data Name="SubjectUserSid">S-1-0-0</Data>
<Data Name="SubjectUserName">-</Data>
<Data Name="SubjectDomainName">-</Data>
<Data Name="SubjectLogonId">0x0</Data>
<Data Name="TargetUserSid">S-1-0-0</Data>
<Data Name="TargetUserName">administrator</Data>
<Data Name="TargetDomainName">avng17</Data>
<Data Name="Status">0xc000005a</Data>
<Data Name="FailureReason">%%2304</Data>
<Data Name="SubStatus">0x0</Data>
<Data Name="LogonType">3</Data>
<Data Name="LogonProcessName">NtLmSsp</Data>
<Data Name="AuthenticationPackageName">NTLM</Data>
<Data Name="WorkstationName">AVNG17</Data>
<Data Name="TransmittedServices">-</Data>
<Data Name="LmPackageName">-</Data>
<Data Name="KeyLength">0</Data>
<Data Name="ProcessId">0x0</Data>
<Data Name="ProcessName">-</Data>
<Data Name="IpAddress">-</Data>
<Data Name="IpPort">-</Data>
</EventData>
</Event>
Windows for home | Windows 10 | Security and privacy
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
2 answers
Sort by: Most helpful
-
Anonymous
2022-10-27T05:05:15+00:00 -
DaveM121 891.1K Reputation points Independent Advisor2022-10-26T17:44:23+00:00 Hi VijayBK,
I am Dave, I will help you with this.
I apologize, Community is just a consumer forum, due to the scope of your question can you please post this question to our sister forum on Microsoft Q&A (The Developers Forum)
Over there you will have access to a host of Developers and IT Pro Experts experts and will get a knowledgeable and quick answer to this question.