question

jaltmann-3698 avatar image
0 Votes"
jaltmann-3698 asked ScottRamirez-9041 commented

Windows 10 build 2004 issues with dnsapi.dll

Hello,

We have an issue (possibly specific to a GPO in our environment) that causes issues with the dnsapi.dll library in build 2004. The behavior that happens after a domain join computer is freshly imaged with 2004 or is updated from a previous version is that if there is any network connectivity, lsass.exe will spike all cores to 100% CPU usage while trying to call dnsapi.dll and it will use multiple threads to attempt to execute. I was able to determine this using Process Explorer for sysinternals. This is platform independent and happens on both our Dell's and Lenovo's. If any network device is connected, this will result in a forever spinning login screen. If the network devices are disabled and the user profile is logged into, then a network device (wifi/ethernet) is connected, services with privilege escalations will fail due to the high CPU usage. If network devices are then disconnected, then after a few minutes cores free up CPU.

As a partial fix, I have replaced both 32 and 64 bit dnsapi.dll's with a version from Windows 10 build 1903 and the issue with lsass goes away and I'm able to log in and have no issues with high CPU usage or privilege escalations. The side affect of an older dnsapi.dll is that I'm unable to browse network shares and receive the following error in event viewer: "The DNS Client service terminated with the following error: The specified procedure could not be found".

The unfortunate thing is I'm unable to get a Microsoft resource because our org is under 500 people and our licensing partner can not even get a resource assigned to investigate the issue. If we are having this issue in our environment, I'm sure others are running into this as well.

CU KB 4565503 from the July 13 update does not fix the issue.

windows-10-generalwindows-dhcp-dns
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

If possible, could you please share us the detailed GPO configuration? I would like to test in my lab and check if I occur the same issue.

0 Votes 0 ·
jaltmann-3698 avatar image
0 Votes"
jaltmann-3698 answered jaltmann-3698 commented

I'm opening a ticket with MS since this issue hasn't been fixed since I opened this thread, hopefully it goes somewhere.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Good luck with that. We tried that early on when this package was first released and Microsoft had no clue. They pointed to a DNS issue with the wireless adapter and suggested we apply a static DNS entry. But the issue is much deeper than that.

0 Votes 0 ·

I'm going on month 2 of attempting to get this resolved through premier support. The latest is that they said it's a known issue and there is no workaround other than to use a build from 1909 or prior to. I'm hoping they moved this to their development team to resolve and am asking for status updates on the ticket opened with them. I haven't been involved in any debugging or troubleshooting beyond the basics, so we'll see if they're able to reproduce and if it's goes anywhere. They have until May 10, 2022 when 1909 goes end of support...

0 Votes 0 ·