Domain controller crashes on password reset when multiple 'Create New User' workflows are executed at the same timeIssue Domain controller crashes on the password reset when multiple 'ACTIV Create New User' workflows are executed at the same time Steps to reproduce: Multiple members in the organisation submit 'Create New User' workflows to approvalRespective Manager approves the workflows, often multiple at a timeServiceNow 'Create New User' workflow kicks off and attempts to execute PowerShell scripts via the MID Servers to create users, set a password etcWhen the domain controller is requested to set the password on multiple users at a time it causes the lsass.exe process to crashDomain Controller is forced to restart as lsass.exe is a critical Windows process The below relevant lines from the log file, please note that the lsass.exe process crashed exactly 2 seconds after the ResetADUserPasswordUnlock.ps1 was executed twice.6/09/19 21:26:14 (609) ECCSender.1 Sending ecc_queue.60d2a133dbf1b7402f2b60d4449619e1.xml06/09/19 21:26:14 (749) ECCSender.1 Sending ecc_queue.24d2a133dbf1b7402f2b60d4449619e7.xml06/09/19 21:26:19 (797) Worker-Expedited:PowershellProbe-0fd2a133dbf1b7402f2b60d4449619a4 Worker starting: Powershell source: XXXXX06/09/19 21:26:19 (797) Worker-Expedited:PowershellProbe-0fd2a133dbf1b7402f2b60d4449619a4 DEBUG: Executing command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -executionpolicy unrestricted -noninteractive -nologo -noprofile -command "& {& 'scripts\PowerShell\PSScript.ps1' -computer 'XXXXXXX' -script 'C:\ServiceNow\xxxxx\agent\scripts\PowerShell\AD\ResetADUserPasswordUnlock.ps1' 'unlock' $true 'forceChange' $false 'use_mid_service_account' $false -useCred $true -ismid $false -isDiscovery $false -debug $true -logInfo $false -skipTest $false -executeRemote $false; exit $LASTEXITCODE}"06/09/19 21:26:19 (797) Worker-Expedited:PowershellProbe-0fd2a133dbf1b7402f2b60d4449619a4 DEBUG: With credential named : XXXXXX06/09/19 21:26:19 (797) Worker-Expedited:PowershellProbe-87d2e133dbf1b7402f2b60d44496198e Worker starting: Powershell source: XXXXX06/09/19 21:26:19 (797) Worker-Expedited:PowershellProbe-87d2e133dbf1b7402f2b60d44496198e DEBUG: Executing command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -executionpolicy unrestricted -noninteractive -nologo -noprofile -command "& {& 'scripts\PowerShell\PSScript.ps1' -computer 'SRVDC04' -script 'C:\ServiceNow\xxxxx\agent\scripts\PowerShell\AD\ResetADUserPasswordUnlock.ps1' 'unlock' $true 'forceChange' $false 'use_mid_service_account' $false -useCred $true -ismid $false -isDiscovery $false -debug $true -logInfo $false -skipTest $false -executeRemote $false; exit $LASTEXITCODE}"06/09/19 21:26:19 (797) Worker-Expedited:PowershellProbe-87d2e133dbf1b7402f2b60d44496198e DEBUG: With credential named : XXXXXXX06/09/19 21:26:19 (797) Worker-Expedited:PowershellProbe-0fd2a133dbf1b7402f2b60d4449619a4 DEBUG: Thread name is Powershell is executing...06/09/19 21:26:19 (797) Worker-Expedited:PowershellProbe-87d2e133dbf1b7402f2b60d44496198e DEBUG: Thread name is Powershell is executing...06/09/19 21:26:20 (531) Gobbling stdout: Powershell is executing... Gobbled: <powershell>06/09/19 21:26:20 (531) Gobbling stdout: Powershell is executing... Gobbled: <output>06/09/19 21:26:20 (531) Gobbling stdout: Powershell is executing... Gobbled: <powershell>06/09/19 21:26:20 (531) Gobbling stdout: Powershell is executing... Gobbled: <output>06/09/19 21:26:20 (953) Gobbling stdout: Powershell is executing... Gobbled: </output>06/09/19 21:26:20 (953) Gobbling stdout: Powershell is executing... Gobbled: </powershell>06/09/19 21:26:20 (969) Worker-Expedited:PowershellProbe-0fd2a133dbf1b7402f2b60d4449619a4 DEBUG: The exit value from waitFor() is 006/09/19 21:26:23 (032) Worker-Expedited:PowershellProbe-0fd2a133dbf1b7402f2b60d4449619a4 DEBUG: Execution status: success06/09/19 21:26:23 (032) Worker-Expedited:PowershellProbe-0fd2a133dbf1b7402f2b60d4449619a4 DEBUG: Username XXXXXXX worked!06/09/19 21:26:23 (328) Worker-Expedited:PowershellProbe-0fd2a133dbf1b7402f2b60d4449619a4 DEBUG: Successfully executed ResetADUserPasswordUnlock.ps106/09/19 21:26:23 (328) Worker-Expedited:PowershellProbe-0fd2a133dbf1b7402f2b60d4449619a4 Enqueuing: C:\ServiceNow\xxxxxx\agent\work\monitors\ECCSender\output_1\ecc_queue.0fd2a133dbf1b7402f2b60d4449619a4.xml06/09/19 21:26:23 (328) Worker-Expedited:PowershellProbe-0fd2a133dbf1b7402f2b60d4449619a4 Worker completed: Powershell source: XXXXXX time: 0:00:03.53106/09/19 21:26:23 (672) ECCSender.1 Sending ecc_queue.0fd2a133dbf1b7402f2b60d4449619a4.xml06/09/19 21:26:29 (767) Worker-Expedited:PowershellProbe-ede22533dbf1b7402f2b60d44496191e Worker starting: Powershell source: XXXXXXX06/09/19 21:26:29 (767) Worker-Expedited:PowershellProbe-ede22533dbf1b7402f2b60d44496191e DEBUG: Executing command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -executionpolicy unrestricted -noninteractive -nologo -noprofile -command "& {& 'scripts\PowerShell\PSScript.ps1' -computer 'xxxxxx' -script 'C:\ServiceNow\xxxxxx\agent\scripts\PowerShell\AD\EnableADUserAccount.ps1' 'use_mid_service_account' $false -useCred $true -ismid $false -isDiscovery $false -debug $true -logInfo $false -skipTest $false -executeRemote $false; exit $LASTEXITCODE}"06/09/19 21:26:29 (767) Worker-Expedited:PowershellProbe-ede22533dbf1b7402f2b60d44496191e DEBUG: With credential named : XXXXXXX06/09/19 21:26:29 (767) Worker-Expedited:PowershellProbe-ede22533dbf1b7402f2b60d44496191e DEBUG: Thread name is Powershell is executing...06/09/19 21:26:42 (909) Gobbling stderr: Powershell is executing... Gobbled: The server is not operational. (Exception from HRESULT: 0x8007203A)06/09/19 21:26:42 (909) Gobbling stderr: Powershell is executing... Gobbled: HRESULT: [-2147016646]06/09/19 21:26:42 (909) Gobbling stderr: Powershell is executing... Gobbled:06/09/19 21:26:42 (909) Gobbling stderr: Powershell is executing... Gobbled: Stack Trace:06/09/19 21:26:42 (909) Gobbling stdout: Powershell is executing... Gobbled: </output>06/09/19 21:26:42 (924) Gobbling stdout: Powershell is executing... Gobbled: <hresult>-2147016646</hresult>06/09/19 21:26:42 (924) Gobbling stdout: Powershell is executing... Gobbled: </powershell>06/09/19 21:26:42 (940) Worker-Expedited:PowershellProbe-87d2e133dbf1b7402f2b60d44496198e DEBUG: The exit value from waitFor() is 406/09/19 21:26:45 (018) Worker-Expedited:PowershellProbe-87d2e133dbf1b7402f2b60d44496198e DEBUG: Execution status: failed06/09/19 21:26:45 (018) Worker-Expedited:PowershellProbe-87d2e133dbf1b7402f2b60d44496198e SEVERE *** ERROR *** The server is not operational. (Exception from HRESULT: 0x8007203A)HRESULT: [-2147016646]Stack Trace:06/09/19 21:26:45 (315) Worker-Expedited:PowershellProbe-87d2e133dbf1b7402f2b60d44496198e SEVERE *** ERROR *** Failed while executing ResetADUserPasswordUnlock.ps1 CauseThis issue is to be triggering due to "nFront" SecurityResolutionBased on the error in the initial screenshot, we could see the Faulting module name: "ppro-eng.dll" which is from nFront Security. Therefore need to be working further with Microsoft and nFront Security to resolve the issue.Related LinksPOLICIES THAT CANNOT BE BYPASSED : nFront Password Filter is not some set of Java rules on a website that are easily bypassed. nFront Password Filter is integrated into the operating system and runs like a thread under the local security authority (the lsass.ese process). The polices you create cannot be bypassed with an alternative password change mechanism. https://nfrontsecurity.com/support/kb/kb.php?kbID=30 https://nfrontsecurity.com/products/nfront-password-filter/