Helix failure EPT_S_NOT_REGISTERED

[amcasey]

We've been seeing a lot of Helix runs fail with a number of messages related to EPT_S_NOT_REGISTERED:

System.ComponentModel.Win32Exception : The Local Security Authority cannot be contacted

System.Security.Cryptography.CryptographicException : There are no more endpoints available from the endpoint mapper.

The failures only occur on Windows and inconsistently affect subsets of the IIS, HTTPS, Data Protection, and Certificate tests.

AFAICT, EPT_S_NOT_REGISTERED indicates that lsass.exe is not available.

Known Issue Error Message

Fill the error message using step by step known issues guidance.

{
  "ErrorMessage": "",
  "ErrorPattern": "(Local Security Authority cannot be contacted)|(no more endpoints available)",
  "BuildRetry": false,
  "ExcludeConsoleLog": false
}

Known issue validation

Build: 🔎 https://dev.azure.com/dnceng-public/public/_build/results?buildId=778691
Error message validated: [(Local Security Authority cannot be contacted)|(no more endpoints available)]
Result validation: ✅ Known issue matched with the provided build.
Validation performed at: 8/19/2024 8:44:57 PM UTC

Report

Build	Definition	Test	Pull Request
2571475	dotnet-aspnetcore	IIS.ShadowCopy.Tests--net10.0.WorkItemExecution
854997	dotnet/aspnetcore	IIS.ShadowCopy.Tests--net10.0.WorkItemExecution
2567252	dotnet-aspnetcore	Microsoft.AspNetCore.Server.Kestrel.Sockets.FunctionalTests.Http2.ShutdownTests.GracefulTurnsAbortiveIfRequestsDoNotFinish	#44156
2567145	dotnet-aspnetcore	Microsoft.AspNetCore.Authentication.Certificate.Test.ClientCertificateAuthenticationTests.VerifyValidSelfSignedWithNoEkuAuthenticates	#44156
849273	dotnet/aspnetcore	IIS.LongTests--net9.0.WorkItemExecution
849119	dotnet/aspnetcore	Interop.FunctionalTests.H2SpecTests.RunIndividualTestCase	#58548
2564357	dotnet-aspnetcore	IIS.Tests--net10.0.WorkItemExecution
847599	dotnet/aspnetcore	IIS.NewShim.FunctionalTests--net8.0.WorkItemExecution
847480	dotnet/aspnetcore	Microsoft.AspNetCore.Server.Kestrel.Core.Tests.SniOptionsSelectorTests.FallsBackToHttpsConnectionAdapterCertificate	#58466
847326	dotnet/aspnetcore	IIS.NewShim.FunctionalTests--net10.0.WorkItemExecution
845573	dotnet/aspnetcore	Microsoft.AspNetCore.Server.HttpSys.FunctionalTests--net8.0.WorkItemExecution	#58477
845506	dotnet/aspnetcore	IIS.LongTests--net9.0.WorkItemExecution
845602	dotnet/aspnetcore	Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandlerFunctionalTests.RequestAfterAuth_ReauthenticatesWhenNotPersisted
845219	dotnet/aspnetcore	IIS.LongTests--net10.0.WorkItemExecution	#58472
845257	dotnet/aspnetcore	Microsoft.AspNetCore.DataProtection.DataProtectionProviderTests.System_UsesProvidedDirectoryAndCertificate	#58473
844962	dotnet/aspnetcore	IIS.FunctionalTests--net9.0.WorkItemExecution	#58462
845081	dotnet/aspnetcore	Microsoft.AspNetCore.Server.Kestrel.Sockets.FunctionalTests.Http2.HandshakeTests.TlsAlpnHandshakeSelectsHttp2From1and2	#58464
844955	dotnet/aspnetcore	IIS.FunctionalTests--net9.0.WorkItemExecution
843829	dotnet/aspnetcore	Microsoft.AspNetCore.Server.Kestrel.Sockets.FunctionalTests.Http2.ShutdownTests.GracefulTurnsAbortiveIfRequestsDoNotFinish	#58425
842267	dotnet/aspnetcore	Microsoft.AspNetCore.Server.Kestrel.InMemory.FunctionalTests.HttpsConnectionMiddlewareTests.CanReadAndWriteWithHttpsConnectionMiddleware	#58428
841975	dotnet/aspnetcore	Templates.Mvc.Test.BlazorTemplateTest.BlazorWebTemplate_IndividualAuth
841997	dotnet/aspnetcore	Microsoft.AspNetCore.HttpOverrides.CertificateForwardingTests.VerifyHeaderIsUsedIfNoCertificateAlreadySet	#58420

Summary

24-Hour Hit Count	7-Day Hit Count	1-Month Count
0	0	22

[amcasey]

Possibly relevant: GSA/piv-guides#102 (comment) (via @adityamandaleeka)

[lewing]

Sdk was is seeing validation errors in windows hosts dotnet/sdk#42870

[lewing]

did this start with the new helix rollout last week?

[javiercn]

Merged #57431 that hopefully avoids some of the template test problems.

[radical]

This is the same problem as dotnet/dnceng#3844 AFAICT.