SSPI and InitializeSecurityContextW problems on Server 2003

I have problems with KernelMode call of the InitializeSecurityContextW().
The whole authentication mechanism works just fine on W2K and XP, but on
2003 Server it fails on fist Client side
call of the InitializeSecurityContextW.
Anyway, I found very strange behaviour of the call:

If call the function from system context, the function succeeds, but the
output token buffer is invalid (full zeroed and the next call on the Server
side with this buffer fails).
If call from logged on user context, the function fails with ntStatus =
0xC0000005 ( ACCESS_VIOLATION ).

Any ideas where is the problem?

Kristian

/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // // After the previous AcquireCredentialsHandleW() I have obtained theCredentialHandle // // // Prepare the buffers // OutBuffDesc.ulVersion = 0; OutBuffDesc.cBuffers = 1; OutBuffDesc.pBuffers = &OutSecBuff; OutSecBuff.cbBuffer = *pcbOut; OutSecBuff.BufferType = SECBUFFER_TOKEN; OutSecBuff.pvBuffer = pOut; ss = InitializeSecurityContextW( &CredentialHandle, NULL, NULL, ISC_REQ_CONFIDENTIALITY, 0, SECURITY_NATIVE_DREP, NULL, 0, &SecurityContextHandle, &OutBuffDesc, &ContextAttributes, &Lifetime); if( !SEC_SUCCESS(ss) ) { return ss; }

The problem was in the output buffer allocation of the
InitializeSecurityContext().

If I allocate it from the virtual memory under Server 2003 the function
fails with 0xC0000005.
If the buffer has benn allocated from NonPagedPool everything is ok.

MSDN
“…Kernel mode callers have the following differences: the target name is a
Unicode string and must be allocated in virtual memory using VirtualAlloc,
not from the pool. Buffers passed and supplied in pInput and pOutput must be
in virtual memory, not in the pool…”

Kristian