OSS_MUTEX_NOT_CREATED (0X8009302D) – ASN Mutex Lock Failure
Happens when OSS ASN fails to create a mutex during ASN.1 encoding. Usually due to permissions or stale handles. Fix is clean boot or registry tweak.
When this error hits
You'll see OSS_MUTEX_NOT_CREATED (0X8009302D) when an application using the OSS ASN.1 stack tries to encode or decode data, but the underlying mutex that controls thread safety fails to initialize. This typically happens on Windows Server 2016/2019 or Windows 10/11 systems running apps like Microsoft Dynamics CRM, Exchange Server, or custom tools built with the OSS Nokalva ASN.1 library. The error pops up during file parsing, LDAP operations, or certificate chain processing. The exact trigger is often a system restart after a patch, or a resource exhaustion event that left orphaned mutex handles.
Root cause
The OSS ASN.1 runtime uses named mutexes to synchronize access to shared encoding buffers. The problem is that the mutex name is predictable, and if another process created it with different security attributes—or if the handle wasn't cleaned up after a crash—the new call can't open or create it. What's actually happening here is the CreateMutex call returns ERROR_ALREADY_EXISTS, but the caller doesn't handle that gracefully. Or the process doesn't have MUTEX_MODIFY_STATE permission because the mutex was originally created under a different user context (like SYSTEM vs. NETWORK SERVICE).
Another less common cause: the Windows kernel object namespace is full. Each user session has a limit on kernel objects. If a leaky driver or service left thousands of stale mutexes, the new one can't be created.
The fix
Step 1 – Clean boot to isolate the offender
- Run
msconfigand select Selective startup, uncheck Load startup items. - Go to the Services tab, check Hide all Microsoft services, then click Disable all.
- Reboot and reproduce the error. If it's gone, you've got a third-party service holding the mutex.
This is the fastest way to confirm the mutex collision. I've seen McAfee, Carbon Black, and even old SQL Server agents cause it.
Step 2 – Reset the mutex namespace (Windows 10/11 only)
Skip this for servers unless you're sure. Run as admin:
net stop OSSASN1 /y 2>nul
sc delete OSSASN1 2>nul
del /f /q "\\.\GLOBALROOT\Device\NamedPipe\OSSMutex" 2>nul
Then reboot. This forces the OSS runtime to recreate its mutex fresh. The reason step 3 works is that Windows doesn't clean up named mutexes when a process crashes — they remain in the global namespace until the last handle is closed. Deleting the pipe forces that closure.
Step 3 – Registry permission fix (for exchange/certificate scenarios)
If the app runs under a service account, the mutex might be created in a different session. Open regedit and go to:
HKEY_LOCAL_MACHINE\SOFTWARE\OSS\ASN1\Runtime\MutexRight-click, Permissions, add NETWORK SERVICE with Full Control. Apply and restart the service. This is a common one for IIS AppPool identities.
Step 4 – Check kernel object count
Open Performance Monitor (perfmon.msc), add counter Objects > Mutexes. If it's over 50,000, you've got a leak. Run !handle -t Mutant in WinDbg to find the culprit. Then either restart that service or reboot.
If it still fails
Check the Application event log for OSSASN1 source entries — they often log the exact mutex name. Then use Process Explorer (Ctrl+F) to search for that name. If it's owned by System or a dead PID, reboot the machine. If you're on a domain controller, run repadmin /syncall first to avoid AD replication issues. Still stuck? You can work around the mutex entirely by setting OSS_THREAD_SAFE=0 in the app's environment variables, but that disables multi-threaded encoding — only do this for debugging.
Was this solution helpful?