0X8009033F

SEC_E_SHUTDOWN_IN_PROGRESS (0x8009033F) Fix That Works

Cybersecurity & Malware Intermediate 👁 0 views 📅 May 26, 2026

This error pops up when Windows or an app thinks the system is shutting down mid-Kerberos or NTLM auth. The fix is almost always a misconfigured LSA or a stuck shutdown process.

Yeah, this error is annoying. You're trying to authenticate — RDP, file share, domain join — and instead you get SEC_E_SHUTDOWN_IN_PROGRESS (0x8009033F). The system isn't actually shutting down, but something tells Windows it is. Let's kill that lie.

Quick Fix — Kill the Stuck Shutdown

The culprit here is almost always a shutdown that never completed. Open an admin command prompt and run:

shutdown /a

That aborts any pending shutdown. If you get "No shutdown in progress", move on. But if it aborts one, you're done. Test auth again.

The Real Fix — LSA Registry Tweak

If the quick fix didn't work, the LSA (Local Security Authority) subsystem has a stale shutdown flag. I've fixed this on maybe 30 machines. Here's the registry path:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

Create a new DWORD (32-bit) named LsaShutdownInProgress. Set its value to 0.

If it already exists and is 1, change it to 0. Reboot the machine. That clears the kernel flag that's telling the network stack "we're shutting down, stop auth".

Why This Works

The error originates in the Security Support Provider Interface (SSPI). When the LSA subsystem believes the system is shutting down, it signals all security providers — Kerberos, NTLM, Schannel — to stop accepting new requests. The registry key LsaShutdownInProgress is the flag the kernel looks at. Setting it to 0 tells LSA "nope, we're alive".

Don't bother with SFC or DISM here. They rarely help. This is a state issue, not a corruption issue.

Less Common Variations

1. Corrupted Kerberos Ticket Cache

Sometimes the error shows only during domain login or when accessing a network resource. Run:

klist purge

Then gpupdate /force to reauth. This clears stale tickets that confuse the auth chain.

2. RPC Service Hung

If the error comes with RPC_S_SERVER_UNAVAILABLE, restart the RPC service:

net stop rpcss && net start rpcss

Then restart the Kdc (Kerberos Key Distribution Center) service if it's a DC.

3. Group Policy Lockdown

Some GPOs force shutdown behavior. Check this key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Shutdown

If you see ShutdownWithoutLogon set to 1, flip it to 0. That removes a false shutdown signal.

4. Third-Party Security Software

I've seen McAfee and Symantec endpoint protection inject shutdown flags during updates. Temporarily disable the service, test auth, then re-enable. If that fixes it, update the AV or create an exclusion for the LSA registry key.

Prevention

  • Always let shutdowns complete. Force power-offs leave the LSA flag set. If you have to force shutdown, run shutdown /a before booting next time.
  • Review event logs. Look for Event ID 6008 (unexpected shutdown) in System log. Those correlate with this error.
  • Keep Windows updated. KB5008212 and later patches for Server 2022 fixed a race condition that triggered this during Kerberos auth.
  • Monitor third-party tools. Backup software, VPN clients, and AV that call InitiateShutdown can leave the flag hanging. Check their logs.
Bottom line: 0x8009033F is almost never a real shutdown. It's a stuck flag. The LSA registry fix kills it dead. Skip the hours of debugging — go straight to the key.

Was this solution helpful?

SEC_E_SHUTDOWN_IN_PROGRESS 0x8009033F Kerberos authentication error NTLM shutdown error Windows authentication failure LSA crash fix system shutdown stuck RPC authentication error domain join issue Windows Server 2022 authentication Windows 10 Kerberos error fix 0x8009033F registry fix LSA shutdown status check