Solved

LSASS.EXE 0xc00000f Windows 2000 server.  Critical server!!!!

Posted on 2004-09-15
11
694 Views
Last Modified: 2010-05-18
Hi,

Our dc decided to crash and upon boot we get the following error:

lsass.exe system error.  Directory services could not start due to the following error:  system cannot find file specified.  error status 0xc00000f.....

When we reboot to directory services mode we can see the lsass.exe file in the system folder and also the ntds.dit file in d:\ad\dbase\

I have read that this issue is due to a corrupt ad so I booted our other dc into ds mode and copied the ntds.dit file to the corrupt server.  However upon reboot I get the same error.  (I renamed the existing ntds.dit file ntds.old).

Has anyone any suggestion as to what I can try next??  The server is our exchange server so its pretty critical.

Many thnaks

G
0
Comment
Question by:GlenmoranUK
  • 6
  • 3
11 Comments
 
LVL 15

Expert Comment

by:mattisflones
ID: 12066884
Might be that a sasser worm infected your system.. Get the cure here: http://search.symantec.com/custom/us/query.html
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 12066903
0
 
LVL 1

Author Comment

by:GlenmoranUK
ID: 12067535
I am quite certain it was not a virus as it happened whilst we were stopping the internet information store.

The server is also protected with sophos which updates every 2 hours.

But I will check...

G
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 15

Expert Comment

by:mattisflones
ID: 12067574
Not a virus.. A worm! And any AV can experience a glitch..

If the LSASS.EXE itself is corrupted i guess you could fix it with a "SFC /SCANNOW" But thats quite a big job on a DC with Exchange..
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 12067583
Ps, MS released a secpatch for LSASS problems too.. might be worth a try..
0
 
LVL 1

Author Comment

by:GlenmoranUK
ID: 12067639
I tried copying lsass.exe from our other domain controller but got the same result.

Our server is behind a managed firewall with all patches installed.  It may just be a coincidence that it happened when it did.

I will check for the worm..

G
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 12067690
If you get the system to boot you should check taskmanager for LSASS, if its there you got worms..
0
 
LVL 1

Author Comment

by:GlenmoranUK
ID: 12068017
Got server to boot again..

Was not a virus but a corrupt AD as initially thought..

Firstly booted into D/S mode and tried to run ntdsutil but crashed out.  Then tried esentutl with the following structure:

esentutl /g "path\ntds.dit"/!10240 /8 /v /x /o

This showed a corrupt database so ran:

esentutl /p "path\ntds.dit" /!10240 /8 /v /x /o

This repaired the AD and then I had to delete the AD log files before booting back.

Server came back (5 mins ago) so will check whats happening.  As I type my outlook tells me the connection with the exchange server has been restored.

G
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 12274981
Seems like glenmoranUK had the answer to the problem in his last comment.
I reccomend, PAQ and refund points..
0
 

Accepted Solution

by:
ee_ai_construct earned 0 total points
ID: 12298532
Question answered by asker or dialog valuable.
Closed, 500 points refunded.
ee_ai_construct (replacement part #xm34)
Community Support Admin
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
The Nano Server Image Builder helps you create a custom Nano Server image and bootable USB media with the aid of a graphical interface. Based on the inputs you provide, it generates images for deployment and creates reusable PowerShell scripts that …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question