Solved

LSASS.EXE 0xc00000f Windows 2000 server.  Critical server!!!!

Posted on 2004-09-15
11
689 Views
Last Modified: 2010-05-18
Hi,

Our dc decided to crash and upon boot we get the following error:

lsass.exe system error.  Directory services could not start due to the following error:  system cannot find file specified.  error status 0xc00000f.....

When we reboot to directory services mode we can see the lsass.exe file in the system folder and also the ntds.dit file in d:\ad\dbase\

I have read that this issue is due to a corrupt ad so I booted our other dc into ds mode and copied the ntds.dit file to the corrupt server.  However upon reboot I get the same error.  (I renamed the existing ntds.dit file ntds.old).

Has anyone any suggestion as to what I can try next??  The server is our exchange server so its pretty critical.

Many thnaks

G
0
Comment
Question by:GlenmoranUK
  • 6
  • 3
11 Comments
 
LVL 15

Expert Comment

by:mattisflones
ID: 12066884
Might be that a sasser worm infected your system.. Get the cure here: http://search.symantec.com/custom/us/query.html
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 12066903
0
 
LVL 1

Author Comment

by:GlenmoranUK
ID: 12067535
I am quite certain it was not a virus as it happened whilst we were stopping the internet information store.

The server is also protected with sophos which updates every 2 hours.

But I will check...

G
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 12067574
Not a virus.. A worm! And any AV can experience a glitch..

If the LSASS.EXE itself is corrupted i guess you could fix it with a "SFC /SCANNOW" But thats quite a big job on a DC with Exchange..
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 12067583
Ps, MS released a secpatch for LSASS problems too.. might be worth a try..
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 1

Author Comment

by:GlenmoranUK
ID: 12067639
I tried copying lsass.exe from our other domain controller but got the same result.

Our server is behind a managed firewall with all patches installed.  It may just be a coincidence that it happened when it did.

I will check for the worm..

G
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 12067690
If you get the system to boot you should check taskmanager for LSASS, if its there you got worms..
0
 
LVL 1

Author Comment

by:GlenmoranUK
ID: 12068017
Got server to boot again..

Was not a virus but a corrupt AD as initially thought..

Firstly booted into D/S mode and tried to run ntdsutil but crashed out.  Then tried esentutl with the following structure:

esentutl /g "path\ntds.dit"/!10240 /8 /v /x /o

This showed a corrupt database so ran:

esentutl /p "path\ntds.dit" /!10240 /8 /v /x /o

This repaired the AD and then I had to delete the AD log files before booting back.

Server came back (5 mins ago) so will check whats happening.  As I type my outlook tells me the connection with the exchange server has been restored.

G
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 12274981
Seems like glenmoranUK had the answer to the problem in his last comment.
I reccomend, PAQ and refund points..
0
 

Accepted Solution

by:
ee_ai_construct earned 0 total points
ID: 12298532
Question answered by asker or dialog valuable.
Closed, 500 points refunded.
ee_ai_construct (replacement part #xm34)
Community Support Admin
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Performance in games development is paramount: every microsecond counts to be able to do everything in less than 33ms (aiming at 16ms). C# foreach statement is one of the worst performance killers, and here I explain why.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now