Solved

LSASS.EXE 0xc00000f Windows 2000 server.  Critical server!!!!

Posted on 2004-09-15
11
692 Views
Last Modified: 2010-05-18
Hi,

Our dc decided to crash and upon boot we get the following error:

lsass.exe system error.  Directory services could not start due to the following error:  system cannot find file specified.  error status 0xc00000f.....

When we reboot to directory services mode we can see the lsass.exe file in the system folder and also the ntds.dit file in d:\ad\dbase\

I have read that this issue is due to a corrupt ad so I booted our other dc into ds mode and copied the ntds.dit file to the corrupt server.  However upon reboot I get the same error.  (I renamed the existing ntds.dit file ntds.old).

Has anyone any suggestion as to what I can try next??  The server is our exchange server so its pretty critical.

Many thnaks

G
0
Comment
Question by:GlenmoranUK
  • 6
  • 3
11 Comments
 
LVL 15

Expert Comment

by:mattisflones
ID: 12066884
Might be that a sasser worm infected your system.. Get the cure here: http://search.symantec.com/custom/us/query.html
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 12066903
0
 
LVL 1

Author Comment

by:GlenmoranUK
ID: 12067535
I am quite certain it was not a virus as it happened whilst we were stopping the internet information store.

The server is also protected with sophos which updates every 2 hours.

But I will check...

G
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 15

Expert Comment

by:mattisflones
ID: 12067574
Not a virus.. A worm! And any AV can experience a glitch..

If the LSASS.EXE itself is corrupted i guess you could fix it with a "SFC /SCANNOW" But thats quite a big job on a DC with Exchange..
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 12067583
Ps, MS released a secpatch for LSASS problems too.. might be worth a try..
0
 
LVL 1

Author Comment

by:GlenmoranUK
ID: 12067639
I tried copying lsass.exe from our other domain controller but got the same result.

Our server is behind a managed firewall with all patches installed.  It may just be a coincidence that it happened when it did.

I will check for the worm..

G
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 12067690
If you get the system to boot you should check taskmanager for LSASS, if its there you got worms..
0
 
LVL 1

Author Comment

by:GlenmoranUK
ID: 12068017
Got server to boot again..

Was not a virus but a corrupt AD as initially thought..

Firstly booted into D/S mode and tried to run ntdsutil but crashed out.  Then tried esentutl with the following structure:

esentutl /g "path\ntds.dit"/!10240 /8 /v /x /o

This showed a corrupt database so ran:

esentutl /p "path\ntds.dit" /!10240 /8 /v /x /o

This repaired the AD and then I had to delete the AD log files before booting back.

Server came back (5 mins ago) so will check whats happening.  As I type my outlook tells me the connection with the exchange server has been restored.

G
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 12274981
Seems like glenmoranUK had the answer to the problem in his last comment.
I reccomend, PAQ and refund points..
0
 

Accepted Solution

by:
ee_ai_construct earned 0 total points
ID: 12298532
Question answered by asker or dialog valuable.
Closed, 500 points refunded.
ee_ai_construct (replacement part #xm34)
Community Support Admin
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Data breaches are on the rise, and companies are preparing by boosting their cybersecurity budgets. According to the Cybersecurity Market Report (http://www.cybersecurityventures.com/cybersecurity-market-report), worldwide spending on cybersecurity …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question