Solved

LSASS.EXE 0xc00000f Windows 2000 server.  Critical server!!!!

Posted on 2004-09-15
11
703 Views
Last Modified: 2010-05-18
Hi,

Our dc decided to crash and upon boot we get the following error:

lsass.exe system error.  Directory services could not start due to the following error:  system cannot find file specified.  error status 0xc00000f.....

When we reboot to directory services mode we can see the lsass.exe file in the system folder and also the ntds.dit file in d:\ad\dbase\

I have read that this issue is due to a corrupt ad so I booted our other dc into ds mode and copied the ntds.dit file to the corrupt server.  However upon reboot I get the same error.  (I renamed the existing ntds.dit file ntds.old).

Has anyone any suggestion as to what I can try next??  The server is our exchange server so its pretty critical.

Many thnaks

G
0
Comment
Question by:GlenmoranUK
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
11 Comments
 
LVL 15

Expert Comment

by:mattisflones
ID: 12066884
Might be that a sasser worm infected your system.. Get the cure here: http://search.symantec.com/custom/us/query.html
0
 
LVL 1

Author Comment

by:GlenmoranUK
ID: 12067535
I am quite certain it was not a virus as it happened whilst we were stopping the internet information store.

The server is also protected with sophos which updates every 2 hours.

But I will check...

G
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 15

Expert Comment

by:mattisflones
ID: 12067574
Not a virus.. A worm! And any AV can experience a glitch..

If the LSASS.EXE itself is corrupted i guess you could fix it with a "SFC /SCANNOW" But thats quite a big job on a DC with Exchange..
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 12067583
Ps, MS released a secpatch for LSASS problems too.. might be worth a try..
0
 
LVL 1

Author Comment

by:GlenmoranUK
ID: 12067639
I tried copying lsass.exe from our other domain controller but got the same result.

Our server is behind a managed firewall with all patches installed.  It may just be a coincidence that it happened when it did.

I will check for the worm..

G
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 12067690
If you get the system to boot you should check taskmanager for LSASS, if its there you got worms..
0
 
LVL 1

Author Comment

by:GlenmoranUK
ID: 12068017
Got server to boot again..

Was not a virus but a corrupt AD as initially thought..

Firstly booted into D/S mode and tried to run ntdsutil but crashed out.  Then tried esentutl with the following structure:

esentutl /g "path\ntds.dit"/!10240 /8 /v /x /o

This showed a corrupt database so ran:

esentutl /p "path\ntds.dit" /!10240 /8 /v /x /o

This repaired the AD and then I had to delete the AD log files before booting back.

Server came back (5 mins ago) so will check whats happening.  As I type my outlook tells me the connection with the exchange server has been restored.

G
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 12274981
Seems like glenmoranUK had the answer to the problem in his last comment.
I reccomend, PAQ and refund points..
0
 

Accepted Solution

by:
ee_ai_construct earned 0 total points
ID: 12298532
Question answered by asker or dialog valuable.
Closed, 500 points refunded.
ee_ai_construct (replacement part #xm34)
Community Support Admin
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question