?
Solved

Lsasrv error 5000 and server restarts every couple of days

Posted on 2006-04-20
10
Medium Priority
?
2,590 Views
Last Modified: 2008-01-09
Hello,

I have been dealing with the problem for a month now. Our network is a sngle DC with about 15 computers. DHCP, DNS is all on the server. We fixed NTPCLient w32time errors by syncing the server with external time source.

The last server reboot occured on 4/17. The first error in the System Log was a 7pm and 24 seconds.
Event Type:      Error
Event Source:      LsaSrv
Event Category:      Security Package Manager
Event ID:      5000
Date:            4/17/2006
Time:            7:00:24 PM
User:            N/A
Computer:      MUMBAI
Description:
The security package Kerberos generated an exception.  The exception information is the data.

Right before this error, i had a warning:
Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40968
Date:            4/17/2006
Time:            2:45:35 PM
User:            N/A
Computer:      MUMBAI
Description:
The Security System has received an authentication request that could not be  decoded.  The request has failed.

Then immdiately, I had an error in the APPLICATION LOG

Event Type:      Error
Event Source:      Application Error
Event Category:      (100)
Event ID:      1000
Date:            4/17/2006
Time:            7:00:29 PM
User:            N/A
Computer:      MUMBAI
Description:
Faulting application lsass.exe, version 5.2.3790.0, faulting module ntdll.dll, version 5.2.3790.0, fault address 0x00007933.

Then the winlogon.exe service triggered a restart of the server. Upon reboot, i got LSAShell encoutered an error.

I have no others and the reboot occurs randomly. I have done DCDIAG etc and all tests are passing. I think I have come a long way and a lot of things have been fixed but I just cannot figure out what causes the server to restart. It is random and no errors in any other categories.

I would be very proud if you can figure this out.

   

0
Comment
Question by:birenshukla
  • 5
  • 4
10 Comments
 
LVL 4

Accepted Solution

by:
ADExpert earned 2000 total points
ID: 16500097
0
 
LVL 5

Expert Comment

by:davino_1
ID: 16500162
0
 

Author Comment

by:birenshukla
ID: 16500313
Isnt there a way to fix the problem without hotfixes...This does not seem to be a licensed product.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 4

Expert Comment

by:ADExpert
ID: 16502866
Hotfixes are a must & sure shot solution. Hotfix cases are treated for free if you call microsoft support. But, you need to have a licensed version for them.

ADExpert
0
 

Author Comment

by:birenshukla
ID: 16507497
there is a workaround mentioned in the fix....can you help me with that..
0
 
LVL 4

Expert Comment

by:ADExpert
ID: 16523451
Please mention which article are you following.

ADExpert
0
 

Author Comment

by:birenshukla
ID: 16525033
I am following the support document from microsoft.

To work around this problem, remove the Deny ACE from the OU.

Please help.
0
 
LVL 4

Expert Comment

by:ADExpert
ID: 16525834
Hi Biren,

I'd be rather grateful, if you could give me the link to the article or KB no.

ADExpert
0
 

Author Comment

by:birenshukla
ID: 16525862
http://support.microsoft.com/?kbid=818080

it has not restarted since the 17th...which is good. but would like your suggestion anyways...

0
 

Author Comment

by:birenshukla
ID: 16610562
it restarted after almost two weeks...this time.. the error in event viewer just before the crash looked liked "bad packet received from 192.168.1.1.(router)...or large packet lenght...something like that. any ideas? this is the longest it has been without restart.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question