I am running windows 2003 standard edition (SP2) in terminal services application mode, on a windows 2003 standard edition R2 domain. My DC is a HP ML570 quad Xeon w/ 8GB RAM and my TS is a dual Xeon w/ 4 GB RAM.
I have a problem with the TS rejecting logins, IE: a client will RDC into the server and the logon screen will appear for about 1 second and then disappear.
I go to the TS's console and there is a message stating that lsass.exe -"1073741819" has caused a shutdown of the system, and the system will reboot.
Once i reboot the system, we might not have an issue for a week, then the problem creeps up again and requires a reboot.
I have researched this problem extensively and learned that the primary cause of this is a sasser worm infection. I have scanned the machine with several products and installed the hotfixes that Microsoft has recommended.
I have found no traces of the sasser worm, so i am at a loss to explain what is going on here.
If anyone can shed some light on the subject, it would be much appreciated.