Solved

Server restart : lsass.exe terminated unexpectedly with status code 1073741819

Posted on 2009-06-26
22
4,438 Views
Last Modified: 2012-05-07
Windows 2003 Server R2 x64  restart after every 15 sec with the massage
'C:\WINDOWS\system32\lsass.exe' terminated > unexpectedly with status code -1073741819"
It's a domain controller, i already run sasser removing tool and also full scanned with symantec end point protection.But i did'nt find any worm or virus.
it can happend when restart the server using LAN connection and without LAN connection the above massage not came to restart the server.
0
Comment
Question by:Arabsoft-ACS
  • 9
  • 5
  • 4
  • +3
22 Comments
 
LVL 10

Expert Comment

by:dnilson
ID: 24726530
if lsass.exe terminates, Windows WILL reboot.  Thats the intended operation.

Question is, whats crashing the process.

Since you are on a 64 bit box, a 32 bit driver, or application is immediately suspect.  

I) Setup a clean boot by Microsoft definitions to eliminate 32 bit applications
Step 2: Configure selective startup options
In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
Click to clear the Process SYSTEM.INI File check box.
Click to clear the Process WIN.INI File check box.
Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
Click the Services tab.
Click to select the Hide All Microsoft Services check box.
Click Disable All, and then click OK.
When you are prompted, click Restart to restart the computer.

II) Ifthat fails you need to make sure you are using a 64 bit version of EVERY driver.

Start with the NIC driver(s) per your abovedescription.

III) Look in the system and application logs for clues.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 24726559
Run sfc /scannow
0
 
LVL 10

Expert Comment

by:dnilson
ID: 24726598
Sfc /scanniw will fix any bad windows system files, but it's not going to fix a bad 32 bit app or driver so don't forget to check those

What's the history of the machine old/new, recently failed/ always bad, upgraded, clean install etc
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 74

Expert Comment

by:Glen Knight
ID: 24726618
Are you able to abort the shutdown?
Shutdown -a

I gad this problem about 5 years ago and it was bad active directory data failing to replicate, are there other Domain Controlers?

Are you able to dcpromo to remove it as a DC and then DC promo it back?

Obviously after yransfering any FSMO roles to another DC
0
 

Author Comment

by:Arabsoft-ACS
ID: 24726641
I installed some microsoft hotfixes and the problem was solved temporary, the server running witout restarting but when i check my Active Directory and DNS both are not working, i checked the services there is IPsec service and Kerberos key Distribution center service is not running. When i try to start its faild to start then again facing the problem with LAN. can't able to ping the other servers and gateway found result " distination host unreachable"
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 24726671
After re-Reading your original post I would say you either have a failing/failed NIC or bad drivers for said NIC.

Try another NIC if you have one available or try re-installing  original drivers for the one you have
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 24726687
All of those services you have mentioned will fail if the NIC is not working so this is definately a good place to start!

Was it working and something has changed or did it never work?

Roll back the NIC driver in Device Manager using the roll back button on the properties of the NIC
0
 

Author Comment

by:Arabsoft-ACS
ID: 24726699
I already done to reinstall NIC drivers and there is two NIC card and both ha same problem
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 24726715
Have you got a NIC card you can install to test and disable the other 2?
0
 
LVL 10

Expert Comment

by:dnilson
ID: 24726720
If you change the Nic it should be a different model brand, and have a 64 bit driver and / a windows native driver
0
 

Author Comment

by:Arabsoft-ACS
ID: 24726760
Both NIC's are built in, with the same configuration and driver are support to 64 bit.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 24726774
If there is a problem with the NIC interface it will effect both as the onboard cards are normally dual port.

Can you try another NIC card that you plug on to the servers motherboard?
0
 

Author Comment

by:Arabsoft-ACS
ID: 24727084
Same problem after use the another NIc card. Still IPsec service and Kerberos service not start.
getting same result "distination Host Unreachable" When ping the gateway and another IP in the same subnet.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 24727092
If you do an ipconfig /all what do you get?
Can you post the results
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 24727118
Can you also run DCDIAG an NETDIAG and post the results
0
 
LVL 10

Expert Comment

by:Datedman
ID: 24727505
Just curious, when you say "without LAN connection" do you mean unplugged or...?   If just unplugging it solves the problem try giving it a static ip on another subnet, could conceivably be getting attacked.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 24728249
LSASS stands for Local Security Server. It goes to the kerberos ticket granting agent and verifies security identification for network logons.

Though it will fail without NIC support, the computer will not reboot on its own. The lack of time synchronization will also fail LSASS if it is out of the 5 minute phase offset. However, the lack of time synchronization will also not cause a computer reboot or slowness on the server.

The restart of the computer indicates a memory leak, or application failure. You can tell it to NOT to reboot upon failure. And then I would check out this article on memory leaks caused from LSASS.exe.

http://support.microsoft.com/kb/893246

If this doesn't work, you might look for a memory articles like this that have to do with LSASS causing a memory leak.

 
0
 
LVL 10

Expert Comment

by:dnilson
ID: 24728595
ChiefIT

The reported problem is unexpected termination of LSASS, not it's failure due to lack of NIC support

Termination of LSASS process will in itself reboot the machine, that's how the shutdown command works

Kill the process on a running machine and you will see the familar shutdown dialog.

========================
author

Have you checked the system log to determine the sequence of events post bootup?

Can you list the error / status messages IN the chronological order they appear in the log starting with the Microsoft HAL loading so we can glean some idea of what failed first, etc.  Perhaps there is a why hidden in those messages

 
0
 
LVL 4

Expert Comment

by:Mike_Courtney
ID: 24729373
I'd be inclined to compare the service pack levels on all the DC's to ensure they match - are they all running R2?

You can check this using Windows 2003 version of repadmin

repadmin /showattr name of the domain controller that is in the target domain ncobj:domain: /filter:"(&(objectCategory=computer)(primaryGroupID=516))" /subtree /atts:operatingSystem,operatingSystemVersion,operatingSystemServicePack

It won't show you individual hotfixes, but worth thinking of those too
0
 

Accepted Solution

by:
Arabsoft-ACS earned 0 total points
ID: 24778980
After a long Discussion, there is no proper solution found&..atlast format the Server and restore the Last full + Differential Backup.

Thanks every one
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 24778996
It's a shame none of the last questions were answered as with the information requested we may well have found you a solution.
0
 
LVL 10

Expert Comment

by:Datedman
ID: 24780181
So, did restoring a backup solve the problem?  LOL...if it is an attack, it will still be one.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Server Login Issue 4 57
Active Directory - Error 8614 - Do all DC's need to replicate 5 74
Questions about DHCP migration 5 61
ticket bloat 3 31
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question