Lsass.exe – system error   Indicates a revision number....  Server 2003

Posted on 2011-05-08
Last Modified: 2012-05-11
I just had a Server dropped off with some interesting problems.
The Raid5 volume had a bad disk so I unplugged it. The volume is degraded but still shows as bootable.
When I tried to reboot I received a grocery list of errors so I did a repair install of Server 2003 standard.
Upon rebooting I received the following message:

“ Lsass.exe – system error   Indicates a revision number encountered or specified is not one known by the service.  It may be a more recent revision than the service is aware of. “

This happens in safe as well as normal mode.  As soon as I hit the OK in the dialog box it reboots.

There was some unused space on the volume so I made a new partition and loaded Server 2003 into that partition.  After all that I downloaded malwarebytes and ran it against the bad partition.  It comes up clean but still gets the same error (above) when I boot from the bad partition. I also tried replacing lsass.exe.  The bad partition is C:\ and the good partition is F:\

I booted into the F partition and then renamed security and security.sav to oldsecurity and oldsecirity.sav (on the C partition).  I tried to boot to the C partition again but then I get:

“ Security Accounts Manager initialization failed because `of the following error. The security ID structure is invalid. Error Status: 0xc0000078. Please click OK to shutdown this system and reboot into safe mode, check the event log for more detailed information.”

Can’t get into safe mode either.  Boot into BartPE and copy over security from f:\windows\system32\config to c:\windows\system32\config.  When I try a boot to C partition I get the Security Accounts Manager error.

Boot back to the F partition, del security and security.sav, ren oldsecurity and oldsecurity.sav to security and security.sav (on c:\windows\system32\config)  and I’m back to the Lsass.exe – system error   Indicates a revision number error.

I have access to all the data so I suppose I could do a clean install but I’m unsure if I have access to the EMR and other apps to reinstall.


Question by:ccampbell15

    Expert Comment

    Which hardware model?
    If it's IBM Server. You should poweroff first. Then power on.
    Problem maybe solved.

    If it's no solved. You can use Recovery Console to solved this problem.
    Press [F8] and select "Recovery Console"
    Default path is c:\windows
    Do commands below: tmp
      2.copy c:\windows\system32\config\system c:\windows\tmp\system.bak
      3.delete c:\windows\system32\config\system
      4.copy c:\windows\repair\system c:\windows\system32\config\system
    Then reboot your computer.
    LVL 2

    Author Comment

    I booted up to the F partition and did what you suggested: When I try to boot from the C partition I now get:

    lsass - system error
    Indicated a revision number encountered or specified is not one known by the service. I may be a more recent revision than the service is aware of.

    The USB keyboard and mouse no longer work. I have a PS2 keyboard so I was able to alt-tab to select the dialog box and hit enter.  The system boot llops as long as I select the C partition.
    LVL 7

    Accepted Solution

    You can try a lot of troubleshooting steps and then rebuild the server or, just rebuild the server.
    Usually server should boot up normally if you replace the SYSTEM and SOFTWARE registry hive from the C:\Windows\Repair folder as suggested in one of the posts. But in your case it will not work as you already ran the repair install setup, which replaced the files in REPAIR folder with the ones from the CONFIG folder which are causing the problem.
    Do you have a backup taken of this server? If yes, then you can restore the SYSTEM and SOFTWARE files from the backup. Or you can even try to restore the server from backup. And as I said earlier, if this does not work... Rebuild the server...
    LVL 2

    Author Comment

    Well he has an image copy made some 2 years sgo. I'm not sure I want to go there just yet.  I know there was a major update to his EMR after that. I assume that if I replace the system and software hive then any software installed aftere that date is gone?
    LVL 2

    Author Comment

    Never did figure out why the installed OS would not work but restoring the image worked.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
    Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now