[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1467
  • Last Modified:

Lsass.exe – system error Indicates a revision number.... Server 2003

I just had a Server dropped off with some interesting problems.
The Raid5 volume had a bad disk so I unplugged it. The volume is degraded but still shows as bootable.
When I tried to reboot I received a grocery list of errors so I did a repair install of Server 2003 standard.
Upon rebooting I received the following message:

“ Lsass.exe – system error   Indicates a revision number encountered or specified is not one known by the service.  It may be a more recent revision than the service is aware of. “

This happens in safe as well as normal mode.  As soon as I hit the OK in the dialog box it reboots.

There was some unused space on the volume so I made a new partition and loaded Server 2003 into that partition.  After all that I downloaded malwarebytes and ran it against the bad partition.  It comes up clean but still gets the same error (above) when I boot from the bad partition. I also tried replacing lsass.exe.  The bad partition is C:\ and the good partition is F:\

I booted into the F partition and then renamed security and security.sav to oldsecurity and oldsecirity.sav (on the C partition).  I tried to boot to the C partition again but then I get:

“ Security Accounts Manager initialization failed because `of the following error. The security ID structure is invalid. Error Status: 0xc0000078. Please click OK to shutdown this system and reboot into safe mode, check the event log for more detailed information.”

Can’t get into safe mode either.  Boot into BartPE and copy over security from f:\windows\system32\config to c:\windows\system32\config.  When I try a boot to C partition I get the Security Accounts Manager error.

Boot back to the F partition, del security and security.sav, ren oldsecurity and oldsecurity.sav to security and security.sav (on c:\windows\system32\config)  and I’m back to the Lsass.exe – system error   Indicates a revision number error.

I have access to all the data so I suppose I could do a clean install but I’m unsure if I have access to the EMR and other apps to reinstall.

Ideas?


0
ccampbell15
Asked:
ccampbell15
  • 3
1 Solution
 
jtchiouCommented:
Which hardware model?
If it's IBM Server. You should poweroff first. Then power on.
Problem maybe solved.

If it's no solved. You can use Recovery Console to solved this problem.
Press [F8] and select "Recovery Console"
Default path is c:\windows
Do commands below:
  1.md tmp
  2.copy c:\windows\system32\config\system c:\windows\tmp\system.bak
  3.delete c:\windows\system32\config\system
  4.copy c:\windows\repair\system c:\windows\system32\config\system
Then reboot your computer.
0
 
ccampbell15Author Commented:
I booted up to the F partition and did what you suggested: When I try to boot from the C partition I now get:

lsass - system error
Indicated a revision number encountered or specified is not one known by the service. I may be a more recent revision than the service is aware of.

The USB keyboard and mouse no longer work. I have a PS2 keyboard so I was able to alt-tab to select the dialog box and hit enter.  The system boot llops as long as I select the C partition.
0
 
ashutoshsapreCommented:
You can try a lot of troubleshooting steps and then rebuild the server or, just rebuild the server.
Usually server should boot up normally if you replace the SYSTEM and SOFTWARE registry hive from the C:\Windows\Repair folder as suggested in one of the posts. But in your case it will not work as you already ran the repair install setup, which replaced the files in REPAIR folder with the ones from the CONFIG folder which are causing the problem.
Do you have a backup taken of this server? If yes, then you can restore the SYSTEM and SOFTWARE files from the backup. Or you can even try to restore the server from backup. And as I said earlier, if this does not work... Rebuild the server...
0
 
ccampbell15Author Commented:
Well he has an image copy made some 2 years sgo. I'm not sure I want to go there just yet.  I know there was a major update to his EMR after that. I assume that if I replace the system and software hive then any software installed aftere that date is gone?
0
 
ccampbell15Author Commented:
Never did figure out why the installed OS would not work but restoring the image worked.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now