Albert Widjaja
asked on
Windows Server 2008
Hi All,
I'm having a random reboot issue with my Domain Controller which is running Windows Server 2008 Standard 32 bit SP2, the following error message is logged in the Event Viewer.
Thanks in advance
I'm having a random reboot issue with my Domain Controller which is running Windows Server 2008 Standard 32 bit SP2, the following error message is logged in the Event Viewer.
Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 20/02/2013 12:22:49 PM
Event ID: 1015
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: DC02-VM.domain.com
Description:
A critical system process, C:\Windows\system32\lsass.exe, failed with status code 255. The machine must now be restarted.
Log Name: Application
Source: Application Error
Date: 20/02/2013 12:22:44 PM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: DC02-VM.domain.com
Description:
Faulting application lsass.exe, version 6.0.6002.18051, time stamp 0x4a364331, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x018701a8, process id 0x254, application start time 0x01ce0dca9a4a48bc.
Thanks in advance
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
that was the trademark of the old sasser virus... is your server patched up and virus free?
ASKER
dan,
why is that only happening on my domain controller ? just one AD only out of 4 that we have here ?
why is that only happening on my domain controller ? just one AD only out of 4 that we have here ?
Hi
I think you are running the domain controller in a VM. What is the RAM allocated to the machine. The server is 32 bit edition and runs in the VM. Might be the lsass.exe utilization is high on the machine which may caused the memory leak and server reboot. Try to upgrade the configuration and monitor the server utilization.
Thanks
Jai
I think you are running the domain controller in a VM. What is the RAM allocated to the machine. The server is 32 bit edition and runs in the VM. Might be the lsass.exe utilization is high on the machine which may caused the memory leak and server reboot. Try to upgrade the configuration and monitor the server utilization.
Thanks
Jai
ASKER
Jai,
Yes you could be right, so this article says that I can diagnose it with the Perfmon http://support.microsoft.com/kb/2550044
but how can I know when to run that perfmon to diagnose the issue when it occurs randomly ?
Yes you could be right, so this article says that I can diagnose it with the Perfmon http://support.microsoft.com/kb/2550044
but how can I know when to run that perfmon to diagnose the issue when it occurs randomly ?
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Can they send out email when the issue occurs to know what's exactly consuming tr resources ?
Yes you can create the task scheduler in the Perfmon for sending alerts
http://terenceluk.blogspot.com/2012/10/monitoring-free-drive-space-with.html
http://terenceluk.blogspot.com/2012/10/monitoring-free-drive-space-with.html
ASKER
Hi all, I have performed FULL SCAN with Symantec and it doesn't returns anything malicious.
Did you try the hotfix yet?
ASKER
no it is not possible, since it is happening on the 2008 DC not the normal Windows 2008 member server.
Well, since it's a VM, you COULD snapshot the VM (within VMware vSphere client) prior to applying the hotfix. If it doesn't work, you can roll back the VM to the snapshot you took.
Granted, you're right, the article states "member server" in the scenario but it doesn't necessarily state "not for domain controllers".
Granted, you're right, the article states "member server" in the scenario but it doesn't necessarily state "not for domain controllers".
ASKER
ok, does taking Snapshot on AD Domain controllers is advisable ?
There is nothing wrong with taking a snapshot on a DC. The potential for there to be a problem is rolling back a DC to an old snapshot (let's say a few days to a week old) when other DC's are present. Rolling back a DC in a multi DC environment will throw off AD and generate errors for that pariticular DC you rolled back.
That's the only potential for problems I see, however we're not keeping the snapshot for too long so you'll be fine. Plus if the hotfix ends up working you're going to be deleting the snapshot.
That's the only potential for problems I see, however we're not keeping the snapshot for too long so you'll be fine. Plus if the hotfix ends up working you're going to be deleting the snapshot.
ASKER
yes, I got two DC in the main sites and two in the DR sites (different subnet) and it is managing the same domain.
So in this case can I just take snapshot to this one particular DC or 4 of them at the same time ?
So in this case can I just take snapshot to this one particular DC or 4 of them at the same time ?
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER