Checked build of NETLOGON.DLL causing crashes with Windows Server 2003
From: BROWN Nick (Nick.BROWN_at_COE.INT)
Date: 03/07/04
- Previous message: Rikk Carey: "Re: PLAXO: is that a cure or a disease?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 7 Mar 2004 22:00:01 +0100 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
For several years we have used the checked build of NETLOGON.DLL, along with
the tips described in KB article 189541, to track various logon incidents.
In a multi-domain controller environment, this is very useful, because the
reports from all the DCs can readily be centralised with a combination of
grep/awp/vim/perl/etc. (Anyone who has tried to help a user who is logging
on with an extra space at the end of their username, will appreciate the
value of seeing the exact string which is being used, delimited in a text
file !)
However, since we installed the checked build of NETLOGON.DLL from Windows
Server 2003 on our new 2003 DC, it has started to crash about three or four
times per day. We went back to the original NETLOGON.DLL and the problem
has gone away.
Here is the message written to the log just prior to shutdown:
"The system process 'C:\WINDOWS\system32\lsass.exe' terminated unexpectedly
with status code -1073740972. The system will now shut down and restart.."
Since LSASS.EXE (original version, dated 2003-03-25) is intimately
associated with logon validation, it seems very probably that the checked
build version of NETLOGON.DLL is indeed interfering with it in some way.
Does anyone have more knowledge of this issue ? Has anyone else got the
checked build version of NETLOGON.DLL running successfully with Windows
Server 2003 ?
Nick Brown, Strasbourg, France
-----
NTBugtraq Editor's Note:
Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you''ll have to copy their email address out of the message and place it in your TO: field.
-----
- Previous message: Rikk Carey: "Re: PLAXO: is that a cure or a disease?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
