Re: lsass.exe fails and reboots
From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 06/06/05
- Previous message: Jim Carlock: "Re: AVG Free"
- In reply to: ChrisOlver: "lsass.exe fails and reboots"
- Next in thread: rjdriver: "Re: lsass.exe fails and reboots"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 5 Jun 2005 16:32:13 -0700
So, I did not see you mention that these W2k3 are up-to-date on service,
that meaning either (preferred) SP1 is installed, or all security patches.
If so, then while suboptimal for most deployment scenarios, just having
tcp 445 visible is not deadly, nor for that matter the other netbt ports.
Setting the auto reboot is not your route, as when lsass has issues all
of Windows either pays attention or halts. The error is stating that there
is an access violation (which of course should not happen for lsass). So,
the question is, do you recognize everything that is showing a running ?
all services ? The question really is, can you get back to a known good
state of the machines, before this "whatever it is" became implanted?
-- Roger "ChrisOlver" <ChrisOlver@discussions.microsoft.com> wrote in message news:60E88BDE-E229-48EB-837E-A876D3E427B6@microsoft.com... > Hello all, > > Simple problem this.. Looks like Sasser Worm has hit my Server 23k > Enterprise (acctually all 3 of our server boxes we have). I get lsass.exe > has > caused an error and reboots after 60 seconds.. the problem is > intermittent... > its been fine for days and we thought it was just a bug but now its doing > it > every couple of hours. > > When i boot up in the event log there is: A critical system process, > C:\WINDOWS\system32\lsass.exe, failed with status code c0000005 > > Right ive used stinger and norton removal tools but nothing is picking up > this. Says I am clean? Tried Macfee, Symantec Corprate AntiVirus and AVG > to > see if it picks it up and get nothing. Tried Adaware and Microsoft > Malicious > Software tool thinking it maybe some form of MalWare but nothing either. > The > server is fully up-to-date with its Windows patches and service packs. By > googleing the error someone has had the problem as well but no one replied > In > sasser related posts they recommended changing the "restart when crashes" > system in services by changing to restart service instead of restart > computer > but doesnt look like it worked. Someone also said when the error comes up > do > (i think) shutdown -a in DOS.. thinking this we put it in a bat script and > launched it every 50 seconds. This failed also ive changed it to 10 > seconds > but ill have to wait and see if it works. > > On event log here is the source and id: > > Source: LSAsrv > ID: 5000 > > and two of the error messages: > > Faulting application lsass.exe, version 5.2.3790.0, faulting module > lsasrv.dll, version 5.2.3790.1023, fault address 0x0002a411. > > A critical system process, C:\WINDOWS\system32\lsass.exe, failed with > status > code c0000005. The machine must now be restarted. > > If you need any info please say These 3 servers have our customers on > there > and as you can imagine its starting to annoy everyone > > Chris
- Previous message: Jim Carlock: "Re: AVG Free"
- In reply to: ChrisOlver: "lsass.exe fails and reboots"
- Next in thread: rjdriver: "Re: lsass.exe fails and reboots"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
