RE: Changing Password via Terminal Services causes Server Reboot (
- From: "CMS_Tech" <CMSTech@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 4 Apr 2005 09:45:04 -0700
Hi,
It looks like we've tracked this down to the Acronis Software. We did a
clean install of Windows 2003, Patched it all up, and then installed the
Acronis software. The problem then ocurrs.
I've put a posting about this on the Plesk forums at:
http://forum.plesk.com/showthread.php?s=&threadid=22774
and the Acronis forum at:
http://www.wilderssecurity.com/showthread.php?t=73952
Cheers,
Roland
"Simmo" wrote:
> This can be caused by a lsass leak, I think Windows 2003 Sp1 has a fix for
> lsass leaks which may cure your problem.
>
> Ive also seen similar issues on Dell machines from either faulty memory or
> faulty motherboards, I think Dell still provide a system checking diagnostic
> cd but this may not give you the true results. I used memtest86 to test my
> memory which seemed to work really well. This may sound strange but I've had
> very strange issues including a weird example - directX sound issues from
> faulty memory before, down to the method directX talks to the system.
>
>
> Cheers, Simmo
>
> "CMS_Tech" wrote:
>
> > We are currently experiencing a problem with one of our Windows 2003 servers.
> >
> > The server is a new machine, a Dell PowerEdge 1850. It has the Dell Factory
> > install of Windows 2003 on it. The server is also running MSSQL 2000,
> > ColdFusion MX 6.1 and Plesk 7.5.
> >
> > When a user logs in through Terminal Services (Administration mode) and
> > changes their password, the machine is rebooted. (Windows Security, Change
> > Password, Enter current and new passwords, and then the server reboots. The
> > server doesn’t seem to reboot if the password change is done through the
> > computer management MMC.)
> >
> > The following error is shown on screen:
> >
> > The system is shutting down. Please save all work in progress and log off.
> > Any unsaved changes will be lost. This shutdown was initiated by NT
> > AUTHORTY\SYSTEM. Shutdown will begin in 58 seconds. Shutdown message: The
> > system process ‘C:\windows\system32\lsass.exe’ terminated unexpectedly with
> > status code -1073740972. The system will now shut down and restart.
> >
> > The following items can also be found in the Application error log around
> > this time:
> >
> > Event ID: 1004
> > Reporting queued error: faulting application winlogon.exe, version 0.0.0.0,
> > faulting module msgina.dll, version 5.2.3790.0, fault address 0x000118e6.
> >
> > Event ID: 1004
> > Reporting queued error: faulting application lsass.exe, version 5.2.3790.0,
> > faulting module ntdll.dll, version 5.2.3790.0, fault address 0x0003c10b.
> >
> > Event ID: 1000
> > Faulting application , version 0.0.0.0, faulting module msgina.dll, version
> > 5.2.3790.0, fault address 0x000118e6.
> >
> > Event ID: 1015
> > A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status
> > code c0000354. The machine must now be restarted.
> >
> > Event ID: 1000
> > Faulting application lsass.exe, version 5.2.3790.0, faulting module
> > ntdll.dll, version 5.2.3790.0, fault address 0x0003c10b.
> >
> > Errors in System Error Log:
> >
> > Event ID: 26
> > Application popup: System Shutdown : The system is shutting down. Please
> > save all work in progress and log off. Any unsaved changes will be lost.
> > This shutdown was initiated by NT AUTHORITY\SYSTEM. Shutdown will begin in
> > 58 seconds. Shutdown message: The system process
> > 'C:\WINDOWS\system32\lsass.exe' terminated unexpectedly with status code
> > -1073740972. The system will now shut down and restart..
> >
> > Event ID: 1074
> > The process winlogon.exe has initiated the restart of computer KRYTON on
> > behalf of user for the following reason: No title for this reason could be
> > found
> > Reason Code: 0x50006
> > Shutdown Type: restart
> > Comment: The system process 'C:\WINDOWS\system32\lsass.exe' terminated
> > unexpectedly with status code -1073740972. The system will now shut down and
> > restart.
> >
> > Event ID: 5000
> > The security package ACRONIS_RELOGON_AUTHENTICATION_PACKAGE generated an
> > exception. The exception information is the data.
> >
> >
> > I have looked at a few MS KB articles, that seem to be similar, but not
> > exactly the same as the problem that we are experiencing:
> >
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;818080
> >
> > I know that a lost of LSASS.exe reboots are caused by the SASSER virus.
> > I’ve scanned our machine with AV software, and also run the removal tool from
> > Symantec – the machine has shown to be clean of this virus.
> >
> > Has anyone else experienced this problem? Can anyone offer any suggestions
> > for a resolution to this problem.
> >
> > Thank you for your help.
> >
> > Kind regards,
> >
> > Roland
.
- References:
- Prev by Date: DHCP relay question..
- Next by Date: Problems with Windows Shares
- Previous by thread: RE: Changing Password via Terminal Services causes Server Reboot (
- Next by thread: HP Insight Agents and Windows 2003 Service Pack 1
- Index(es):
Relevant Pages
|
