Page 1 of 2 12 LastLast
Results 1 to 15 of 16

Thread: WINDOWS SERVER 2003

  1. #1
    Shane Sensor Guest

    WINDOWS SERVER 2003

    Our Windows Server 2003 is restarting randomly. When I log back in there are
    various error messages, but the most common is a reference to the SHELL
    encountering a problem. I have tried disconnecting the UPS, the virus
    software, monitoring all applications from PC's connected to the server and
    still it restarts. One of the problems I also have is when copying or moving
    a large file, the status bar moves along as if it's completed the copy over
    and then it will come up with a message stating the server is no longer
    available.

  2. #2
    Giuseppe Nacci Guest

    Re: WINDOWS SERVER 2003

    Shane Sensor wrote:
    > Our Windows Server 2003 is restarting randomly. When I log back in
    > there are various error messages, but the most common is a reference
    > to the SHELL encountering a problem. I have tried disconnecting the
    > UPS, the virus software, monitoring all applications from PC's
    > connected to the server and still it restarts. One of the problems I
    > also have is when copying or moving a large file, the status bar
    > moves along as if it's completed the copy over and then it will come
    > up with a message stating the server is no longer available.


    Describe your hardware and check the errors in the event id.....
    --
    ---
    Giuseppe Nacci
    Microsoft Certified System Engineer
    Security Manager

    --------------------------------------------------------------------
    CONFIDENTIALITY NOTICE
    This message and its attachments are addressed solely to the persons
    above and may contain confidential information. If you have received
    the message in error, be informed that any use of the content hereof
    is prohibited. Please return it immediately to the sender and delete
    the message. Should you have any questions, please contact us by
    replying to supporto.informatico@degennaro.biz
    Thank you
    --------------------------------------------------------------------




  3. #3
    Shane Sensor Guest

    Re: WINDOWS SERVER 2003

    Below is a listing of hardware direct from the installers:-

    INTEL STORAGE SERVER INCLUDING INTEL PENTIUM 4 - S40 - 3.2GHZ 800MHZ FSB
    LGA77, INTEL BLKD915PGNL/915P/ICH6/PCI-EX16/4XDDR, 2 X KINGSTON 512MB 184PIN
    400MHZ (PC3200) CL3 DD, 1 X CHANBRO 209AB BLACK INTEL APPROVED HIGH END SER,
    1 X ENHNACE PS-0262 INTEL APPROVED EPS12V 520W PO, 4 X 74GB WESTERN DIGITAL
    SATA 10000RPM (8MB CACH), 1 X ASUS EAX300/TD/128 VIDEO CARD, 1 X MICROSOFT
    SMALL BUSINESS SERVER 2003 STANDARD, 1 X MICROSOFT SBS CAL 203 5NL USER CAL,
    1 X PROMISE S150 SX4-M 4XSATA RAID CONTROLLER

    Hope this helps. I have also gone through the event logs as you suggested,
    unfortunately there are so many error logs i'm not sure what i'm looking for
    exactly. Just prior to me sending this message, the server came up with a
    red screen this time saying that it is going to restart in 30 seconds and
    there was a problem with the NT Authority System, so that's a new message
    altogether that I haven't seen. The virus system we're running is eTrust
    Antivirus.

    Thanks
    Shane

    "Giuseppe Nacci" wrote:

    > Shane Sensor wrote:
    > > Our Windows Server 2003 is restarting randomly. When I log back in
    > > there are various error messages, but the most common is a reference
    > > to the SHELL encountering a problem. I have tried disconnecting the
    > > UPS, the virus software, monitoring all applications from PC's
    > > connected to the server and still it restarts. One of the problems I
    > > also have is when copying or moving a large file, the status bar
    > > moves along as if it's completed the copy over and then it will come
    > > up with a message stating the server is no longer available.

    >
    > Describe your hardware and check the errors in the event id.....
    > --
    > ---
    > Giuseppe Nacci
    > Microsoft Certified System Engineer
    > Security Manager
    >
    > --------------------------------------------------------------------
    > CONFIDENTIALITY NOTICE
    > This message and its attachments are addressed solely to the persons
    > above and may contain confidential information. If you have received
    > the message in error, be informed that any use of the content hereof
    > is prohibited. Please return it immediately to the sender and delete
    > the message. Should you have any questions, please contact us by
    > replying to supporto.informatico@degennaro.biz
    > Thank you
    > --------------------------------------------------------------------
    >
    >
    >
    >


  4. #4
    Shane Sensor Guest

    Re: WINDOWS SERVER 2003

    Additional:- I have re-examined the event logs and have noticed that there
    is a Warning that appears as follows prior to a unexpected shutdown. The
    server seems to be resetting at all hours of the night when no users are
    present.

    SOURCE: W32Time, Type: Warning.
    The time provider NtpServer encountered an error while digitally signing the
    NTP response from peer xxxx. NtpServer cannot provide secure (signed) time
    to the client and will ignore the request. The erro was: The RPC server is
    unavailable (Ox800706BA)



    "Shane Sensor" wrote:

    > Below is a listing of hardware direct from the installers:-
    >
    > INTEL STORAGE SERVER INCLUDING INTEL PENTIUM 4 - S40 - 3.2GHZ 800MHZ FSB
    > LGA77, INTEL BLKD915PGNL/915P/ICH6/PCI-EX16/4XDDR, 2 X KINGSTON 512MB 184PIN
    > 400MHZ (PC3200) CL3 DD, 1 X CHANBRO 209AB BLACK INTEL APPROVED HIGH END SER,
    > 1 X ENHNACE PS-0262 INTEL APPROVED EPS12V 520W PO, 4 X 74GB WESTERN DIGITAL
    > SATA 10000RPM (8MB CACH), 1 X ASUS EAX300/TD/128 VIDEO CARD, 1 X MICROSOFT
    > SMALL BUSINESS SERVER 2003 STANDARD, 1 X MICROSOFT SBS CAL 203 5NL USER CAL,
    > 1 X PROMISE S150 SX4-M 4XSATA RAID CONTROLLER
    >
    > Hope this helps. I have also gone through the event logs as you suggested,
    > unfortunately there are so many error logs i'm not sure what i'm looking for
    > exactly. Just prior to me sending this message, the server came up with a
    > red screen this time saying that it is going to restart in 30 seconds and
    > there was a problem with the NT Authority System, so that's a new message
    > altogether that I haven't seen. The virus system we're running is eTrust
    > Antivirus.
    >
    > Thanks
    > Shane
    >
    > "Giuseppe Nacci" wrote:
    >
    > > Shane Sensor wrote:
    > > > Our Windows Server 2003 is restarting randomly. When I log back in
    > > > there are various error messages, but the most common is a reference
    > > > to the SHELL encountering a problem. I have tried disconnecting the
    > > > UPS, the virus software, monitoring all applications from PC's
    > > > connected to the server and still it restarts. One of the problems I
    > > > also have is when copying or moving a large file, the status bar
    > > > moves along as if it's completed the copy over and then it will come
    > > > up with a message stating the server is no longer available.

    > >
    > > Describe your hardware and check the errors in the event id.....
    > > --
    > > ---
    > > Giuseppe Nacci
    > > Microsoft Certified System Engineer
    > > Security Manager
    > >
    > > --------------------------------------------------------------------
    > > CONFIDENTIALITY NOTICE
    > > This message and its attachments are addressed solely to the persons
    > > above and may contain confidential information. If you have received
    > > the message in error, be informed that any use of the content hereof
    > > is prohibited. Please return it immediately to the sender and delete
    > > the message. Should you have any questions, please contact us by
    > > replying to supporto.informatico@degennaro.biz
    > > Thank you
    > > --------------------------------------------------------------------
    > >
    > >
    > >
    > >


  5. #5
    lukesh Guest

    Re: WINDOWS SERVER 2003

    Hi Shane,
    check for viruses on your server. You can run free online scan from
    trendmicro.com.

    Lukesh

    "Shane Sensor" wrote:

    > Additional:- I have re-examined the event logs and have noticed that there
    > is a Warning that appears as follows prior to a unexpected shutdown. The
    > server seems to be resetting at all hours of the night when no users are
    > present.
    >
    > SOURCE: W32Time, Type: Warning.
    > The time provider NtpServer encountered an error while digitally signing the
    > NTP response from peer xxxx. NtpServer cannot provide secure (signed) time
    > to the client and will ignore the request. The erro was: The RPC server is
    > unavailable (Ox800706BA)
    >
    >
    >
    > "Shane Sensor" wrote:
    >
    > > Below is a listing of hardware direct from the installers:-
    > >
    > > INTEL STORAGE SERVER INCLUDING INTEL PENTIUM 4 - S40 - 3.2GHZ 800MHZ FSB
    > > LGA77, INTEL BLKD915PGNL/915P/ICH6/PCI-EX16/4XDDR, 2 X KINGSTON 512MB 184PIN
    > > 400MHZ (PC3200) CL3 DD, 1 X CHANBRO 209AB BLACK INTEL APPROVED HIGH END SER,
    > > 1 X ENHNACE PS-0262 INTEL APPROVED EPS12V 520W PO, 4 X 74GB WESTERN DIGITAL
    > > SATA 10000RPM (8MB CACH), 1 X ASUS EAX300/TD/128 VIDEO CARD, 1 X MICROSOFT
    > > SMALL BUSINESS SERVER 2003 STANDARD, 1 X MICROSOFT SBS CAL 203 5NL USER CAL,
    > > 1 X PROMISE S150 SX4-M 4XSATA RAID CONTROLLER
    > >
    > > Hope this helps. I have also gone through the event logs as you suggested,
    > > unfortunately there are so many error logs i'm not sure what i'm looking for
    > > exactly. Just prior to me sending this message, the server came up with a
    > > red screen this time saying that it is going to restart in 30 seconds and
    > > there was a problem with the NT Authority System, so that's a new message
    > > altogether that I haven't seen. The virus system we're running is eTrust
    > > Antivirus.
    > >
    > > Thanks
    > > Shane
    > >
    > > "Giuseppe Nacci" wrote:
    > >
    > > > Shane Sensor wrote:
    > > > > Our Windows Server 2003 is restarting randomly. When I log back in
    > > > > there are various error messages, but the most common is a reference
    > > > > to the SHELL encountering a problem. I have tried disconnecting the
    > > > > UPS, the virus software, monitoring all applications from PC's
    > > > > connected to the server and still it restarts. One of the problems I
    > > > > also have is when copying or moving a large file, the status bar
    > > > > moves along as if it's completed the copy over and then it will come
    > > > > up with a message stating the server is no longer available.
    > > >
    > > > Describe your hardware and check the errors in the event id.....
    > > > --
    > > > ---
    > > > Giuseppe Nacci
    > > > Microsoft Certified System Engineer
    > > > Security Manager
    > > >
    > > > --------------------------------------------------------------------
    > > > CONFIDENTIALITY NOTICE
    > > > This message and its attachments are addressed solely to the persons
    > > > above and may contain confidential information. If you have received
    > > > the message in error, be informed that any use of the content hereof
    > > > is prohibited. Please return it immediately to the sender and delete
    > > > the message. Should you have any questions, please contact us by
    > > > replying to supporto.informatico@degennaro.biz
    > > > Thank you
    > > > --------------------------------------------------------------------
    > > >
    > > >
    > > >
    > > >


  6. #6
    Shane Sensor Guest

    Re: WINDOWS SERVER 2003

    Hello, I have run 2 separate full virus scans of all individual pc's and the
    server using different virus software and both scans came up clean. This
    resetting problem is really weird because today, we've had all pc's running
    and the server hasn't reset once, but tomorrow could reset 10 times.

    "lukesh" wrote:

    > Hi Shane,
    > check for viruses on your server. You can run free online scan from
    > trendmicro.com.
    >
    > Lukesh
    >
    > "Shane Sensor" wrote:
    >
    > > Additional:- I have re-examined the event logs and have noticed that there
    > > is a Warning that appears as follows prior to a unexpected shutdown. The
    > > server seems to be resetting at all hours of the night when no users are
    > > present.
    > >
    > > SOURCE: W32Time, Type: Warning.
    > > The time provider NtpServer encountered an error while digitally signing the
    > > NTP response from peer xxxx. NtpServer cannot provide secure (signed) time
    > > to the client and will ignore the request. The erro was: The RPC server is
    > > unavailable (Ox800706BA)
    > >
    > >
    > >
    > > "Shane Sensor" wrote:
    > >
    > > > Below is a listing of hardware direct from the installers:-
    > > >
    > > > INTEL STORAGE SERVER INCLUDING INTEL PENTIUM 4 - S40 - 3.2GHZ 800MHZ FSB
    > > > LGA77, INTEL BLKD915PGNL/915P/ICH6/PCI-EX16/4XDDR, 2 X KINGSTON 512MB 184PIN
    > > > 400MHZ (PC3200) CL3 DD, 1 X CHANBRO 209AB BLACK INTEL APPROVED HIGH END SER,
    > > > 1 X ENHNACE PS-0262 INTEL APPROVED EPS12V 520W PO, 4 X 74GB WESTERN DIGITAL
    > > > SATA 10000RPM (8MB CACH), 1 X ASUS EAX300/TD/128 VIDEO CARD, 1 X MICROSOFT
    > > > SMALL BUSINESS SERVER 2003 STANDARD, 1 X MICROSOFT SBS CAL 203 5NL USER CAL,
    > > > 1 X PROMISE S150 SX4-M 4XSATA RAID CONTROLLER
    > > >
    > > > Hope this helps. I have also gone through the event logs as you suggested,
    > > > unfortunately there are so many error logs i'm not sure what i'm looking for
    > > > exactly. Just prior to me sending this message, the server came up with a
    > > > red screen this time saying that it is going to restart in 30 seconds and
    > > > there was a problem with the NT Authority System, so that's a new message
    > > > altogether that I haven't seen. The virus system we're running is eTrust
    > > > Antivirus.
    > > >
    > > > Thanks
    > > > Shane
    > > >
    > > > "Giuseppe Nacci" wrote:
    > > >
    > > > > Shane Sensor wrote:
    > > > > > Our Windows Server 2003 is restarting randomly. When I log back in
    > > > > > there are various error messages, but the most common is a reference
    > > > > > to the SHELL encountering a problem. I have tried disconnecting the
    > > > > > UPS, the virus software, monitoring all applications from PC's
    > > > > > connected to the server and still it restarts. One of the problems I
    > > > > > also have is when copying or moving a large file, the status bar
    > > > > > moves along as if it's completed the copy over and then it will come
    > > > > > up with a message stating the server is no longer available.
    > > > >
    > > > > Describe your hardware and check the errors in the event id.....
    > > > > --
    > > > > ---
    > > > > Giuseppe Nacci
    > > > > Microsoft Certified System Engineer
    > > > > Security Manager
    > > > >
    > > > > --------------------------------------------------------------------
    > > > > CONFIDENTIALITY NOTICE
    > > > > This message and its attachments are addressed solely to the persons
    > > > > above and may contain confidential information. If you have received
    > > > > the message in error, be informed that any use of the content hereof
    > > > > is prohibited. Please return it immediately to the sender and delete
    > > > > the message. Should you have any questions, please contact us by
    > > > > replying to supporto.informatico@degennaro.biz
    > > > > Thank you
    > > > > --------------------------------------------------------------------
    > > > >
    > > > >
    > > > >
    > > > >


  7. #7
    Giuseppe Nacci Guest

    Re: WINDOWS SERVER 2003

    Shane Sensor wrote:
    > Hello, I have run 2 separate full virus scans of all individual pc's
    > and the server using different virus software and both scans came up
    > clean. This resetting problem is really weird because today, we've
    > had all pc's running and the server hasn't reset once, but tomorrow
    > could reset 10 times.


    Sorry for lateness.
    Try also this from Microsoft:
    http://www.microsoft.com/security/ma...e/default.mspx
    Regards
    --
    ---
    Giuseppe Nacci
    Microsoft Certified System Engineer
    Security Manager

    --------------------------------------------------------------------
    CONFIDENTIALITY NOTICE
    This message and its attachments are addressed solely to the persons
    above and may contain confidential information. If you have received
    the message in error, be informed that any use of the content hereof
    is prohibited. Please return it immediately to the sender and delete
    the message. Should you have any questions, please contact us by
    replying to supporto.informatico@degennaro.biz
    Thank you
    --------------------------------------------------------------------




  8. #8
    Shane Sensor Guest

    Re: WINDOWS SERVER 2003

    Hi, thanks for the suggestion link, I downloaded and ran the Malicious
    Software Removal Tool on every pc and the server and nothing was found. I
    was checking the event logs earlier and noticed that every time the server
    restarts there is a error message from HIDKBDUSER and then one from LSA SHELL
    both stating that they encountered a problem and had to shutdown. The random
    restarts were not occurring this week for the first couple of days, and then
    today, it's restarted about 4 times in the past hour. Any more suggestions
    that you may be able to think of. I had one question that I was going to ask
    that i've seen on newsgroups on the Microsoft website. It states that you
    can right click on my computer, advanced tab, settings, startup and recovery
    and Clear Auto Restart check. Do you think there is any danger in clearing
    this check, because I remember reading that the blue screen may appear and i
    may have to get someone from Microsoft to clear the blue screen. I guess the
    most frustrating part of this is that there are all these error reports
    generated by Exchange Server, but they aren't very helpful in this situation.
    It tells my that it was an unplanned shutdown, but doesn't tell me why, or
    what caused it. Very frustrating.

    "Giuseppe Nacci" wrote:

    > Shane Sensor wrote:
    > > Hello, I have run 2 separate full virus scans of all individual pc's
    > > and the server using different virus software and both scans came up
    > > clean. This resetting problem is really weird because today, we've
    > > had all pc's running and the server hasn't reset once, but tomorrow
    > > could reset 10 times.

    >
    > Sorry for lateness.
    > Try also this from Microsoft:
    > http://www.microsoft.com/security/ma...e/default.mspx
    > Regards
    > --
    > ---
    > Giuseppe Nacci
    > Microsoft Certified System Engineer
    > Security Manager
    >
    > --------------------------------------------------------------------
    > CONFIDENTIALITY NOTICE
    > This message and its attachments are addressed solely to the persons
    > above and may contain confidential information. If you have received
    > the message in error, be informed that any use of the content hereof
    > is prohibited. Please return it immediately to the sender and delete
    > the message. Should you have any questions, please contact us by
    > replying to supporto.informatico@degennaro.biz
    > Thank you
    > --------------------------------------------------------------------
    >
    >
    >
    >


  9. #9
    Giuseppe Nacci Guest

    Re: WINDOWS SERVER 2003


    "Shane Sensor" <ShaneSensor@discussions.microsoft.com> ha scritto nel
    messaggio news:38D428E0-D4A5-4311-8FC1-2CC7B9FD3680@microsoft.com...
    > Hi, thanks for the suggestion link, I downloaded and ran the Malicious
    > Software Removal Tool on every pc and the server and nothing was found. I
    > was checking the event logs earlier and noticed that every time the server
    > restarts there is a error message from HIDKBDUSER and then one from LSA
    > SHELL
    > both stating that they encountered a problem and had to shutdown. The
    > random
    > restarts were not occurring this week for the first couple of days, and
    > then
    > today, it's restarted about 4 times in the past hour. Any more
    > suggestions
    > that you may be able to think of. I had one question that I was going to
    > ask
    > that i've seen on newsgroups on the Microsoft website. It states that you
    > can right click on my computer, advanced tab, settings, startup and
    > recovery
    > and Clear Auto Restart check. Do you think there is any danger in
    > clearing
    > this check, because I remember reading that the blue screen may appear and
    > i
    > may have to get someone from Microsoft to clear the blue screen. I guess
    > the
    > most frustrating part of this is that there are all these error reports
    > generated by Exchange Server, but they aren't very helpful in this
    > situation.
    > It tells my that it was an unplanned shutdown, but doesn't tell me why, or
    > what caused it. Very frustrating.


    Read also this: http://support.microsoft.com/kb/827363/en-us
    I suggest to scan the server (or the pc) in Safe Mode.
    Let me know the result.

    --
    ---
    Giuseppe Nacci
    Microsoft Certified System Engineer
    Security Manager

    --------------------------------------------------------------------
    CONFIDENTIALITY NOTICE
    This message and its attachments are addressed solely to the persons
    above and may contain confidential information. If you have received
    the message in error, be informed that any use of the content hereof
    is prohibited. Please return it immediately to the sender and delete
    the message. Should you have any questions, please contact us by
    replying to supporto.informatico@degennaro.biz
    Thank you
    --------------------------------------------------------------------



  10. #10
    jfoster@aasdifference.com Guest

    Re: WINDOWS SERVER 2003

    Was this ever resolved? I have the exact same issue.

    Thanks
    Jeff


  11. #11
    JohnP Guest

    Re: WINDOWS SERVER 2003

    I have the same issue but not as frequent.. any resolution?
    thanks.
    John

    "jfoster@aasdifference.com" wrote:

    > Was this ever resolved? I have the exact same issue.
    >
    > Thanks
    > Jeff
    >
    >


  12. #12
    Shane Sensor Guest

    Re: WINDOWS SERVER 2003

    Hello. Have tried running malicious software removal tools and scanning pcs
    and server in safe mode. Nothing unusual found. This week had 4 days where
    the server didn't reset once, and then today it's reset 7 times in about an
    hour. Found the following note in the Event logs which I hadn't noticed
    before, but this event actually explains that the server will be restarted.

    EVENT: 1074 - USER: NT AUTHORITY/SYSTEM
    The process Winlogon.exe has initiated the restart of computer on behalf of
    user for the following reason: Not title for this reason could be found.
    Reason Code: Ox50006
    Shutdown type: Restart
    Comment: The system process 'C:Windows\system32\lsass.exe' terminated
    unexpectedly with status code-1073740972. The system will now shut down and
    restart.

    I have also gone back through the logs and this event is definately logged
    every time the server restarts, and definately sounds like it is reason for
    restarts as it says. Can anyone tell me what I do from here and how I look
    into this further. Thanks, Shane

    "JohnP" wrote:

    > I have the same issue but not as frequent.. any resolution?
    > thanks.
    > John
    >
    > "jfoster@aasdifference.com" wrote:
    >
    > > Was this ever resolved? I have the exact same issue.
    > >
    > > Thanks
    > > Jeff
    > >
    > >


  13. #13
    Edwintjr Guest

    Re: WINDOWS SERVER 2003

    I am getting that even, and I have noticed a software install happened
    moments before the first occurance. In the system log I see where the MSI
    service starts and enters running but then I see an unexpected reboot message
    and then a little while later I started getting that message. (lsass
    1073740972)

    The server is at a site I initially setup, and had 81 days of uptime before
    the install, now it is consitent, once every 7 days at the same time (within
    a couple of minutes). I have figured out the customer tried to install
    Sonicwall Viewpoint software. I would look for software installation in the
    event log if your log is long enough to go back that far (when it first
    started happening).

    I haven't uninstalled or tried to fix that install yet, but it is almost a
    given this is what most likely caused my issue.

    "Shane Sensor" wrote:

    > Hello. Have tried running malicious software removal tools and scanning pcs
    > and server in safe mode. Nothing unusual found. This week had 4 days where
    > the server didn't reset once, and then today it's reset 7 times in about an
    > hour. Found the following note in the Event logs which I hadn't noticed
    > before, but this event actually explains that the server will be restarted.
    >
    > EVENT: 1074 - USER: NT AUTHORITY/SYSTEM
    > The process Winlogon.exe has initiated the restart of computer on behalf of
    > user for the following reason: Not title for this reason could be found.
    > Reason Code: Ox50006
    > Shutdown type: Restart
    > Comment: The system process 'C:Windows\system32\lsass.exe' terminated
    > unexpectedly with status code-1073740972. The system will now shut down and
    > restart.
    >
    > I have also gone back through the logs and this event is definately logged
    > every time the server restarts, and definately sounds like it is reason for
    > restarts as it says. Can anyone tell me what I do from here and how I look
    > into this further. Thanks, Shane
    >
    > "JohnP" wrote:
    >
    > > I have the same issue but not as frequent.. any resolution?
    > > thanks.
    > > John
    > >
    > > "jfoster@aasdifference.com" wrote:
    > >
    > > > Was this ever resolved? I have the exact same issue.
    > > >
    > > > Thanks
    > > > Jeff
    > > >
    > > >


  14. #14
    Join Date
    Nov 2008
    Posts
    2

    Re: WINDOWS SERVER 2003

    I have a customer who's server I manage that is also having this issue. OS is 2003 R2 Enterprise Ed., SP2. After deep investigation, we found that the Sasser worm or it's variants seem to be at the heart of this matter, however I am unable to find any of the tell-tale .exe files (and there are several) or registry entries. We have not installed the Microsoft patch (the customer has not given their consent even after letting them know this is will help). Much like the other posters, the reboots are random with no pattern. I just had one happen about 2 hours ago for the first time in a few weeks.

    They are running ESET NOD32 Antivirus and are firewalled via an appliance (not software). We see events in both the Application AND System Event Viewer Logs. The following are snippets of the logs entries:

    From System Logs:

    Event Type: Error
    Event Source: LsaSrv
    Event Category: Security Package Manager
    Event ID: 5000
    Date: 11/2/2008
    Time: 7:16:47 PM
    User: N/A
    Computer: XXXXXXXXX
    Description: The security package Microsoft Unified Security Protocol Provider generated an exception. The exception information is the data.


    Event Type: Information
    Event Source: USER32
    Event Category: None
    Event ID: 1074
    Date: 11/2/2008
    Time: 7:17:22 PM
    User: NT AUTHORITY\SYSTEM
    Computer: XXXXXXXXXX
    Description: The process winlogon.exe has initiated the restart of computer XXXXXXXXX on behalf of user for the following reason: No title for this reason could be found
    Reason Code: 0x50006
    Shutdown Type: restart
    Comment: The system process 'C:\WINNT\system32\lsass.exe' terminated unexpectedly with status code -1073741819. The system will now shut down and restart.

    Application Logs:

    Event Type: Error
    Event Source: Application Error
    Event Category: (100)
    Event ID: 1000
    Date: 11/2/2008
    Time: 7:16:50 PM
    User: N/A
    Computer: XXXXXXXXX
    Description: Faulting application lsass.exe, version 5.2.3790.0, faulting module crypt32.dll, version 5.131.3790.3959, fault address 0x0001ec50.

    Event Type: Error
    Event Source: Winlogon
    Event Category: None
    Event ID: 1015
    Date: 11/2/2008
    Time: 7:17:21 PM
    User: N/A
    Computer: XXXXXXXXXX
    Description: A critical system process, C:\WINNT\system32\lsass.exe, failed with status code c0000005. The machine must now be restarted.

    I am starting to wonder if this is a new variant? Last variant was in 2007, but like I said previously, I find none of the tell tale .exe files or the registry entries which makes me wonder. Anyone have any more info or any similar instances?

    Also for those who want to dig, I found this link helpful in checking the server, so it might help others who aren't in the same situation as myself:

    http://ask-leo.com/what_are_lsass_ls...o_if_i_am.html

  15. #15
    Peter Foldes Guest

    Re: WINDOWS SERVER 2003

    Crossposted to the microsoft.public.security.virus

    --
    Peter

    Please Reply to Newsgroup for the benefit of others
    Requests for assistance by email can not and will not be acknowledged.

    "LauraW." <LauraW..3ia4zc@DoNotSpam.com> wrote in message news:LauraW..3ia4zc@DoNotSpam.com...
    >
    > I have a customer who's server I manage that is also having this issue.
    > OS is 2003 R2 Enterprise Ed., SP2. After deep investigation, we found
    > that the Sasser worm or it's variants seem to be at the heart of this
    > matter, however I am unable to find any of the tell-tale .exe files (and
    > there are several) or registry entries. We have not installed the
    > Microsoft patch (the customer has not given their consent even after
    > letting them know this is will help). Much like the other posters, the
    > reboots are random with no pattern. I just had one happen about 2 hours
    > ago for the first time in a few weeks.
    >
    > They are running ESET NOD32 Antivirus and are firewalled via an
    > appliance (not software). We see events in both the Application AND
    > System Event Viewer Logs. The following are snippets of the logs
    > entries:
    >
    > _From_System_Logs:_
    >
    > Event Type: Error
    > Event Source: LsaSrv
    > Event Category: Security Package Manager
    > Event ID: 5000
    > Date: 11/2/2008
    > Time: 7:16:47 PM
    > User: N/A
    > Computer: XXXXXXXXX
    > Description: The security package Microsoft Unified Security Protocol
    > Provider generated an exception. The exception information is the
    > data.
    >
    >
    > Event Type: Information
    > Event Source: USER32
    > Event Category: None
    > Event ID: 1074
    > Date: 11/2/2008
    > Time: 7:17:22 PM
    > User: NT AUTHORITY\SYSTEM
    > Computer: XXXXXXXXXX
    > Description: The process winlogon.exe has initiated the restart of
    > computer XXXXXXXXX on behalf of user for the following reason: No title
    > for this reason could be found
    > Reason Code: 0x50006
    > Shutdown Type: restart
    > Comment: The system process 'C:\WINNT\system32\lsass.exe' terminated
    > unexpectedly with status code -1073741819. The system will now shut
    > down and restart.
    >
    > _Application_Logs:_
    >
    > Event Type: Error
    > Event Source: Application Error
    > Event Category: (100)
    > Event ID: 1000
    > Date: 11/2/2008
    > Time: 7:16:50 PM
    > User: N/A
    > Computer: XXXXXXXXX
    > Description: Faulting application lsass.exe, version 5.2.3790.0,
    > faulting module crypt32.dll, version 5.131.3790.3959, fault address
    > 0x0001ec50.
    >
    > Event Type: Error
    > Event Source: Winlogon
    > Event Category: None
    > Event ID: 1015
    > Date: 11/2/2008
    > Time: 7:17:21 PM
    > User: N/A
    > Computer: XXXXXXXXXX
    > Description: A critical system process, C:\WINNT\system32\lsass.exe,
    > failed with status code c0000005. The machine must now be restarted.
    >
    > I am starting to wonder if this is a new variant? Last variant was in
    > 2007, but like I said previously, I find none of the tell tale .exe
    > files or the registry entries which makes me wonder. Anyone have any
    > more info or any similar instances?
    >
    > Also for those who want to dig, I found this link helpful in checking
    > the server, so it might help others who aren't in the same situation as
    > myself:
    >
    > http://ask-leo.com/what_are_lsass_ls...o_if_i_am.html
    >
    >
    > --
    > LauraW.
    > ------------------------------------------------------------------------
    > LauraW.'s Profile: http://forums.techarena.in/members/lauraw-.htm
    > View this thread: WINDOWS SERVER 2003
    >
    > http://forums.techarena.in
    >


Page 1 of 2 12 LastLast

Similar Threads

  1. problem with windows 2003 active directory and windows 2003 server
    By darkvicoamao in forum Active Directory
    Replies: 1
    Last Post: 20-04-2011, 06:13 PM
  2. Replies: 2
    Last Post: 18-03-2009, 12:40 PM
  3. How to rename Windows 2003 server+Exchange 2003 SRV Netbios Name
    By Victor Lapiedra in forum Windows Server Help
    Replies: 3
    Last Post: 07-03-2009, 11:16 AM
  4. Replies: 3
    Last Post: 25-07-2007, 04:44 PM
  5. Replies: 12
    Last Post: 18-01-2007, 04:05 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,650,205.92213 seconds with 16 queries