LSASS restart

2004-04-21 22:29:32.055146+00 by Dan Lyke 8 comments

Help! Anyone know what it means when a Windows 2k machine runs for some apparently random amount of time, then tells me that LSASS.EXE has unexpectedly quit with some error number (1073807364 and 128 are the ones I've personally logged) and counts down 60 seconds before it restarts the computer?

I've run several different versions of LSASS.EXE, checked for unknown processes in the process list, looked in the usual places in the registry for viruses and similar startups, and run http://housecall.trendmicro.com/ . The machine's behind a firewall, which makes me believe that it's not one of the assorted DOS attackes that target bugs in LSASS.EXE (and the firewall isn't showing untoward traffic), and it will do this even logged in as a generic user with nothing running. And it's not consistent.

I'm running so low on ideas that we're down to swapping around RAM. Anyone? Pleeease?

comments in ascending chronological order (reverse):

#Comment Re: made: 2004-04-22 00:43:48.428338+00 by: aiworks

MS Knowledge base has several "sounds like this" issues listed. Take a look at this one: http://support.microsoft.com/default.aspx?scid=kb;EN-US;331330 (for which a hotfix is available).

Does it do this if you boot up into safe mode?

#Comment Re: over heating? made: 2004-04-22 15:14:08.84266+00 by: flushy

Could it be overheating?

I had a laptop that would do strange things after I was using it awhile on the couch. It would say something nonsense about the modem driver and IRQ_UNAVAILABLE... even though I wasn't using the modem.

Put a towel, and a baggie of ice under it, and it worked fine afterwards (turns out some Sony laptops have a cooling problem). Without the ice, it would continue to lock up and reboot.

#Comment Re: made: 2004-04-22 15:34:05.867164+00 by: meuon

Regarding laptops overheating.. my big HP zd7000 puts out some heat! It has TWO large fans on the bottom, semi-recessed and vents on the left side. If I place it on a desk with loose papers under it, it'll suck the paper up covering the fans, and shut down in under 1 minute. Forget putting this thing on a lap.. But it's a great semi-portable desktop machine.

#Comment Re: made: 2004-04-22 16:20:52.661222+00 by: Dan Lyke

Since I don't have a message in my inbox this morning, I'm assuming that downloading and manually installing one of the hotfixes mentioned in one of those reports covered it. But Windows Update didn't get it.

My biggest complaint is that all of the issues like the one you linked above (and there are a *bunch*) referred to server versions. This particular machine has no server running on it, so I'm not sure what was going on.

#Comment Re: made: 2004-04-22 17:41:40.942784+00 by: aiworks

Hey Dan,

Just to mention... that linked article above does mention Windows 2000 Professional SP1, Microsoft Windows 2000 Professional SP2, and Microsoft Windows 2000 Professional SP3 by name (affected versions toward the bottom).

I did think it was very strange that Active Directory weirdness (gist of the above article) would cause serious client side problems; however, if I try and unwind that ball of rubber bands, I'll start feeling sad.

#Comment Re: you still got that? made: 2004-04-22 18:03:10.132291+00 by: flushy


I can't believe you still got that portal refiger^H^H^H^H^H computer!! Does the LCD display still work on it?

#Comment Re: made: 2004-04-22 18:30:28.523799+00 by: Dan Lyke

It appears that the patch Windows2000-KB835732-x86-ENU.EXE worked.

It bothers me that there have been so many vulnerabilities, most of them apparent buffer overruns, in the process which doles out user rights, even remotely, but as Mark said: I mustn't try to start unwinding that ball.

#Comment Re: made: 2004-04-22 18:54:54.144278+00 by: meuon

Huh? Flushy, you mean my old lugable? Laughing..not even I have kept such a beast. a zd7000 is a 2.4ghz wide screen laptop.. I even have an external LCD screen for it so that I have a reasonably portable dual-head setup. Works great.