Lsass.exe Error Message

Discussion in 'ESET NOD32 v3 Beta Forum' started by Blackspear, Jun 23, 2004.

Thread Status:
Not open for further replies.
  1. rumpstah

    rumpstah Registered Member

    Joined:
    Mar 19, 2003
    Posts:
    486
    Interesting reading about Everest (which I have installed). I have the latest Beta installed on 6 different workstations from Windows 2000 SP4 to Windows XP SP1. All have the latest updates. I use the Checkpoint VPN software (latest version) on 2 of the workstations to connect to work and I have never experienced any of these issues. The box I am currently using has approximately 180 programs installed.
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I have never experienced the problem until putting on the Beta, the only exception being my customer experienced it... and others on this forum have been coming forward...

    Still no word from Eset as to acknowledging there is a problem or if they are working on a solution...

    Cheers :D
     
  3. Niko

    Niko Registered Member

    Joined:
    Apr 8, 2004
    Posts:
    23
    Location:
    France
    Hello,

    Are you sure that this lsass problem comes from Imon ?

    I have a 2 CPU server running W2k with AD. On this server is installed the current version of NOD32 version 2 and I have this trouble since a month.

    Sometimes the crash is preceded by a memory error message, sometimes not.

    Last week the server does'nt had any problem for 4 days and I was wondering if it was solded but as Blackspear answers No, i have disabled Imon.

    This morning, I can see that the probleme is still here because my server restart on Sundy at 6H27 AM and no one was working on the server this WE.

    What can be the solution to stop those untimely reboot ? It's critical on a server.

    Is ESET actualy trying to find a solution ?

    Niko
     
  4. nlangmaid

    nlangmaid Registered Member

    Joined:
    Jun 11, 2004
    Posts:
    6
    Location:
    Melbourne, Australia
    Niko,

    I found that simply disabling IMON didn't stop the LSASS faults. Instead, I uninstalled NOD32 and reinstalled without choosing the IMON option. Then the crashes stopped.

    I don't know what the difference is exactly, but I hope that Esset are aware of this problem and doing something about it to get it working again.

    I'd also like to think they are doing something about a version of EMON that will work with current versions of Outlook.

    Who knows?

    Nick.
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Thanks for your input and findings Nick.

    Cheers :D
     
  6. DonKid

    DonKid Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    566
    Location:
    S?o Paulo, Brazil
    Blackspear,

    I found another bug with lsass.exe:

    I use true image from acronis to backup my HD.
    I don't have 2 HD, so I use DVD to backup my HD.
    True Image needs INCD from Nero.
    When I turn on my PC and INCD is enable, when I try to connect to internet, the same problem with lsass.exe happens to me.After reboot, If I don't try to connect to internet, everything is fine, so I can check the lsass's log and it shows me that the problem was imon.dll.
    I tried to disable INCD service, reboot my PC and after that I could use internet without any problems.
    Do you have any idea to solve this problem ?

    Best Regards,

    DonKid.
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi DK, you are now added to the list of people having the lsass.exe problem. And as you can see throughout this thread and the other 2 links at the beginning, the problem does relate to IMON. There are a few very knowledgeable people on this thread that are willing to help Eset delve into what is happening.

    Thanks for your input. If you keep following this thread, eventually there will be a fix provided by Eset or an update to a newer version of IMON.

    Cheers :D
     
  8. DonKid

    DonKid Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    566
    Location:
    S?o Paulo, Brazil
    Blackspear,

    Thanks and I hope they can find a solution for it.Today I installed Reget 4.0 Build 210 and reboot my PC.When I tried to connect to internet, the same problem.So I reboot my PC BEFORE to click yes for the error message.When it restarted, I could use internet and reget too.
    It's too strange.

    Best Regards,

    DonKid.
     
  9. arrowsmithmidwest

    arrowsmithmidwest Registered Member

    Joined:
    May 12, 2004
    Posts:
    165
    Location:
    Midwest
    im not even sure if it is related but can't we set the RPC service to restart the service and not restart the computer when failing.

    Or is this Lsass.exe error not involving the RPC service?
     
  10. DonKid

    DonKid Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    566
    Location:
    S?o Paulo, Brazil
    arrowsmithmidwest,

    I don't know.

    Best Regards,

    DonKid.
     
  11. bcronin

    bcronin Registered Member

    Joined:
    Jun 24, 2004
    Posts:
    105
    Location:
    Hyde Park, NY USA
    So, here's what AT&T had to say ...

    -----

    In reality I think this is NOD32 problem. The faults you indicate don’t involve us. We just happen to stop LSASS.EXE using the Win32 API before we VPN connect:

    ControlService(hService, SERVICE_CONTROL_STOP, &ServiceStatus) ß actual code that stops LSASS.EXE

    -----

    I replied seeking clarification and received the following ...

    -----

    > Thanks, can you confirm that you only stop lsass.exe if you find it
    running?

    Yes.

    > Because if I disable it from the services control panel before I
    invoke the dialer, the problem does not occur (hence my theory that it is
    something to do with the dialer stopping it that is causing the error).

    We use the Win32 API to stop LSASS.EXE, the function is "ControlService". We don't disable the LSASS.EXE service, we just stop it. I don't know if the service control manager is using the same function we do, but they probably are. This could be explained by a timing issue.

    I installed the trial version and could not reproduce your problem. You probably don't need the PolicyAgent service housed in LSASS.EXE running since you are using our IPSEC. So, a workaround would be to stop and disable it.

    -----

    So I am at a dead end. In any event, if Eset would like to enlist my assistance in conducting further problem determination and/or testing of proposed fixes, I can recreate the problem at will and would be happy to help (but I will be on the road until July 26 as of tomorrow, so will not be able to pursue it further until then).

    Bob Cronin
     
  12. nlangmaid

    nlangmaid Registered Member

    Joined:
    Jun 11, 2004
    Posts:
    6
    Location:
    Melbourne, Australia
    Hi Blackspear,

    I may have spoken too soon. I'm now getting crashes in Flight Simulator reported as being in IMON.DLL. And I thought I had IMON completely disabled. o_O

    It's "fairly" reproduceable. I let the first couple go to Microsoft's bug reporting server, but it fairly predictably diagnosed the problem and referred me to www.nod32.com to check for updates or request support.

    I started a new thread before I noticed that this one was still kicking on. If you're keeping a list of people with IMON troubles, better put me back on it.

    Thanks for sticking with it,
    Nick.
     
  13. DonKid

    DonKid Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    566
    Location:
    S?o Paulo, Brazil
    Hi Folks,

    Any news about when this problem will be fixed ?

    Best Regards,

    DonKid.
     
  14. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    Just a thought (maybe not a smart one?)... Have any of you tried 'tweaking' the options in IMON a little? F.ex. this setting --> "Automatically detect changes in network configuration and repair necessary settings" (in IMON Advanced Setup, under the "Network configuration changes" option) unchecking/checking it (I have it checked).
     
  15. taperino

    taperino Registered Member

    Joined:
    Apr 26, 2004
    Posts:
    90
    Please keep me on this list. I have to keep imon disabled then sign on w/dsl then turn on IMON which isn't so much of a problem. I do get an error problem here and there, but not the LSASS one. I only get that if I forget and have IMON running when trying to log on w/dsl.

    So, to whoever is keeping the list, please keep me on it too! :)

    Thanks.. taperino
     
  16. bsilva

    bsilva Registered Member

    Joined:
    Mar 24, 2004
    Posts:
    238
    Location:
    MA, USA
    I never had any problems at home. I've only seen it once and it was a win2k. I have over 600 hundred pc's and I haven't heard one complaing about it yet. Know on wood.
     
  17. arrowsmithmidwest

    arrowsmithmidwest Registered Member

    Joined:
    May 12, 2004
    Posts:
    165
    Location:
    Midwest
    i have updated the imon.dll on our SBE server 2003 last week, so far it has been alright.
     
  18. Vando

    Vando Guest

    Hello there,

    I had this problem a little while back, when I connected to the internet. Straight away after connecting, the error message came up. Sometimes I could browse in Opera and it would be ok, but it always came up with the error using IE.

    This all happened after I installed the MS patches:

    KB835732
    KB837001
    KB828741

    I took these patches off and the machine is running fine now. Just as a test, I put them back on again, and the same problems appeared.

    I also used system restore to the time just before I installed the patches.

    I don't know if I'm exposing myself to the virus by not having the patches, but figure NOD32 will pick it up.

    Vando
     
  19. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    @vando

    Vando, about removing these three updates, i suggest you leave the last one in place (KB828741) cause it is a critical update for the RPC/DCOM, it's a security update for Remote Code Execution. ;)

    rgds,
    Martin
     
  20. kishor

    kishor Guest

    Event Type: Error
    Event Source: Userenv
    Event Category: None
    Event ID: 1007
    Date: 27/06/2004
    Time: 7:01:54 AM
    User: XXXXX\XXXXX
    Computer: XXXXX
    Description:
    Windows cannot determine the associated site for this computer. (The RPC server is too busy to complete this operation. ). Group Policy processing aborted.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



    In the event logs from yesterday I have the following:

    Event Type: Error
    Event Source: Winlogon
    Event Category: None
    Event ID: 1015
    Date: 26/06/2004
    Time: 11:16:43 AM
    User: N/A
    Computer: XXXXX
    Description:
    A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code c0000005. The machine must now be restarted.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
     
  21. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Hello,
    would you please try installing the latest beta available on our website? Should the problem still perist, please try uninstalling NOD completely to make sure it is actually the culprit.
     
  22. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
  23. still having the prom after comming the error of lsass.exe it restrat my computer and bloody me pissed of this virus please kindly tell me the right soloution thanxs
    reply me on my email adress(nav_l23@hotmail.com)
     
  24. snapdragin

    snapdragin Registered Member

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi navl23,

    You have posted in the NOD32 Beta forum; are you using NOD32 version 2 antivirus?

    Regards,

    snap
     
  25. taperino

    taperino Registered Member

    Joined:
    Apr 26, 2004
    Posts:
    90
    Hi, I just got notice that I was subscribed to this thread. (I had forgotten about it.)

    I was having the Lsass problem (posts above), and after awhile NOD32 must've fixed the problem, because now I can log on normally and leave everthing running.

    Just thought I'd let you know.

    Thanks ---- Taperino
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.