Lsass.exe and Nod reboots

Discussion in 'NOD32 version 2 Forum' started by illuminati, Mar 23, 2005.

Thread Status:
Not open for further replies.
  1. illuminati

    illuminati Registered Member

    Joined:
    Mar 23, 2005
    Posts:
    21
    I seem to be having the dreaded lsass.exe error on our server that I just installed Nod on. This server is a Windows 2000 server. It is also our Exchange server and a file server. It is a secondary domain controller in our active directory domain. This server was extremely stable prior to the loading of Nod32 on it. Now it will periodically reboot (approx once a day). The only problem indicated in the event log prior to the reboot is a Dr Watson error stating: The application, lsass.exe, generated an application error The error occurred on 03/23/2005 @ 07:19:10.402 The exception generated was c0000005 at address 009EA512 (<nosymbols>). The following text is from the event log, since I haven't been present when the reboot occurred. I have DMON and IMON disabled on this server. I have excluded the Exchange folders from AMON scanning. Are there additional exclusions that might help in this case?

    Any help would be appreciated. I won't be able to keep Nod on the server for long if this keeps up.

    Thanks in advance.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    You said IMON was disabled on the server. Do you mean IMON's icon is actually grey and not red?
     
  3. illuminati

    illuminati Registered Member

    Joined:
    Mar 23, 2005
    Posts:
    21
    Hi Marcos; the DMON and IMON icons are both red. The checkbox for "Enabled" is unchecked for both.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Hi Illuminati,
    red IMON's icon indicates that IMON is still registered to the system. Click on the Quit button and reboot the machine to remove IMON completely from the system (indicated by a grey IMON's icon).
     
  5. illuminati

    illuminati Registered Member

    Joined:
    Mar 23, 2005
    Posts:
    21
    Thanks, I will try that as soon as I can reboot the server. It will probably be early morning. Is it possible that IMON could still have been the culprit if the "Enable" checkbox was unchecked? If so, is it a recommended practice to uncheck and quit IMON on servers? Any other general recommendations for settings when loaded on a server?

    Thanks for the help.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    By default, IMON is not registered to the system on servers at all. As of the next version, a warning will appear on servers before IMON is enabled.
     
  7. Fubie

    Fubie Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    53
    Location:
    Rogersville, MO, USA
    Sorry to interrupt a serious discussion.

    illuminati... ;) couldn't you just be Raisin Bran? :)

    Back to serious discussion.
     
  8. illuminati

    illuminati Registered Member

    Joined:
    Mar 23, 2005
    Posts:
    21
    Just wanted to keep you updated. I rebooted the server after IMON was unloaded. So far, so good. I will post again in a few days to let you know if things are still going good.

    I appreciate the help received on this forum.

    Thanks.
     
  9. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Thank you, it is appreciated, as we all learn this way.

    And a good result so far.

    Cheers :D
     
  10. illuminati

    illuminati Registered Member

    Joined:
    Mar 23, 2005
    Posts:
    21
    Final update: 5 days, and no recurrence. It looks like unloading IMON solved the problem. The server has been rock solid, performance is good.

    Thanks for the help.
     
  11. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Thanks illuminati, good to see.

    Cheers :D
     
Thread Status:
Not open for further replies.