Lsass.exe and Nod reboots

I seem to be having the dreaded lsass.exe error on our server that I just installed Nod on. This server is a Windows 2000 server. It is also our Exchange server and a file server. It is a secondary domain controller in our active directory domain. This server was extremely stable prior to the loading of Nod32 on it. Now it will periodically reboot (approx once a day). The only problem indicated in the event log prior to the reboot is a Dr Watson error stating: The application, lsass.exe, generated an application error The error occurred on 03/23/2005 @ 07:19:10.402 The exception generated was c0000005 at address 009EA512 (<nosymbols>). The following text is from the event log, since I haven't been present when the reboot occurred. I have DMON and IMON disabled on this server. I have excluded the Exchange folders from AMON scanning. Are there additional exclusions that might help in this case?

Any help would be appreciated. I won't be able to keep Nod on the server for long if this keeps up.

Thanks in advance.

 

You said IMON was disabled on the server. Do you mean IMON's icon is actually grey and not red?

 

Hi Marcos; the DMON and IMON icons are both red. The checkbox for "Enabled" is unchecked for both.

 

Hi Illuminati,
red IMON's icon indicates that IMON is still registered to the system. Click on the Quit button and reboot the machine to remove IMON completely from the system (indicated by a grey IMON's icon).

 

Thanks, I will try that as soon as I can reboot the server. It will probably be early morning. Is it possible that IMON could still have been the culprit if the "Enable" checkbox was unchecked? If so, is it a recommended practice to uncheck and quit IMON on servers? Any other general recommendations for settings when loaded on a server?

Thanks for the help.

 

By default, IMON is not registered to the system on servers at all. As of the next version, a warning will appear on servers before IMON is enabled.

 

Sorry to interrupt a serious discussion.

illuminati... couldn't you just be Raisin Bran?

Back to serious discussion.

 

Just wanted to keep you updated. I rebooted the server after IMON was unloaded. So far, so good. I will post again in a few days to let you know if things are still going good.

I appreciate the help received on this forum.

Thanks.

 

Thank you, it is appreciated, as we all learn this way.

And a good result so far.

Cheers

 

Final update: 5 days, and no recurrence. It looks like unloading IMON solved the problem. The server has been rock solid, performance is good.

Thanks for the help.

 

Thanks illuminati, good to see.

Cheers