Trial Version of True Image Enterprise Server Causes LSASS error and machine reboot

Discussion in 'Acronis True Image Product Line' started by RCorbet, Apr 4, 2005.

Thread Status:
Not open for further replies.
  1. RCorbet

    RCorbet Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    2
    We had a trial version of Acronis True Image Enterprise Server installed as part of our Plesk Server Administrator software: http://www.sw-soft.com/en/products/plesk75win/

    Since installing, the server has errored when an administrator tries to change their password using windows security when logged in via remote desktop. I've posted a thread on the Plesk forums at: http://forum.plesk.com/showthread.php?s=&postid=100995 but the general details of the problem that ocurrs is as follows:

    When a user logs in through Terminal Service (Administration mode) and changes their password, the machine is rebooted. (Windows Security, Change Password, Enter current and new passwords, then server reboots. The server dones’t

    The following error is shown on screen:

    The system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by NT AUTHORTY\SYSTEM. Shutdown will begin in 58 seconds. Shutdown message: The system process ‘C:\windows\system32\lsass.exe’ terminated unexpectedly with status code -1073740972. The system will now shut down and restart.

    The following items can also be found in the Application error log around this time:

    Event ID: 1004
    Reporting queued error: faulting application winlogon.exe, version 0.0.0.0, faulting module msgina.dll, version 5.2.3790.0, fault address 0x000118e6.

    Event ID: 1004
    Reporting queued error: faulting application lsass.exe, version 5.2.3790.0, faulting module ntdll.dll, version 5.2.3790.0, fault address 0x0003c10b.

    Event ID: 1000
    Faulting application , version 0.0.0.0, faulting module msgina.dll, version 5.2.3790.0, fault address 0x000118e6.

    Event ID: 1015
    A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code c0000354. The machine must now be restarted.

    Event ID: 1000
    Faulting application lsass.exe, version 5.2.3790.0, faulting module ntdll.dll, version 5.2.3790.0, fault address 0x0003c10b.

    Errors in System Error Log:

    Event ID: 26
    Application popup: System Shutdown : The system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by NT AUTHORITY\SYSTEM. Shutdown will begin in 58 seconds. Shutdown message: The system process 'C:\WINDOWS\system32\lsass.exe' terminated unexpectedly with status code -1073740972. The system will now shut down and restart..

    Event ID: 1074
    The process winlogon.exe has initiated the restart of computer KRYTON on behalf of user for the following reason: No title for this reason could be found
    Reason Code: 0x50006
    Shutdown Type: restart
    Comment: The system process 'C:\WINDOWS\system32\lsass.exe' terminated unexpectedly with status code -1073740972. The system will now shut down and restart.

    Event ID: 5000
    The security package ACRONIS_RELOGON_AUTHENTICATION_PACKAGE generated an exception. The exception information is the data.

    We have done some testing, and the problem seems to occur after installing the Acronis trial software. Follow the steps to reproduce, below:

    1. Take a clean copy of Windows Server 2003 Standard (fully patched).
    2. Download the trial version of Acronis True Image Enterprise Server from: http://www1.acronis.com/enterprise/download/ATIESWin/
    3. Install the Acronis Software.
    4.Go and try to change your password (user belonging to the admin group) when using Remote Desktop (Use windows security from the start menu).
    5. The machine will then be forced to reboot by an LSASS problem.

    We have tested the above on two machines.

    Has anyone else experienced this problem? If so, are you aware of any way to correct the problem? Unfortunately, uninstalling the software doesn't correct the problem!

    TIA for your help.

    Roland
     
  2. napoleon

    napoleon Registered Member

    Joined:
    Mar 26, 2005
    Posts:
    110
    Hello! While I haven't seen this problem with this product, I have seen LSASS errors generated for apps due to conflicts or issues with an locally installed anti-virus software. Do you have any anti-virus installed? If so, disable any relevant services and try again. Unfortunately, I cannot try this myself, and this may not even be your issue, but I figured I'd throw it out there. Good luck!
     
  3. RCorbet

    RCorbet Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    2
    Hi,

    Thank you for the reply.

    The Plesk server that we are seeing the problem on does have some Antivirus Software installed on it: http://www.drweb.com/ or http://www.sw-soft.com/en/products/plesk75win/addons/#dr.web

    However, on the test machine that we have set up, it was a clean install of Windows, with only patches added on to it. No antivirus would have been present. We have also installed Plesk, omitting the install of Acronis, and all is OK.

    Cheers,

    Roland
     
  4. alejandm

    alejandm Guest

    Try renaming or deleting the following dll: relog_ap.dll.
    I'm analyzing an lsass.exe process dump and this dll is causing the exception. Let me know how it went.
     
  5. Ced

    Ced Guest

    We have exactly the same problem with the real version of True image 8.

    I have seen it now on 3 servers.

    Anyone got a fix? Has Acronis been notified?
     
  6. ganguro_x

    ganguro_x Guest

    This may probably cause a virus or a spyware... we do encounter the lsass.exe forced reboot sequence even without the Acronis Trial Version.. or probably it may have trigerred that error after installing the software. Check if u have installed all the latest patches from windows specifically the Windows2000-KB835732-x86-ENU
     
  7. lazaro

    lazaro Registered Member

    Joined:
    Jan 12, 2006
    Posts:
    1
    hi, i`m from argentina, and i`ve have the same problem, bup my configuration is some different...

    i have a windows 2003 server
    configured with
    DNS - DHCP - AD
    sql 2000
    sql reporting services
    symantec Anti virus

    whitout Terminal Services

    so... some one find a solution?

    Thenks, and.. sorry for my poor english.
    Lazaro
     
  8. Acronis Support

    Acronis Support Acronis Support Staff

    Joined:
    Apr 28, 2004
    Posts:
    25,885
    Hello everyone,

    Thank you for your interest in Acronis Remote Server Backup Software.

    Please accept our apologies for the delay with the response.

    If you encounter the same problem as RCorbet has described then please provide us with the following information:

    - Create Acronis Report and Windows System Information as it is described in Acronis Help Post;

    - Clarify whether the issue appears only after you have installed the free trial or full version of Acronis True Image 8.0 Enterprise Server for Windows;

    - Which build number of Acronis True Image 8.0 Enterprise Server for Windows you use?

    You can find the full version name and build number by going to Help -> About... menu in the main program window.

    - Describe actions taken before the problem appears step-by-step.

    Could you please also do the following?

    - Open Computer properties either by right clicking on My Computer icon and choosing Properties or by opening System properties in Control Panel;

    - Go to Advanced tab;

    - Press Startup and Recover Settings button;

    - Choose Small memory dump in Write debugging information box;

    - Close all the dialog windows by clicking OK buttons;

    - Reproduce the system crash and collect the mini-dumps created.

    Please submit a request for technical support. Attach all the collected files and information to your request along with the link to this thread. We will investigate the problem and try to provide you with the solution.

    Thank you.
    --
    Alexey Popov
     
Thread Status:
Not open for further replies.