We have Windows 2012 R2 server with Active Directory role, which 1-2 times in the day starts automatically restart after recorded events 1000 and 1015 to event log:
Log Name: Application
Source: Application Error
Date: 3/9/2016 4:37:41 PM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: COMPUTERNAME.DOMAIN
Description:
Faulting application name: lsass.exe, version: 6.3.9600.17415, time stamp: 0x545042fe
Faulting module name: ntdsai.dll, version: 6.3.9600.18009, time stamp: 0x55c8e51c
Exception code: 0xc0000005
Fault offset: 0x0000000000219d67
Faulting process id: 0x%9
Faulting application start time: 0x%10
Faulting application path: %11
Faulting module path: %12
Report Id: %13
Faulting package full name: %14
Faulting package-relative application ID: %15
Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 3/9/2016 4:37:49 PM
Event ID: 1015
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: COMPUTERNAME.DOMAIN
Description:
A critical system process, C:\Windows\system32\lsass.exe, failed with status code c0000005. The machine must now be restarted.
Server have all up to date fixes until 2/23/2016 and official MS KB2914387 dont' help, because DLL file Ntdsai.dll noticed in hotfix is older and server already have more fresh version of that DLL.
We found source of restarts - OOMADs.msi(Active Directory Management Pack Helper Object) was recently installed to provide Active Directory monitoring for SCOM agent. After OOMADs.msi uninstall problem gone.
/Geecoholic
No comments:
Post a Comment