Post reply

Change logins causing system reboot

  • February 2, 2012 at 7:28 am

    #391463

    I've got a server with the following @@version return:

    Microsoft SQL Server 2008 R2 (SP1) - 10.50.2500.0 (X64) Jun 17 2011 00:54:03 Copyright (c) Microsoft Corporation Enterprise Edition (64-bit) on Windows NT 6.1 <X64> (Build 7601: Service Pack 1)

    With this server any time you make a server principal change using the GUI to change/add a login an error box pops up saying:

    "Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now."

    Then the server restarts.

    In the SQL error logs I see a series of errors...

    [165] ODBC Error: 0, Unspecified error occurred on SQL Server. Connection may have been terminated by the server. [SQLSTATE HY000]

    [298] SQLServer Error: 772, SSL Provider: The Local Security Authority cannot be contacted [SQLSTATE 08001]

    [298] SQLServer Error: 772, Client unable to establish connection [SQLSTATE 08001]

    [382] Logon to server '<machine name>' failed (ConnCachePerfCounterValues)

    Event viewer had the following under the Application tab:

    "A critical system process, C:\Windows\system32\lsass.exe, failed with status code c0000417. The machine must now be restarted."

    Any help would be appreciated, I'm not sure why the machine is doing this.

    Cheers,

    Gabe

  • February 9, 2012 at 2:19 pm

    #1445298

    I have this same issue running SQL Server 2005 on Windows Server 2008.

    Anytime that a new SQL Login is created or a password changed with the "Enforce password policy" box checked, LSASS faults and the server reboots.

    I have found that if I create the login or change the password with the "Enforce password policy" option unchecked, everything is OK. You can go back afterwards and re-check without any issues.

    That isn't really a long term solution though.

    What entries do you have for "Notification packages" in the registry key "HKLM\System\CurrentControlSet\Control\LSA"? If you see EnPasFlt or something similar, it is the root cause of your problem.

  • February 9, 2012 at 2:29 pm

    #1445308

    We ended up resolving our issue by dropping the machine from AD and re-adding it to the domain. Haven't seen problem come back yet.

    We did have to change the "HKLM\System\CurrentControlSet\Control\LSA" FIPS complaints flag which is in the same subkey. I think when the SA re-added to the domain the GPO may have reset it.

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply