@Dave Patrick 

I have plan upgrade AD from 2008 to 2019. On root site have 02 DC2019 (Also have issue "restart unexpected" then fixed by re-creating health mailbox account) but Child domain is not resolved. In this site, I forcing install DC2012 to client connect normally and with DC2016 & DC2019, if start NETLOGON services. they are rebooted unexpected. 

I doubt that some suspicious client attacking thought NETLOGON services. :( 

Please save me. This issue still not resolve for 3 months

I can still only understand about a third of this. Upgrading domain controllers in this broken environment is never recommended. You may want to restore a recent known good backup and work from there.

@TRUNGNV 

Hello friend, were you able to solve your problem? I have the same problem currently.

@dasave Hi. We open ticket premier support case Microsoft. Infomation about my case below:

Issue: LSASS crashes on domain controller repeatedly

Resolution:

The issue happened because the password didn’t preserved properly previously and caused the crash. Normally, we save the hash after password is changed. But the password stored in dump showed up as plain text. And the plain text is way too long for LSASS to process.

iopl=0         nv up ei pl nz na po cy

cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010205

samsrv!SampGetPrivateUserData+0x1db:

00007ff9`00ffb5eb 488b45f8        mov     rax,qword ptr [rbp-8] ss:00000097`005f8ba8=0000023cf72a8df4

@rbx              UserContext = 0x00000097`005f8270

<unavailable>     UserPasswordSettings = <value unavailable>

<unavailable>     DataLength = <value unavailable>

@r13              Data = 0x0000023c`bb6feda8

00000097`005f8b90 TempString = ""GREr_?;XqBo?\pfSfYEk*@bG)[;j?/\8nwV:s OGA1LZ?SXg]eS66_cVoD3xGbxQ+DRWYN_$""xV>3w!w9vS:q!Jri+'fXJ[I#sbv^wiYm1PUzrvwSdGDXK2""

00000097`005f8ba0 StoredBuffer = ""GREr_?;XqBo?\pfSfYEk*@bG)[;j?/\8nwV:s OGA1LZ?SXg]eS66_cVoD3xGbxQ+DRWYN_$""xV>3w!w9vS:q!Jri+'fXJ[I#sbv^wiYm1PUzrvwSdGDXK2""

@esi              NtStatus = 0n0

<unavailable>     BufferPointer = <value unavailable>

@r15d             PasswordHistoryLength = 6

Dump you just uploaded:

UserContext = 0x0000020e`2760fb30

UserPasswordSettings = <value unavailable>

           DataLength = <value unavailable>

                 Data = 0x0000020d`9c9eee78

           TempString = ""GREr_?;XqBo?\pfSfYEk*@bG)[;j?/\8nwV:s OGA1LZ?SXg]eS66_cVoD3xGbxQ+DRWYN_$""xV>3w!w9vS:q!Jri+'fXJ[I#sbv^wiYm1PUzrvwSdGDXK2""

         StoredBuffer = ""GREr_?;XqBo?\pfSfYEk*@bG)[;j?/\8nwV:s OGA1LZ?SXg]eS66_cVoD3xGbxQ+DRWYN_$""xV>3w!w9vS:q!Jri+'fXJ[I#sbv^wiYm1PUzrvwSdGDXK2""

             NtStatus = 0n0

        BufferPointer = <value unavailable>

PasswordHistoryLength = 6

We would recommend following to reduce the probability of this issue from happening again.

We found you changed PasswordHistoryLength to 6 (By default is 24). Based on code review, changing the passwordhistorylength to 24 may help with the symptom. This will require you change your default domain policy: Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\ Enforce password history to 24.

https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/enforce...

Note: Enforce password history will apply for both machine account and user account.

Hello dear, could you please tell me if your problem was solved? Just resubmitted the error during business hours :(