Jul 05 2021 08:18 PM
The process wininit.exe has initiated the restart of computer Domain Controller 2019 on behalf of user for the following reason: No title for this reason could be found
Reason Code: 0x50006
Shutdown Type: restart
Comment: The system process 'C:\Windows\system32\lsass.exe' terminated unexpectedly with status code -1073740767. The system will now shut down and restart.
Faulting application name: lsass.exe, version: 10.0.17763.1, time stamp: 0xf1beaffa
Faulting module name: verifier.dll, version: 10.0.17763.1, time stamp: 0x197d3cfd
Exception code: 0xc0000421
Fault offset: 0x0000000000006646
Faulting process id: 0x2a4
Faulting application start time: 0x01d77174ea850ebe
Faulting application path: C:\Windows\system32\lsass.exe
Faulting module path: C:\Windows\System32\verifier.dll
Report Id: 62e62818-ccba-40c1-a815-e036fe1c42c9
Faulting package full name:
Faulting package-relative application ID:
I detected that when I stop NETLOGON Services, server 2019 doesn't restart unexpectedly. But when start NETLOGON Services, it still restart every 5 ~ 10 minutes.
Jul 06 2021 06:25 AM
What's the history here? New domain controller or new problem? How many domain controllers?
Jul 06 2021 08:53 PM
I have plan upgrade AD from 2008 to 2019. On root site have 02 DC2019 (Also have issue "restart unexpected" then fixed by re-creating health mailbox account) but Child domain is not resolved. In this site, I forcing install DC2012 to client connect normally and with DC2016 & DC2019, if start NETLOGON services. they are rebooted unexpected.
I doubt that some suspicious client attacking thought NETLOGON services. 😞
Please save me. This issue still not resolve for 3 months
Jul 07 2021 07:20 AM
I can still only understand about a third of this. Upgrading domain controllers in this broken environment is never recommended. You may want to restore a recent known good backup and work from there.
Feb 16 2023 07:56 AM
Feb 16 2023 07:31 PM
@dasave Hi. We open ticket premier support case Microsoft. Infomation about my case below:
Issue: LSASS crashes on domain controller repeatedly
Resolution:
The issue happened because the password didn’t preserved properly previously and caused the crash. Normally, we save the hash after password is changed. But the password stored in dump showed up as plain text. And the plain text is way too long for LSASS to process.
iopl=0 nv up ei pl nz na po cy
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010205
samsrv!SampGetPrivateUserData+0x1db:
00007ff9`00ffb5eb 488b45f8 mov rax,qword ptr [rbp-8] ss:00000097`005f8ba8=0000023cf72a8df4
@rbx UserContext = 0x00000097`005f8270
<unavailable> UserPasswordSettings = <value unavailable>
<unavailable> DataLength = <value unavailable>
@r13 Data = 0x0000023c`bb6feda8
00000097`005f8b90 TempString = ""GREr_?;XqBo?\pfSfYEk*@bG)[;j?/\8nwV:s OGA1LZ?SXg]eS66_cVoD3xGbxQ+DRWYN_$""xV>3w!w9vS:q!Jri+'fXJ[I#sbv^wiYm1PUzrvwSdGDXK2""
00000097`005f8ba0 StoredBuffer = ""GREr_?;XqBo?\pfSfYEk*@bG)[;j?/\8nwV:s OGA1LZ?SXg]eS66_cVoD3xGbxQ+DRWYN_$""xV>3w!w9vS:q!Jri+'fXJ[I#sbv^wiYm1PUzrvwSdGDXK2""
@esi NtStatus = 0n0
<unavailable> BufferPointer = <value unavailable>
@r15d PasswordHistoryLength = 6
Dump you just uploaded:
UserContext = 0x0000020e`2760fb30
UserPasswordSettings = <value unavailable>
DataLength = <value unavailable>
Data = 0x0000020d`9c9eee78
TempString = ""GREr_?;XqBo?\pfSfYEk*@bG)[;j?/\8nwV:s OGA1LZ?SXg]eS66_cVoD3xGbxQ+DRWYN_$""xV>3w!w9vS:q!Jri+'fXJ[I#sbv^wiYm1PUzrvwSdGDXK2""
StoredBuffer = ""GREr_?;XqBo?\pfSfYEk*@bG)[;j?/\8nwV:s OGA1LZ?SXg]eS66_cVoD3xGbxQ+DRWYN_$""xV>3w!w9vS:q!Jri+'fXJ[I#sbv^wiYm1PUzrvwSdGDXK2""
NtStatus = 0n0
BufferPointer = <value unavailable>
PasswordHistoryLength = 6
We would recommend following to reduce the probability of this issue from happening again.
We found you changed PasswordHistoryLength to 6 (By default is 24). Based on code review, changing the passwordhistorylength to 24 may help with the symptom. This will require you change your default domain policy: Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\ Enforce password history to 24.
Note: Enforce password history will apply for both machine account and user account.
Feb 17 2023 11:43 AM
Apr 19 2023 07:21 PM
Hello dear, could you please tell me if your problem was solved? Just resubmitted the error during business hours 😞