Domain Controller 2019 Event ID 1074, Reason Code: 0x50006 Lsass.exe terminated unexpectedly

Copper Contributor

The process wininit.exe has initiated the restart of computer Domain Controller 2019 on behalf of user for the following reason: No title for this reason could be found
Reason Code: 0x50006
Shutdown Type: restart
Comment: The system process 'C:\Windows\system32\lsass.exe' terminated unexpectedly with status code -1073740767. The system will now shut down and restart.


Faulting application name: lsass.exe, version: 10.0.17763.1, time stamp: 0xf1beaffa
Faulting module name: verifier.dll, version: 10.0.17763.1, time stamp: 0x197d3cfd
Exception code: 0xc0000421
Fault offset: 0x0000000000006646
Faulting process id: 0x2a4
Faulting application start time: 0x01d77174ea850ebe
Faulting application path: C:\Windows\system32\lsass.exe
Faulting module path: C:\Windows\System32\verifier.dll
Report Id: 62e62818-ccba-40c1-a815-e036fe1c42c9
Faulting package full name:
Faulting package-relative application ID:


I detected that when I stop NETLOGON Services, server 2019 doesn't restart unexpectedly. But when start NETLOGON Services, it still restart every 5 ~ 10 minutes.

7 Replies

What's the history here? New domain controller or new problem? How many domain controllers?



@Dave Patrick 

I have plan upgrade AD from 2008 to 2019. On root site have 02 DC2019 (Also have issue "restart unexpected" then fixed by re-creating health mailbox account) but Child domain is not resolved. In this site, I forcing install DC2012 to client connect normally and with DC2016 & DC2019, if start NETLOGON services. they are rebooted unexpected. 

I doubt that some suspicious client attacking thought NETLOGON services. :( 

Please save me. This issue still not resolve for 3 months

I can still only understand about a third of this. Upgrading domain controllers in this broken environment is never recommended. You may want to restore a recent known good backup and work from there.






Hello friend, were you able to solve your problem? I have the same problem currently.

@dasave Hi. We open ticket premier support case Microsoft. Infomation about my case below:


Issue: LSASS crashes on domain controller repeatedly



The issue happened because the password didn’t preserved properly previously and caused the crash. Normally, we save the hash after password is changed. But the password stored in dump showed up as plain text. And the plain text is way too long for LSASS to process.


iopl=0         nv up ei pl nz na po cy

cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010205


00007ff9`00ffb5eb 488b45f8        mov     rax,qword ptr [rbp-8] ss:00000097`005f8ba8=0000023cf72a8df4

@rbx              UserContext = 0x00000097`005f8270

<unavailable>     UserPasswordSettings = <value unavailable>

<unavailable>     DataLength = <value unavailable>

@r13              Data = 0x0000023c`bb6feda8

00000097`005f8b90 TempString = ""GREr_?;XqBo?\pfSfYEk*@bG)[;j?/\8nwV:s OGA1LZ?SXg]eS66_cVoD3xGbxQ+DRWYN_$""xV>3w!w9vS:q!Jri+'fXJ[I#sbv^wiYm1PUzrvwSdGDXK2""

00000097`005f8ba0 StoredBuffer = ""GREr_?;XqBo?\pfSfYEk*@bG)[;j?/\8nwV:s OGA1LZ?SXg]eS66_cVoD3xGbxQ+DRWYN_$""xV>3w!w9vS:q!Jri+'fXJ[I#sbv^wiYm1PUzrvwSdGDXK2""

@esi              NtStatus = 0n0

<unavailable>     BufferPointer = <value unavailable>

@r15d             PasswordHistoryLength = 6


Dump you just uploaded:

UserContext = 0x0000020e`2760fb30

UserPasswordSettings = <value unavailable>

           DataLength = <value unavailable>

                 Data = 0x0000020d`9c9eee78

           TempString = ""GREr_?;XqBo?\pfSfYEk*@bG)[;j?/\8nwV:s OGA1LZ?SXg]eS66_cVoD3xGbxQ+DRWYN_$""xV>3w!w9vS:q!Jri+'fXJ[I#sbv^wiYm1PUzrvwSdGDXK2""

         StoredBuffer = ""GREr_?;XqBo?\pfSfYEk*@bG)[;j?/\8nwV:s OGA1LZ?SXg]eS66_cVoD3xGbxQ+DRWYN_$""xV>3w!w9vS:q!Jri+'fXJ[I#sbv^wiYm1PUzrvwSdGDXK2""

             NtStatus = 0n0

        BufferPointer = <value unavailable>

PasswordHistoryLength = 6



We would recommend following to reduce the probability of this issue from happening again.

We found you changed PasswordHistoryLength to 6 (By default is 24). Based on code review, changing the passwordhistorylength to 24 may help with the symptom. This will require you change your default domain policy: Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\ Enforce password history to 24.

Note: Enforce password history will apply for both machine account and user account.






Thank you very much for answering me, it's strange because in my case, I have DCs in different geographical locations, and they all have the same problem.

We are currently using the Manage Engine to allow users to reset their passwords and/or unlocks. for this reason our PasswordHistoryLength is in "5 passwords remembered", I will proceed to change it to 24 and validate.

In your case, was the problem solved?

Finally, it was not clear to me why the password was not saved well in Hash , and why it was saved in plain text?

Hello dear, could you please tell me if your problem was solved? Just resubmitted the error during business hours :(