cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Server 2019 Domain Controllers: lsass.exe terminated unexpectedly with status code -1073741819

JWW-CSISD
Occasional Contributor

‎Apr 23 2023 08:51 AM

‎Apr 23 2023 08:51 AM

Server 2019 Domain Controllers: lsass.exe terminated unexpectedly with status code -1073741819

Basically my issue matches this post exactly. We have Server 2019 DCs running on VMware vSphere 7.0 U3c. The non-PDC DCs are randomly rebooting with the below event log message:

 

EventID : 1074
MachineName : DC19**
Data : {}
Index : 544467
Category : (0)
EntryType : Information
Message : The process wininit.exe has initiated the restart of computer DC19RP on behalf of user for the following reason: No title for this reason could be found
Reason Code: 0x50006
Shutdown Type: restart
Comment: The system process 'C:\Windows\system32\lsass.exe' terminated unexpectedly with status code -1073741819. The system will now shut down and restart.
Source : User32
ReplacementStrings : {wininit.exe, DC19**, No title for this reason could be found, 0x50006...}
InstanceId : 2147484722
TimeGenerated : 4/23/2023 5:07:58 AM
TimeWritten : 4/23/2023 5:07:58 AM
UserName : NT AUTHORITY\SYSTEM

 

The servers are all patched to the current CU - 2023-04 (KB5025229), so they should all have the most recent KB I've found that addresses lsass.exe crashes (KB5010791) installed.

 

I've also noticed that shortly before the lsass.exe crash, there will be an event log similar to the one below, although each references a different WMI filter:

EventID : 1065
MachineName : DC19**
Data : {}
Index : 544466
Category : (0)
CategoryNumber : 0
EntryType : Error
Message : The processing of Group Policy failed. Windows could not evaluate the Windows Management Instrumentation (WMI) filter for the Group Policy object
cn={***},cn=policies,cn=system,DC=fabrikam,DC=com. This could be caused by RSOP being disabled or Windows Management Instrumentation (WMI) service being disabled, stopped, or other WMI errors. Make sure the WMI service is started and the startup type is set to automatic. New Group Policy objects or settings will not process until this event has been resolved.
Source : Microsoft-Windows-GroupPolicy
ReplacementStrings : {4, 714, 0, 136750...}
InstanceId : 1065
TimeGenerated : 4/23/2023 5:07:58 AM
TimeWritten : 4/23/2023 5:07:58 AM
UserName : NT AUTHORITY\SYSTEM

 

Once the server is back up and running after the reboot crash, WMI appears to be working fine, and I'm not seeing any other errors specifically referencing WMI itself in the period leading up to the crash.

401 Views
1 Like
0 Replies
Reply
0 Replies