Hello,

I've run MS update several times and still, the processes lsass.exe and services.exe keep getting killed and causing the server to reboot unplanned.

I don't think it is the blaster worm because no computer on my network (except for mine which is fully patched & protected) is turned on when the system reboots. (Logs show that it has also rebooted several times overnight too)

I'm not sure what the problem is. As you can tell, I'm not a Windows system administrator. I much prefer Linux because critical system processes cannot be terminated.

[N]F

Ok, it just did it again! When I logged back in there was something about LSA shell encountered an error...

[N]F

I dont know what is going on there but I use to have and still have as of now a remote killer for windows. what it do is implant a daemon server service in your wndows server specially windows 2003 and i can remotely connect to the daemon and order the server to [1]kill certain threads [2] reboot.

There are also alot of RPC flaws that we have found out from the win 2003 and there are lots of problems with it also that we have encountered.. Win 2003 is "not" using its native libraries instead it uses the libraries of *Nix system. The problem is that windows retains all of its RPC functions and libraries from the older versions such as the windows XP system.

I have no idea if this goes the same to ordinary windows 2003 installation. this is only base on the windows 2003 server vesion.

We have also found out that windows 2003 gives you a "blue screen of death" and a "white screen of death". The white one is much more common.

There are also some updates that does not work well for 2003. This is the reason why I always have a spare linux on my arsenal.

I think there's a file corruption or something, how about trying to reinstall the server?

xboxrulz

Try posting a HijackThis log, as I'm quite sure the cause is some sort of malware.

LSA SELL DONT SEND ERROR
Windows Server 2003

Replying to eurotrashReplying to xboxrulz

Hi , I'm a system administrator and server supervisor ine a CORPORATE COMPANY and I use Windovs 2003 server entrprise edition with fully uptade and patches I had the same problem in past 2 weaks but trying to do somtething I have used KASPERSKY internet security 2007 fully updated and scanned the server hard drive over the lan and it turnet out that it found a trojan downloader and a trojan WIN32 after desinfectiong thesse files I didnt recesive the errorr no mroe this I'm my history so I hope it will be in use fo something good and sorry for interfering bye

-reply by Ideal Dreshaj

It is best all the time to enable a firewall before connected it to the internet.
If that a server was used as a web server than it is best to configure the ipsec
to reject all connection except port 80 or required that use secure channel.

pay attention on Port no 135, 137-138, 139 and even 445.

And check update or patch on IIS or Apache for critical upgrade.

That is quite true. Viruses tend to use other ports than port 80 to delegate the virus. However, if you can kill the virus before it leaks on port 80 or destroy your server, the better. This is why I tend to stick to UNIX servers because they are rock solid and causes the least problems when it comes to security.

xboxrulz

Actually, I still does't understanding why and how the Linux / Unix so strong on anti-virus or security related issues.
Is this the community powered that coding the kernel and / or the apps very carefully.

Or the true is windows are features and user-oriented.
( Such as Windows XP UI and Active Directory Light Directory Service or ADAM )

Sorry for asking that. I'am a windows users and lack of linux knowledge !