Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
A critical system process, <process name>, failed with status code <code>. The machine must now be restarted.
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is the role of the Winlogon service?
- Process: C:\WINDOWS\system32\lsass.exe, - On Windows Server 2003 Service Pack 2 (SP2) with IIS 6.0 installed and hotfixes KBKB970430 or update KB973917 applied, this issue occurs because a bug in one of the Windows system files (Strmfilt.dll). A hotfix is availble - see ME979730.
- Proccess: lsass.exe, code: c0000354 - See ME911185 for a hotfix applicable to Microsoft Windows Server 2003. Also, see ME897648 for a hotfix applicable to Microsoft Windows Server 2003 and Microsoft Windows XP, and ME870997 for a hotfix applicable to Microsoft Windows 2000 and Microsoft Windows XP.
- Process: lsass.exe, code: c0000005 - See ME955410 and ME927342 for hotfixes applicable to Microsoft Windows Server 2003.
As per Microsoft: "The system default profile appears when nobody is logged on. This event record indicates that the changes that the user made to the default profile were not saved to the local system. The user will have to use the system default profile at the next logon session". See MSW2KDB for more details.
As per Microsoft: "This problem may occur when an inheritable Deny access control entry (ACE) is applied to an organizational unit (OU) that inherits only to user objects but applies to all properties. The access violation occurs when a principal that this Deny ACE applies to queries users in the OU". See ME818080 and ME886174 for two hotfixes applicable to Microsoft Windows Server 2003.
Process: C:\WINDOWS\system32\lsass.exe, Code: c0000005 - Occurs when a 16-bit application is run on a Windows Server 2003 Terminal server.
See also the comments for Error code 0xc0000005.
|Private comment: Subscribers only. See example of private comment|
|Links: ME818080, ME870997, ME886174, ME897648, ME911185, ME927342, 955410, Error code 0xc0000005, MSW2KDB, ME979730|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated