lsass.exe problem when logging into terminal server.

  • Thread starter Thread starter Mule169
  • Start date Start date
M

Mule169

Hello All,

I'm having a fairly confusing issue with terminal services. I have a
win2k advanced server box that i'm trying to get to with remote
desktop. directly after reboot I can remote desktop into the server,
but after about 2-3 minutes i get the folloing message immediatly. I'm
not given a login prompt or allowed to enter any info.

"The client could not establish a connection to the remote computer

The most likely causes for this error
1)Remote connections migh not be enabled at the remote computer
2)The maximim number of remote connections was exceeded at the remote
computer
3)A network error occoured while establishing the connection"

I the odd thing is that I can connect immediatly after re-boot but not
after a few minutes.. this led me to believe there is a process that
has not started when i'm able to log in immediatly, and after a minute
or two it does start and gives me problems. So i put regmon on my
computer and caught the following log entries everytime i tried to log
into term services and got booted.., go here for a look at the logs,
(http://photos2.flickr.com/1975037_9bef4d9956_o.jpg). so you can see
it looks to be an issue with user authentication process...

I see there is a buffer overflow message, in line 7801 when it's
balking about an invalid user... If this is the issue.. can anyone help
me solve?

But this leads me to another question... why is it even checking for
user information when i'm just trying to hit the terminal service....

When I get booted i'm not given a login prompt or given the opprotunity
to do anything.. I just click the connect button in the remote desktop
client and immediatly get the above error.
Can anyone shed some light or help me out with the lsass.exe problem?
 
I assume that your rdp client is not comfigured with a username,
password and domain name saved as part of the connection
configuration?

I can't solve the problem completely, but the overall chain of
events seems to be this:
when you try to connect, the lsass is one of the first processes
to take action. It generates the process responsible for
authenticating users for the Winlogon service. Winlogon is
responsible for showing you the logon screen. Because lsass
encounters a buffer overflow, you never see a logon screen and
your client reports that it can't connect.

If you search the KnowledgeBase for product Windows 2000 and
keyword "lsass", you'll find that there are (have been) quite a
lot of problems with lsass. Most of them are about memory leaks,
but there are also a few about access denied and other fatal
errors. Check if some of them describe your situation (depending
on if this server is a DC, part of an AD, part of an NT domain,
etc).

263201 - Default Processes in Windows 2000
http://support.microsoft.com/?kbid=263201

Microsoft Support Knowledge Base for product W2K
http://support.microsoft.com/search/?adv=1&spid=1131
 
Thanks so much...

I did find mention of the buffer overflow problem with lsass but none
of the solutions that I tried seemed to help the situation.

When I read what your wrote about the process of events and the fact
that lsass was responsible for showing the winlogon screen and that
there was a buffer overflow before that screen was displayed... it all
made sense.

I did not try passing the user name/pass with the RDP client. When I
use RDP this way, it works fine. I'm in the process of hunting down
the proper hotfix for the buffer overflow problem as we speak (now that
I can get access to my server :-)

Thanks so much for the response!!
 
I spoke too soon here.... I am still getting the lsass buffer overflow
problem....

I have SP4 installed on win2k

Can anyone help me out with the lsass buffer overflow problem (like a
fix)

Thanks

Mule
 
Back
Top