Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

P

plg3

5 Posts

79272

March 14th, 2007 00:00

The Dreaded "lsass.exe system error" - One More Time

Equipment:  Dell Inspiron 8200 (notebook)
OS:  Windows XP Professional originally with SP1, updated to SP2 (all updates applied)

Error message:  "lsass.exe system error    An invalid parameter was passed to a service or function"

 

It's a case of bad news sprinkled with just a bit of good news.

 

First the bad news -

 

The computer will not boot into any mode without the LSASS error message appearing and then rebooting.  On initial power on, the computer will start the boot mode and the Windows XP logo will come up (with the "progress bar" ) only to be followed by the LSASS error message; at this point, if I click on the error message's OK button, the computer will reboot itself and repeat the same routine.  If I hit F8 (during the initial boot phase) and try to go into any one of the 6 or so selections (to include Safe Mode), I still get the LSASS error message and reboot sequence.  In other words, I cannot even get into the Safe Mode.

 

I have the Dell Windows XP SP1 CD that came with my computer and tried the "repair" function, only to get the same LSASS error message.  Same thing with floppy boot disks from Microsoft.

 

Finally, I thought that I might have a "corrupted" lsass.exe file.  I "expanded" the "lsass.ex_" file from the Dell Windows XP CD and copied the expanded file over to the System32 and i386 folders on the notebook (see "some good news" below.)  Still get the LSASS error msg.

 

Now for some good news, such as it is.

 

I took the hard drive out of the notebook.  I can hook it up with a USB cable to my desktop (a brand new one week old Dell XPS-410 with Vista.  (The non-functional notebook made me do it!)) and the desktop can read / write to the notebook's hard drive.  I used the desktop's anti-virus program (McAfee with current AV updates) to scan the notebook hard drive - no viruses were detected.  I had originally thought I might have been infected with the "isass" virus as the symptoms seemed about the same but apparently not.  And inasmuch as I can read the notebook hard drive, I was able to pull off the few files needed that I had not recently backed up. 

 

I have "Googled" LSASS, isass, system error, etc. 'til my eyes are crossed.  I'm working my way through building an "Ultimate Boot CD for Windows" (UBCD4Win) to see what happens and have thought about trying out Linux also.  Final solution may be to do a clean install of Windows XP and reload the drivers and programs.

 

At this point I'm open to suggestions (i.e., a not so hidden plea for help!)  As I said, I can read / write to the hard drive via the desktop computer and I don't mind poking around. 

 

Thanks.

 

- Paul in norther Virginia

tgsmith

2.9K Posts

March 14th, 2007 01:00

Plg3,
 
Ok.  You said you could hook up your hard drive to another system and get into it.  You also mentionned you had created a UBCD for Windows CD.  Either way, you apparently can get into your crashed hard drive and manipulate files.
 
For the formal Microsoft solution go here:  http://support.microsoft.com/kb/307545/
 
Now, here's the informal version:
 
Connect your non-bootable hard drive to the other computer. 
 
Open Windows Explorer.  Click on Tools|Folder Options|View.  Check the box beside "Show hidden files and folders".  Apply your change.
 
Navigate to the  d:\System Volume Information folder ( d: represents the crashed drive letter).
You will see a folder named something like _restore{.........}  the dots represent an alpha-numeric sequence.

In this folder you will see folders named RP0....RPnn.  Find the one with the highest number. 
These are your System Restore points.  In the highest numbered folder you will see a folder named snapshot.  In this folder are registry hive files which you need to recover your system:

_registry_user_.default
_registry_machine_security
_registry_machine_software
_registry_machine_system
_registry_machine_sam
Create a subdirectory; i.e,  d:\Windows\TMP. Copy these files to the TMP subdirectory.  Rename them:

default
security
software
system
sam

Note:  Be sure to lose the period (.) in the file named _registry_user_.default
Delete the files in the d:\windows\system32\config subdirectory with the same names.
Copy the  d:\windows\tmp files to the  d:\windows\system32\config. subdirectory. 
Put your drive back in its original system.  Your system should start normally.  If you get the same error go back and choose another folder ( RPnn-1) and repeat the procedure.

Tony

mombodog

12.7K Posts

March 14th, 2007 02:00

Tony, does this informal method you give work around this problem warning in the KB article
 
" Warning Do not use the procedure that is described in this article if your computer has an OEM-installed operating system. The system hive on OEM installations creates passwords and user accounts that did not exist previously. If you use the procedure that is described in this article, you may not be able to log back into the recovery console to restore the original registry hives. "
 
I can find no real clarification as to the meaning of this warning.
 
I noticed your method gets the back up copies from the system volume Information(restore), instead of C:\windows\repair, described in the KB article.
 
Is this the prefered method of restoring the registry for OEM installation of XP?

mombodog

12.7K Posts

March 14th, 2007 17:00

Tony,Yes it was very helpful, your informal method sounds like a better method to me, I have cut and pasted your method into a text file for reference, Thanks again for taking the time to explain.

tgsmith

2.9K Posts

March 14th, 2007 17:00

Mombodog,
 
You're welcome.  I used Microsoft method quite a bit until I just happened to be using UBCD for Windows to extract XP Product Key for a Toshiba Satellite ( Product Key on label was illegible) in case I had to do a reinstall of XP.  Since I had access to the Satellite's files, I decided to try doing the Microsoft solution without using the Recovery Console.
 
So far it's worked for me.  Glad to share it with you.
 
Tony
 
 

tgsmith

2.9K Posts

March 14th, 2007 17:00

Mombodog,
 
The main difference in the Microsoft method and informal method is that the Microsoft method uses the Recovery Console to:
 
Copy and rename the hives from the c:\windows\system32\config subdirectory to the c:\windows\tmp subdirectory. 
 
You then delete the hives in the c:\Windows\system32\config subdirectory. 
 
The original hives created when Windows XP was installed are then moved from the C:\Windows\repair subdirectory to the c:\windows\system32\config subdirectory. 
 
This allows you to boot the system into Safe Mode with its original configuration hives and retrieve the System Restore point(s).
 
The restore point hives are then copied to the c:\windows\tmp subdirectory and renamed to their usable file names. 
 
The system is then rebooted to the Recovery Console. 
 
The repair hives are deleted from c:\windows\system32\config subdirectory.
 
The Restore Point hives are copied from the c:\windows\tmp subdirectory to the c:\windows\system32\config subdirectory. 
 
This allows you to reboot the computer to a point where you have access to all restore points.
 
The informal method is basically doing the same thing, but since you are using a secondary operating system drive, Bart's PE, or UBCD for Windows there is no real need to access the Recovery Console.  Microsoft, of course, does not condone the use of Peter Nordahl-Hagen's NT password program, which could be used if you were unable to access the Recovery Console.
 
As for the warning about OEM systems.  I have successfully used this on Dell, HP, Compaq, Gateway, Sony Vaio, Toshiba, and eMachines.  It is particularly useful with eMachines since those systems come with a System Restore CD image and not a bootable XP CD.
 
Hope this clarifies my recommendation to use the informal method in this case instead of the Microsoft method.
 
Tony
 
 
 
 
 
 

plg3

5 Posts

March 15th, 2007 00:00

Tony -
 
Thanks for the help.  I'm just getting home from work so I'll hit this tomorrow night and will let you know how it goes. 
 
Paul in northern Virginia

plg3

5 Posts

March 17th, 2007 12:00

Thanks to Tony I was able to get beyond the "LSASS.EXE" error that would not allow me to boot up my notebook computer.  I was able to get to the "Windows is starting" screen but at that point, the boot process would just hang... and hang... 
 
So, it was back to the salt mines.  I ran Setup from the Windows disk and was finally able to fully boot to my desktop.  So far so good.  The only "issue" I had at that point was that the system was (and continues to be) very slow to boot up, compared to before this all started. 
 
At this point I'm in XP Pro SP1.  Applications still work, except for IE 7.0.  I downloaded XP Pro SP2 and ran the install process last night.  It unfortunately did not like something in the configuration and promptly quit the install process and removed itself.  The SP2 installation is a relatively time consuming process and I was not watching every step along the way so I missed the error message, if there was one.  I'm trying a second round with SP2 as I may have caused the initial problem by leaving my anti-virus and spyware still up and running.  This time, both are disabled.  And at this point, the SP2 install is at "Finishing installing" (the blue progress bar is at ~40 %) and the details state "Running processes after install." 
    - Now at "Performing cleanup" and I have my fingers crossed. 
    - Machine has rebooted, asked me if I wanted "automatic updates"   (So far, it's looking good...)
 
If I'm able to get a good install of SP2, I'll try re-installing IE 7.0.  The error I'm get when trying to start IE 7.0 is related to " shlwapi.dll ".  I obviously need to do some research on this. 
 
If anyone has any insight to IE 7.0 installation problems, suggestions are welcomed.
 
And, thanks again to Tony for the initial fix to my problem.
 
Paul in northern Virginia
 
 

mombodog

12.7K Posts

March 17th, 2007 20:00

"If anyone has any insight to IE 7.0 installation problems, suggestions are welcomed."
 
http://www.ie-vista.com/known_issues.html  scoll down to Pre Installation Advice. This is good advice for XP also.

View More

View All

No Events found!

Top