cluberti

lsass.exe is considered a critical system process. If it stops running (or isn't found), the machine will bugcheck or do a 60-second reboot due to system security being compromised. Since this is coded into the kernel, you won't be able to remove it.

You can do it with DHCP options, but that'll require you to chop up the network a bit so that only the right IP range (and thus the right range options) go to specific machines.

If you've configured for a complete dump, that file will be as big as the amount of physical RAM in the machine - so uploading here is probably impossible. PM me and I'll give you FTP information once you've got the dump compressed .

On a side note, I would actually pay a few bucks to watch the computer toss .

You've done everything great, and I'd only suggest you manually crash it if it happens to hang up at this point - if it bugchecks on it's own, that is even better .

Well, considering that the i386 files from the x64 CD are 64bit binaries, and they're also from Server 2003 SP1's source tree, I'd say you're likely to have problems, yes.

What'd you end up doing to get it working?

Check your Windows folder - if you have both a regedit.exe and a regedit.com, you've likely got yourself a virus (usually Win32.Navidad or Win32.Dumaru, depending on which A/V vendor).

A side note is that WinPE 2005 can be built with WMI support, and it does work, so if you've got a valid agreement with MS that provides you with WinPE, having the WMI support is likely a real benefit in these situations...

These files are not redistributable, period, and thus you should exclude them from your package even if VS includes them. As to the reason you need to exclude specific files when installed on a machine with Office, you should specifically exclude these files on a machine with Office because Office already contains versions of these files when it is installed. I know it's a bit confusing, and they probably should've just said don't include these files in your packages .

Note that this isn't available until AFTER Windows is installed, unless you're in WinPE with WMI access. You won't have access to WMIC in RIS or during Windows setup.

A little. If you can, download, extract, and install userdump from the http://www.microsoft.com/downloads site. Once it's set up, go into the "Process Dump" applet in the control panel, and create a new rule for svchost.exe, and configure that new rule to dump all exceptions and to dump on process termination (you'll understand once you have it installed and you're in the GUI for it). Disable the error reporting service in the Services applet under administrative tools in the control panel, and then the next time it happens you should have a svchost.exe.dmp file in your \Windows directory. Once you've got that, PM me and I'll give you instructions on how to upload it to me - I can likely tell you what crashed svchost.exe.

Usually, this is caused by a deadlock condition or a race condition on a thread (or threads) running on your system, and when the system gets backed up enough, it'll hang until the offending deadlock is cleared. If you can get a memory dump via the keyboard the next time the issue is occurring, I can likely tell you what's causing it and what to do to fix it - my guess is that it's the video driver, not Windows, but without a memory dump it's just an educated guess. Follow these steps to enable complete memory dumps on your machine (you need a PS/2 keyboard for this to work!): 1. If you have a feature like Compaq's Automatic System Restart (ASR), please disable it. This setting is usually found in the BIOS. With this feature enabled, if the BIOS does not detect a heartbeat from the OS, it will restart the machine, and this will interrupt the dump process. 2. Create or set the following registry value: Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters Value: CrashOnCtrlScroll Type: REG_DWORD Data: 1 Refer to the following Knowledge Base article for more information on this registry key: 244139 Windows Feature Allows a Memory.dmp File to Be Generated with Keyboard http://support.microsoft.com/?id=244139 3. Right-Click on the "My Computer" icon on the desktop and select "Properties"; this will open the "System Properties" window. Go to the "Advanced" tab and click "Performance Options". Click "Change" under "Virtual Memory". Set the pagefile to be located on the partition where the OS is installed, and set it to be equal to Physical RAM + 50 MB, for both min and max. 4. Also in the "System Properties" window, click on the "Advanced" tab, then click "Startup and Recovery". Make sure "Complete Memory Dump" is selected (see 4a if this is not in the list). You can change the location of the memory dump file to a different local partition if you do not have enough room on the partition where the OS is installed. 4a. If the "Complete Memory Dump" option in step 4 is not available, you will need to manually set this registry value: Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl Value: CrashDumpEnabled Type: REG_DWORD Value: 1 5. You will need to reboot the machine for these changes to take effect. 6. The next time that the machine crashes, hold the RIGHT-hand CTRL key, and press the SCROLL LOCK key twice. This should bugcheck the machine, and a memory.dmp file will be created when it reboots. After the machine comes back up, wait for the disk activity to stop before logging in. Once the disk activity has stopped, please log in and find the resulting memory dump file (again, located by default at %systemroot%\memory.dmp). 7. Please compress the resulting dump file and then PM me for instructions on how to upload the file to me for review.

You'd either need to configure a WOL server and have a WOL-enabled NIC for this to work, or a 3rd party application that can do this (I'm not aware of any, but perhaps one exists).

I hate to say you're likely wrong, but I have to - if you don't go through the product, you have no problem, but if you do, problems exist for ALL browsers on the system. Seems like a proximitron issue to me, no?

You sure your machine is clean of infestation? That sounds VERY odd...

Follow these steps to enable complete memory dumps on your machine: 1. If you have a feature like Compaq's Automatic System Restart (ASR), please disable it. This setting is usually found in the BIOS. With this feature enabled, if the BIOS does not detect a heartbeat from the OS, it will restart the machine, and this will interrupt the dump process. 2. Create or set the following registry value: Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters Value: CrashOnCtrlScroll Type: REG_DWORD Data: 1 Refer to the following Knowledge Base article for more information on this registry key: 244139 Windows Feature Allows a Memory.dmp File to Be Generated with Keyboard http://support.microsoft.com/?id=244139 3. Right-Click on the "My Computer" icon on the desktop and select "Properties"; this will open the "System Properties" window. Go to the "Advanced" tab and click "Performance Options". Click "Change" under "Virtual Memory". Set the pagefile to be located on the partition where the OS is installed, and set it to be equal to Physical RAM + 50 MB, for both min and max. 4. Also in the "System Properties" window, click on the "Advanced" tab, then click "Startup and Recovery". Make sure "Complete Memory Dump" is selected (see 4a if this is not in the list). You can change the location of the memory dump file to a different local partition if you do not have enough room on the partition where the OS is installed. 4a. If the "Complete Memory Dump" option in step 4 is not available, you will need to manually set this registry value: Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl Value: CrashDumpEnabled Type: REG_DWORD Value: 1 5. You will need to reboot the machine for these changes to take effect. 6. The next time that the server crashes, if it is bugchecking it should create a bluescreen message, and a memory.dmp file on reboot. After the machine comes back up, wait for the disk activity to stop before logging in. Once the disk activity has stopped, please log in and find the resulting memory dump file (again, located by default at %systemroot%\memory.dmp). 7. Please compress the resulting dump file and then PM me for instructions on how to upload the file to me for review.

Yeah, ripped my hair out on that one before I found the script sample I love your adaptation of that too in your script pack. I've modified it and use it in my RIS installs on all machines, and it works great.

If you click on the "click here" link in the error, what is the application and the module where this is faulting? The error message needs that information, otherwise it's too generic and I can't help .

First, you need to add the /INTERACTIVE switch if you want anything to be able to interact with session 0 (the desktop), otherwise things may not work properly (especially when running as SYSTEM).

Follow these steps to enable complete memory dumps: 1. If you have a feature like Compaq's Automatic System Restart (ASR), please disable it. This setting is usually found in the BIOS. With this feature enabled, if the BIOS does not detect a heartbeat from the OS, it will restart the server. This will interrupt the dump process. 2. Create or set the following registry value: Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters Value: CrashOnCtrlScroll Type: REG_DWORD Data: 1 Refer to the following Knowledge Base article for more information on this registry key: 244139 Windows Feature Allows a Memory.dmp File to Be Generated with Keyboard http://support.microsoft.com/?id=244139 3. Right-Click on the "My Computer" icon on the desktop and select "Properties"; this will open the "System Properties" window. Go to the "Advanced" tab and click "Performance Options". Click "Change" under "Virtual Memory". Set the pagefile to be located on the partition where the OS is installed, and set it to be equal to Physical RAM + 50 MB (both min and max). 4. Also in the "System Properties" window, click on the "Advanced" tab, then click "Startup and Recovery". Make sure "Complete Memory Dump" is selected (see 4a if this is not in the list). You can change the location of the memory dump file to a different local partition if you do not have enough room on the partition where the OS is installed. 4a. If the "Complete Memory Dump" option in step 4 is not available, you will need to manually set this registry value: Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl Value: CrashDumpEnabled Type: REG_DWORD Value: 1 5. You will need to reboot for these changes to take effect. 6. The next time that the machine bugchecks, and after the machine comes back up, wait for the disk activity to stop before logging in. Once the disk activity has stopped, please log in and find the resulting memory dump file, located by default at %systemroot%\memory.dmp (C:\WINDOWS\memory.dmp). 7. Please compress the resulting .dmp file and then PM for instructions on how to upload the file to me.

It's odd, but when you force windows update to use the public server (and not your own SUS/WSUS server), this kind of thing can happen. Not sure why, but...

Is the machine simply restarting itself, or is it bugchecking (bluescreening) and rebooting?

Cool. I do more based on the hardware type, but I figured a good primer on how to do things based on type would help someone. My clients I support actually install almost all differing software configurations based on type, so this script is actually getting to be really involved .