1. Are you using etrust anti-virus? – Yes <See Below>
2. If you are NOT using etrust – Most likely LASSRV.B –http://www.symantec.com/security_response/writeup.jsp?docid=2006-082409-3922-99&tabid=3
If the answer is yes to etrust, then most likely the issue is with the latest etrust update…. The issue lies with a signature file that was released this morning that has some issues.
Here are some of the symptoms:
- Once the signature is installed the server reboots.
- Boots to a grey screen immediately after the splash screen.
- Happens in every mode
- Directory Services Restore Mode – allows you to logon but you do not ee any icons or a start menu.
- Unable to open Taskmanager.
- Unable to Terminal Serve into the box.
- Last known good does not work
Please follow these steps at your own risk!!!!!
Boot into Recovery Console – If this is a Dell server using OEM media most likely Recovery Console will not be available. If this is the case please boot to Recovery Console using an XP CD.
Copy LSASS.EXE back onto the \windows\system32 and \windows\system32\dllcache
(Get lsass.exe from SBS CD #1 i386 folder using a different machine, you have to expand the file (expand <cd>\i386\lsass.ex_ a:\lsass.exe)
(You can also get lsass.exe from another working system).
Once you have LSASS.EXE back in the required locations, you need to disabled Etrust AV before rebooting.
- Type Disable “eTrust Antivirus Job Server”
- Disable “eTrust Antivirus Realtime Server”
- Disable “eTrust Antivirus RPC Server”
After you are up, you need to get the latest signature files before enabling the AV services.
CA states that their signature 303.3056 is fixed.