I have started to look into an error that appeared out of the blue. The error is attached:
Now the problem with this is that each time i try to research the error most of the sites that i need are blocked by our RM proxy.
Also it doesn't give me the name of the component that has failed.
I decided that the easiest way to sort this is to just RIS the machine and so i boot from the network and select the image i usually use for these machines and low and behold i get a stop message. I have chosen different images and am greeted with the same stop screen each time.
If i click on the Ok button on the error message the machine just reboots.
Any ideas what the problem is here or anyone come across it before?
Any chance you have a lovely network worm floating around? Can't remember which the most recent one to attack lsass was but it caused the process to die a lot if the station was unpatched. Have you tried a manual build and offline Windows update?
Sounds like Sasser virus to me. The removal tool is here W32.Sasser Removal Tool | Symantec
I had this problem last week. It was caused by a boot sector virus. I just re-imaged it though, solved the problem.
Can you tell us what client OS you're using?
Yeah it was XP Professional SP3 :)
Originally Posted by cookie_monster
If you're using SP3 and deploying with the firewall enabled then it's unlikely to be a worm. Can you provide more info on the error, event logs maybe?
At what point during an RIS build do you see this error is it after it's finished building?
I was getting this error when trying to boot up a Asus A6 laptop used in a primary school. I can't remember the exact error as it was last tuesday (16th). It gave me an error code, I researched it and after trying serveral fixes to 'a' boot sector virus (it wasn't specific) I gave up and re-imaged from a local dev instead of deploying through the network. Sorry I can't be more specific. Odd really, this one laptop is protected by Sophos via enterprise console yet it was the only one affected out of 24 machines.
Ah I was reading it as affecting more than one client. Sounds like it could of been a boot sector issue and required overwriting which the imaging would of done.
I thought the same potentially it being a virus. The only thing though was it is the only machine in the entire school that has this issue. As far as i am aware the firewalls are turned off at group policy level.
It is a Windows XP pro box running service pack 2. I can't get to the event viewer since it happens in safe mode before the login process.
I think i turned the boot sector protection on in the BIOS. Would this not protect against a boot sector virus?
Also SAV has been installed on these machines for quite some time.
The RIS installation crashes as soon as it has finished the process of installing the first set of initial drivers. Just before it starts the formatting.
Oh sorry HodgeHi the earlier responce from Singist threw me I assumed that my question had been answered by the original poster :confused: looking back I see that was not the case.
The BIOS protection 'should' protect it but you can't guarentee it. You could try installing from a CD while unplugged from the network to test and try formatting the disk from a live CD.
Have you tried building another client since to rule out on issue with the RIS server?
Also has this client every built successfully from the RIS server?
The RIS server was working fine last time i used it. The systems themselves have been re-imaged many times before and i have recently built a new image for these machines and deployed it to around 10 of them. I haven't tried another client since I haven't got one handy.
I'm not too fussed about the RIS server since all our machines will be macs in the next 2 months.
I will have to try formatting the drive with a CD.