none
lsass.exe generating Event 1530 warnings

    Question

  • Hi,

    I have a computer that is getting constant warnings regarding an application (lsass.exe) using the registry. The event ID it generates is 1530. I have looked up the issue and the best explanation I could get is that "Event ID 1530 is logged as a Warning event. The application that is listed in the event detail is leaving the registry handle open and should be investigated." This information came from the Microsoft support forums (here). From the error message I have ascertained that lsass.exe is the likely cause of the problem (error message attached below).

    My question is: How do i investigate or repair lsass.exe? I have run "sfc /scannow" and it detected no errors. The system would appear to be otherwise stable.

    Many Thanks,

    Cathal

    Warning message content:

    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-3816921564-1990730217-2298290765-1000: Process 872 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3816921564-1990730217-2298290765-1000 Process 872 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3816921564-1990730217-2298290765-1000 Process 872 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3816921564-1990730217-2298290765-1000\Software\Microsoft\SystemCertificates\My Process 872 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3816921564-1990730217-2298290765-1000\Software\Microsoft\SystemCertificates\CA Process 872 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3816921564-1990730217-2298290765-1000\Software\Microsoft\SystemCertificates\Disallowed 

     

     


    Cathal O'Brien BSc, PgDip, PhD . Techsmart | Laptop Repair | Computer Repair
    Saturday, April 30, 2011 8:24 AM

Answers

  • The cause of the events is introduced in the following article.

    Event ID: 1530 may be logged in the Application log on a Windows 7-based or Windows Vista-based client computer
    http://support.microsoft.com/kb/947238


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Tuesday, May 03, 2011 8:12 AM

All replies

  • The cause of the events is introduced in the following article.

    Event ID: 1530 may be logged in the Application log on a Windows 7-based or Windows Vista-based client computer
    http://support.microsoft.com/kb/947238


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Tuesday, May 03, 2011 8:12 AM
  • Hi Arthur,

    Thanks for that. However, I am already aware of that article as indicated in my post. My question relates to how I should troubleshoot the process (lsass.exe)  which (I think) is causing the error to appear. Would you be able to offer any advice on this issue?

    Regards,

    Cathal


    Cathal O'Brien BSc, PgDip, PhD . Techsmart | Laptop Repair | Computer Repair
    Tuesday, May 03, 2011 3:35 PM
  • You do not need to do anything.
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Friday, May 06, 2011 7:28 AM