none
Winlogon.exe error appears and system crashes with the Blue screen of death with Windows XP RRS feed

  • Question

  • Hello,

    Intermittently I face this error on my system, the winlogon,.exe error appears with the options of debug and cancel, on selecting Cancel we only get to see the Blue screen of death which is just so annoying in the mid of the work.....

    I get the similar err like this .....

    STOP: 0x0000274d {Fatal System Error} The Windows Logon Process system process terminated unexpectedly with a ........

    Any solution for this is highly appreciated.

     

    Rajat.

    Monday, April 19, 2010 1:05 PM

All replies

  • Hi Rajat,

    I would recommend running the folowings:

    • start - run - sfc /scannow (checks system files)
    • Start with Win XP CD and go into first repair option, then run chkdsk /R
    • Download memtest86 to see if you don't have bad RAM
    • Also download the diagnostic tool for your HDD

    Good luck!

     

    Monday, April 19, 2010 2:54 PM
  • Hi Fred, Thanks for the reply. I have already performed the tests you have mentioned here, let me be more precise for the issue..... There are several computers on the local intranet and they are on the domain as well, intermittently any one or more of the computers pop up the same error. The thing to observe is that the error that pop's up always refers to the same memory address on any , it logs the following error in the event-log.... Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x0000274d. I think it has something to do with my windows 2003 server configured to work as the domain controller for this intranet. Any help will be highly appreciated. Thanks. Rajat
    Tuesday, April 20, 2010 5:29 AM
  • You might find this basic but have you scanned your network for viruses and/or malwares? Also make sure all your computers are updated (including your domain controller).
    Tuesday, April 20, 2010 12:51 PM
  • Hi Rajat,

    The 0x0000274d stop code indicates "No connection could be made because the target machine actively refused it.", so I'm thinking there may be something going on with your domain/workgroup security; perhaps it crashes because the credentials expire or authentication is lost. 

    Are there any related events logged on the server, possibly in the security log?

    Tuesday, April 20, 2010 8:04 PM
  • Hi Satori,

    Thanks for the reply.

     

    Well, I got the following trace in event log....

     

    Event Type:    Error
    Event Source:    Application Error
    Event Category:    (100)
    Event ID:    1000
    Date:        4/19/2010
    Time:        12:24:08 PM
    User:        N/A
    Computer:    XYZCOMPUTER
    Description:
    Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x0000274d.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 41 70 70 6c 69 63 61 74   Applicat
    0008: 69 6f 6e 20 46 61 69 6c   ion Fail
    0010: 75 72 65 20 20 20 30 2e   ure   0.
    0018: 30 2e 30 2e 30 20 69 6e   0.0.0 in
    0020: 20 75 6e 6b 6e 6f 77 6e    unknown
    0028: 20 30 2e 30 2e 30 2e 30    0.0.0.0
    0030: 20 61 74 20 6f 66 66 73    at offs
    0038: 65 74 20 30 30 30 30 32   et 00002
    0040: 37 34 64                  74d    

     

    I get this error on systems in the domain, intermittently (sometimes once in fortnight and sometimes thrice a day) and there isnt any set pattern for this as well, really confused....

     

    Any help in this will be highly appreciated.

     

    Thanks

     

    Rajat.

    Wednesday, April 21, 2010 5:03 AM
  • Hi Rajat,

    The event you mention (1000), does this occur on the computer that is having the problem or on the domain controller?  Application Error ID 1000 is a very generic error and offers no help whatsoever.  Gotta love programmers.. ;)

    Does this occur on a specific computer or is there a group of computers that this occurs with?  If it is only one computer, have you tried disjoining and rejoining to the domain?  Also, are you using DHCP?  You may want to double-check your DNS settings on the computer(s) you are having trouble with.

    Wednesday, April 21, 2010 8:53 PM
  • Hi Satori,
    Thanks for the reply.

    Well, this computer is not at all a problem making computer, but its a client computer on the domain, and any client computer pops up this problem intermittently, already  disjoined and rejoined to the domain and we arent using DHCP as well, thats the issue.....Its really weird and no help is available.
    Let me know your views, I dont think its a problem with the particular system since all the systems displays the same memory reference.
    Any idea about the proxy connection issue's??
    Thursday, April 22, 2010 11:07 AM
  • Hi Rajat,

    Okay, I'm pretty convinced this is an issue at the server/domain level rather than on the client computers.  The 0x0000274d reference states that the server is refusing the connection, but it doesn't explain why.

    It could be hardware on the domain controller or it could be a group policy setting or it could be a firewall/security application preventing access.  So, first, the easiest to troubleshoot:

    Are you running any group policies in Active Directory?  Do you have any security application (anti-virus, anti-spyware, firewalls, etc.) running on the domain controller?  Are there any other error logs on the domain controller to give any indications of problems (warnings or errors)?  They may or may not mention the WINLOGON process but may occur at the same time or shortly before the errors begin to appear on the clients.

    It could very well be a hardware issue on the domain controller as well.  I did a google search for that error reference with WINLOGON.EXE and the only other forum post I could find indicated that once the physical server was replaced, the problem went away.  When you ran the diagnostic apps for memory and HDD on the domain controller, did everything pass?

    Thursday, April 22, 2010 1:08 PM
  • One very fast and cheap solution is to change your network adapter, considering you're having connectivity issues. If the new NIC shows the same problems, then you can scratch off this on your list...

     

    (at the server level, of course!)
    Thursday, April 22, 2010 1:48 PM
  • Hi Satori/ Fred,

    Thanks for the reply.

    Yes, the domain controller is configured for the group policy, there is firewall installed, antivirus working as well. but if they are causing the problem than they should have given a perfect pattern/ condition and not the intermittent issue, suggest some of the diagnostic tools to run so that I can check my Windows 2003 Server for any issue.

    Well, I cant change the network adapter as for now since I dont have  the spare one and also no concrete reason for getting it done, Fred......

    Suggest some tools, might be it can work....


    Thanks for the reply, once again.

    Cya..

    Rajat.
    Friday, April 23, 2010 5:46 AM
  • Hello,

    Intermittently I face this error on my system, the winlogon,.exe error appears with the options of debug and cancel, on selecting Cancel we only get to see the Blue screen of death which is just so annoying in the mid of the work.....

    I get the similar err like this .....

    STOP: 0x0000274d {Fatal System Error} The Windows Logon Process system process terminated unexpectedly with a ........

    Any solution for this is highly appreciated.

     

    Rajat.


    To start with you should make sure that the system is set to create a dump, then if the system doesnt already have windbg installed, download and install the Debugging Tools for Windows on the system. after the next crash open windbg and click on "File>Open Crash Dump.." then in the explorer window that comes up navigate to the "Windows" folder then scroll down until you locate the file with the ".dmp" extension. after you attach the dump file if you arent able to read it and get anything from it then copy and paste the file here and someone can see whats going on. also you can set windbg as the default debugger by opening the registry editor, and going to the following key

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug"

    within there change the listed value for "Debugger" from "drwtsn -p %ld -e %ld" to "C:\Program Files\Debugging Tools for Windows\WinDbg.exe" -p %ld -e %ld ,, thats with  the qoutes where they are. you can copy and pasted that if needed . then if Winlogon.exe crashes afterward click on "Debug" rather than cancel


    Dennis ,, Owner: HTML tutorial Please dont forget to mark any post(s) that helped as helpful or answered EMAIL ME:: PERSONAL EMAIL :: BUSINESS EMAIL
    Friday, April 23, 2010 8:39 AM
  • Hi Rajat,

    Even if the issue is intermittent, it doesn't necessarily rule out the possibility of a firewall or group policy issue.  Though, I like securityguy14's advice about running a debugger to see if we can get some more information.  Otherwise, we're pretty much grabbing at straws and hoping one of them fixes this issue.

    A few other broad strokes to try to rule out possibilities is to try (one at a time) disabling your group policies, firewall, and anti virus to see if you can duplicate the issue.  Depending on your situation, you may want to take some precautionary measures such as backing up your firewall configuration prior to testing.

    But, hopefully you can pull a bit more information using securityguy14's advice to get this issue resolved.

    Friday, April 23, 2010 7:46 PM
  • Hi securityguy/ digitalsatori,

    Thanks for the message.

    Well I will perform the given checks ie: disabling firewall/ anti-virus, group policy issue's, if any. Lets see if this solves the problem..

    Cant it be a proxy issue?? I am using Hummingbird for the proxy connections to the systems in the domain.

    Till than keep on looking for the more concrete solution for this.

    Thanks for all the help.

     

    • Proposed as answer by freefrom Tuesday, May 11, 2010 5:00 AM
    Monday, April 26, 2010 10:55 AM
  • Have you disabled those setting above and have it worked?!...

     

    Try to see the proxy's config too,if nothing else work..

     

    Okay?!

    Monday, April 26, 2010 2:05 PM
  • I did the above mentioned settings, but since its an intermittent issue so cant say if this is resolved or not......

    Well, what kind of issue's can occur with the proxy config? Whenever my proxy server crashes, than I usually get this error on some of the systems on the domain and they too dont have any set pattern, they can be any x, y, z system on the domain.

    Suggestions are always welcome..

     

    Rajat.

    Tuesday, April 27, 2010 7:19 AM
  • As you said abovey, isn't only you who have problems.I thinks,after payin' attention to the subscriptions above,that you're having with modules to liberate access into Domain Group and,some malware/spyware have damaged system files probably.

    Reseting proxy's config maybe (not at all) useful..Have you tried?

     

     

    Tuesday, April 27, 2010 1:03 PM
  • Well, I have tried all the possible solutions given here, but unfortunately I can still see the same blue-screen with the same error code on one of the machine in the network.... .. I wonder, why Microsoft isn't coming up with the possible solution... For sure it has something to do with the system issue's. Its not like that any one application is causing the problem, I am really pissed with this issue. Please help.. Thanks in advance. Rajat.
    Friday, April 30, 2010 6:19 AM
  • Have you tried setting the system to create a dump then installing windbg and reading the crash dump?
    Dennis ,, Owner: HTML tutorial Please dont forget to mark any post(s) that helped as helpful or answered EMAIL ME:: PERSONAL EMAIL :: BUSINESS EMAIL
    Friday, April 30, 2010 6:46 AM
  • This is not the exact same error code but it might be worth the time checking...

    http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b156669&Product=winxp

     

    Friday, April 30, 2010 3:40 PM
  • Does anybody updated your server?...Does anybody has changed some key through the regedit.exe unfortunatelly?
    Friday, April 30, 2010 6:26 PM
  • Nops, my server wasn't updated and neither the keys in regedit.exe was modified.

    I tried for setting the system to create the dump, but didnt installed windbg and reading the dump.

    Where can I get this windbg from, can this really help?

    The rays of hope are diminishing with the scroll-bar, please help.

     

    Thanks.

     

    Rajat.

    Wednesday, May 5, 2010 10:07 AM
  • Windbg, or, the Debugging Tools for Windows, can help you determine what driver is causing the BSOD. as I posted above, after a crash, open windbg and click on "File>Open Crash Dump" then in the window that comes up navigate to the system root (Windows) folder, scroll down until you find the file with the .dmp extension, attach it to the debugger. if you have no intention of actually trying to debug the Winlogon.exe process though, but just attempt to see what caused that particular crash, in your case something more automated like Blue Screen View might would be a little better
    Dennis ,, Owner: HTML tutorial Please dont forget to mark any post(s) that helped as helpful or answered EMAIL ME:: PERSONAL EMAIL :: BUSINESS EMAIL
    Wednesday, May 5, 2010 2:41 PM
  • Hi Securityguy,

    Thanks for the message.

    I have downloaded  and installed the debugging tool , but fortunately or unfortunately I didnt got to see the BSOD yet. Will come up as soon as I will have any update........

    Share me the other possible reasons if u come across any......

    And yes, the system in the domain crashes with the BSOD when my proxy server crashes ie: internet server crashes, I feel that it has to do something with it, watta say?

    I am using HummingBird for the proxy configuration.

    Thanks.

    Rajat

    Thursday, May 13, 2010 9:05 AM