0

On most of machines lsass.exe has version 6.1.7601.23002 On several machines lsass.exe has version 6.1.7601.18798

I suspect that this is a cause of errors "Unknown SID type S-1-18-1" after our DC were upgraded to Server 2012 - all machines with 6.1.7601.18798 exibit this problem and machines with 6.1.7601.23002 do not.

Currently all Windows 7 machines get their updates automatically from WSUS server. How can I track what Windows Update/Hotfix installed version 23002 and why this update wasn't applied to specific machines?

P.S. The hotfix mentioned in https://support.microsoft.com/en-us/kb/2830145 is not installed on any machines.

mbergal
  • 103
  • 1
  • Force a machine with the old version to retrieve the update from the web and manually install them is my suggestion. You will be able to see the error message if it does not install, and if it do, you will be able to see if it fix your error. – yagmoth555 Apr 22 '15 at 02:57

1 Answers1

0

lsass.exe was updated to version 6.1.7601.23002 with update KB3045999. The 20000 rage is reserved for hotfixes (LDR). So you have installed a hotfix before which moved the lsass.exe from GDR to the LDR branch.

Open regedit.exe, go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-lsa_31bf3856ad364e35_0.0.0.0_none_26431bf35d52e5a2 search here for KB number entries which change the version to over 20000. If you fond the update that changed the the servicing branch, uninstall it, reboot and look what happens.

magicandre1981
  • 1,110
  • 2
  • 10
  • 20