****
*
*
*
*







*
*
                                      
*
*
Windows Server



    

CrashOnAuditFail    

*
*

*
*

CrashOnAuditFail



Apr
25

CrashOnAuditFail

Crashonauditfail

This Registry Setting "Crashonauditfail" if enabled will cause the Domain Controller server to reboot when the size of Audit Logs is to full capacity and there is no more space to write Audit Event Logs without overwriting the old logs. This registry is made to ensure that as the Audit Event Logs are full the system then reboots itself and will deny any machines to log-in into the domain and even non-Administrators to login into the Domain Controller.

The System Administrator must take a back-up of the Audit Event Logs and then clear the logs for the Domain Controller to function properly again.

This setting was designed to prevent any loss or Any Audit Event Log getting lost.

We recommend that you take a backup of the Audit Event Log before clearing it out for further use.

 

This setting ensures that no logs are lost from being seen by the System Administrator.

 

Sometimes if you are experiencing issues in which the Domain Controller is Rebooting again and again then it is a good idea to look at this setting and the issues caused by it, to troubleshoot further on the case.

http://technet.microsoft.com/en-us/library/cc963220.aspx

CrashOnAuditFail

 

HKLM\SYSTEM\CurrentControlSet\Control\Lsa

 

Data type

Range

Default value

REG_DWORD

0 | 1 | 2

0

 

Description

 

Directs the system to halt when it cannot record new events in the Security Log in Event Viewer. This feature prevents unauthorized activities from occurring when they cannot be recorded in the Security Log.

The system also uses this entry to indicate that this feature has been triggered (a value of 2). When the value of this entry is 2, only members of the Administrators group can log on to the computer. This restricted state lets an Administrator log on to resolve the problem and to reset the value of this entry to 1.

 

Value

Meaning

0

The feature is off. The system does not halt, even when it cannot record events in the Security Log.

1

The feature is on. The system halts when it cannot record an event in the Security Log.

2

The feature is on and has been triggered. The system halted because it could not record an auditable event in the Security Log. Only members of the Administrators group can log on.

 

Typically, the system cannot record security events because the Security Log in Event Viewer is full or because the internal queue to the log has reached the maximum established by the value of Bounds .

 

Change method

You must restart the computer before changes to this entry take effect.

 

clip_image001[4] Note

Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

 

clip_image002[4] Tip

For more information about CrashOnAuditFail, see the Microsoft Knowledge Base link on the Web Resources page. Search the Knowledge Base for Article Q140058, or use the keywords CrashOnAuditFail or security log.

 

Related Entries

clip_image003[4]

Bounds

 

http://technet.microsoft.com/en-us/library/cc963220.aspx

 

 

 

 



No TrackBacks

TrackBack URL: http://www.skar.us/site/mt-tb.cgi/3268

Leave a comment








*
*

ebhakt
Author Bio          ★★★★★

Author Name:         ebhakt
Author Location:    India
Author Rank:          Writer
Author Status:        
The Green leave stands!!


*
*
*
*
****



*****



    Desktop
  • eBooks
  • Games
  • Softwares
  • Tools
  • Tweaks
  • Wallpapers
  • Warez
    PDA
  • Games
  • Tools
  • Wallpapers
    System Administration
  • dll Center
  • Scripts
  • Tools
  • .extensions database
  • Write-up
    more...
  • Download Database
  • Jobs
  • Lists
  • Polls
  • Glossary

01000011 01110010 01100001 01100011 01101011 01111010 01101000 01100001 01100011 01101011