To resolve this issue, follow these steps:
- Save and clear the security event log.
- Start Registry Editor.
- Locate the following key, and then set the value of this key to 1: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\CrashOnAuditFail
- Restart the server. The registry changes do not take effect until you restart the server.
- 0 - Anyone may log on. This is the default value.
- 1 - Anyone may log on if the system can audit the events and write the events to the security event log. If the security event log is full, the value for the CrashOnAuditFail key is changed to 2, and the server crashes.
- 2 - Only administrators may log on.
Note None of the following methods alone resolves the issue. You must follow the steps in the "Resolution" section before you use one of these methods.
- Set the Event Log Wrapping setting to Overwrite events as needed.
- Limit the number or types of events that are audited, or disable auditing completely.
- Set the value for the following registry key to 0: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\CrashOnAuditFail
Article ID: 832981 - Last Review: Oct 10, 2012 - Revision: 1