Article ID: 119257, created on Dec 21, 2013, last review on Jun 17, 2016

  • Applies to:
  • Virtuozzo containers for Windows 4.6


Hardware Node or Container is restarted, the following message can be found in Event Viewer's System log:

Log Name: System
Source: USER32
Event ID: 1074
Level: Information
Keywords: Classic
The process wininit.exe has initiated the restart of computer <computer name> on behalf of user for the following reason: No title for this reason could be found
Reason Code: 0x50006
Shutdown Type: restart
Comment: The system process 'C:\Windows\system32\lsass.exe' terminated unexpectedly with status code 255. The system will now shut down and restart.

Always followed by this event:

Log Name: System
Source: LsaSrv
Event ID: 5000
Level: Error
The security package Kerberos generated an exception. The exception information is the data.


When a Windows Server 2008 R2-based or Windows 7-based computer runs under a high Kerberos authentication load, the Lsass.exe process crashes and error code 255 is generated. Therefore, the computer restarts unexpectedly.

This scenario is known for Microsoft: Lsass.exe crashes and error code 255 is generated in Windows Server 2008 R2 or in Windows 7

Possible reasons behind excessive load on Kerberos authentication module:

  • High authentication activity due to server's role in infrastructure (it is by design to receive high authentication load)

  • Bruteforce/DDoS attacks


If issue is triggered by RDP attacks, security measures should be enhanced by the administrator of the node/container. Among the possible measures:

  1. Security log can be analyzed and common attackers networks can be blocked by firewall.
  2. RDP port can be changed for the container, follow this MS article: How to change the listening port for Remote Desktop.
  3. "Network Level Authentication" can be enabled for such node/containers.

If your host is running Windows Server 2008 R2 SP1 you may install Microsoft Update KB2732595. This is a Limited Distribution Release update, therefore you should download and install it manually. It is safe according to the following article

"How to determine if an unsupported Microsoft update can be installed on a PVC node"

NOTE: Upgrade from Windows Server 2008 R2 to Windows Server 2008 R2 SP1 is CURRENTLY NOT SUPPORTED

Search Words


The security package Kerberos generated an exception. The exception information is the data


Windows has encountered a critical problem and will restart automatically in one minute

The system process 'C:\Windows\system32\lsass.exe' terminated unexpectedly with status code 255

965b49118115a610e93635d21c5694a8 2897d76d56d2010f4e3a28f864d69223 d02f9caf3e11b191a38179103495106f 6c20476fe6c3408461ce38cbcab6d03b

Email subscription for changes to this article
Save as PDF