On this computer I have regular Event 1530 reports referring to lsass.exe. Investigating using Process Monitor I find references to the Registry key HKLM\SAM\SAM\DOMAINS\etc where the task is "Desired Access Read and the Result is Name not found.
The computer is a Workstation and HKLM\SAM\SAM has no Domain entries. How do you backtrack to find what causes whatever it is to look for Domain entries on a Workstation?

TIA, Gerry

There is an amazing pack of free network admin tools. click here to download it

This error has been cured in pre Vista/W 7 operating system with UPHclean. This correcting functionality has been build into Vista and UPHclean is incompatible with Vista and W 7.
Description of this error is in KB

http://support.microsoft.com/kb/947238/en-us

Regards
Milos

There is an amazing pack of free network admin tools. click here to download it

Milos
KB947238 says "The application that is listed in the event detail is leaving the registry handle open and should be investigated." That is what I am trying to do!
Hope this helps, Gerry

Need to support users over the internet? click here try our remote control online beta

Hi,


Based on my research, this problem may occur when event tracing for Security Accounts Manager (SAM) events is enabled.


To work around this problem, please try to disable event tracing for SAM events and see how it works.


You can use
Logman command or
Trace Log Tool to disable it.


Hope this helps.

Jeremy Wu
TechNet Community Support

There is an amazing pack of free network admin tools. click here to download it

Hi,


Based on my research, this problem may occur when event tracing for Security Accounts Manager (SAM) events is enabled.


To work around this problem, please try to disable event tracing for SAM events and see how it works.


You can use
Logman command or
Trace Log Tool to disable it.


Hope this helps.

Jeremy Wu
TechNet Community Support

There is an amazing pack of free network admin tools. click here to download it