Windows 10 20H2 LSASS Crash Issue Causes Forced Reboots

Microsoft has acknowledged a new known issue causing forced restarts on Windows 10 20H2 devices due to the Local Security Authority Subsystem Service (LSASS) system process crashing.

LSASS is the system process responsible for security policy enforcing on Windows systems, and it is used by the OS to add entries to the security log and to handle user logins, password changes, and access token creation.

Whenever LSASS fails, the users will immediately lose access to the accounts available on the machine, an error will be automatically displayed, and the device is forced to restart.

Affects both client and server platforms

“After upgrading to Windows 10, version 20H2, you might receive the error in LSASS.exe with the text “Your PC will automatically restart in one minute” when interacting with any dialog window that lists users, for example accessing the sign-in options settings app page or the users folder in the Local user and groups MMC (Microsoft Management Console) snap-in,” Microsoft says.

Also Read: The PDPA Data Breach August 2020: A Recap of 8 Alarming

The known issue only affects those devices where local built-in accounts such as Administrator or Guest have been renamed as Redmond further explains.

Users might also see errors with Event ID 1015 being added to the Windows Application Event log saying that “LSASS.EXE failed with status code C0000374.”

Microsoft has also applied a new update block to prevent impacted devices from being offered or installing Windows 10, version 2004 or Windows 10, version 20H2 upgrades.

Microsoft says that it will provide updated bundles and refreshed installation media within the next few weeks, as soon as a resolution is available for the LSASS known issue.

Until a fix for the issue will be offered, Redmond recommends users to “not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.”

Workaround measures available

“To prevent the issue and not receive the safeguard hold, you will need to name all built-in user counts back to their default name before attempting to update to Windows 10, version 2004 or Windows 10, version 20H2,” Microsoft says.

While a full fix for this issue is not immediately available as Microsoft has just started investigating it, you can work around it by going back to a prior Windows 10 version using instructions available here.

“If you have already encountered this issue on your device, the uninstall window might be 10 or 30 days depending on the configuration of your environment and the version you’re updating to,” Microsoft says.

“You will then need to update to the later version of Windows 10 after the issue is resolved.”

Also Read: Thinking of Shredding or Burning Paper? Here’s What You Should Know

You can also increase the number of days you can go back to choose a previous Windows 10 version using the following DISM command (make sure you do this before the default uninstall window lapses):

DISM /Online /Set-OSUninstallWindow /Value:[days]

You can choose any time interval between 2 or 60 days as an argument for this command. If it’s lower or above that range, the number of days after the upgrade that an uninstall can be initiated will be automatically set to 10 days.

Today Microsoft applied an additional compatibility hold due to a second issue affecting devices running Windows 10 2004 or 20H2 and causing crashes with blue screens when users plug in a Thunderbolt NVMe (Non-Volatile Memory Express) Solid State Drive (SSD).