Solved

Proxy 2.0 client crashing w2k and NT4 workstations

Posted on 2001-08-10
15
570 Views
Last Modified: 2013-12-19
I have proxy server 2.0 running on W2K server. The clinets are using WSP Client. Over the last several weeks I have had 2 NT4 computers and 2 W2K computers crash becasue of the WSP client. Everything is fine and suddenly on boot up svchost.exe,on W2K, and services.exe on NT4 crash with a stack overflow. I can remove the WSP client and all is fine. When I reinstall the client I am unable to access the Internet. I run chkwsp32.exe and get the following output.
******************************************************************
****           Winsock Proxy Diagnostic Information           ****
******************************************************************

WAIT...

CONFIGURATION:
     Winsock Proxy Service - Configuration Location: C:\mspclnt\
     Proxy Name (IP Addr):
          REVERE_NT
     Proxy IPX Addr:
          Addr1: 4416db43-000000000002
     WINSOCK 2.0: WSP is a Layered Service Provider
     IP:     Installed
     IPX:     Not Installed

WAIT...

32-bit WSP CLIENT:
     Winsock Name: C:\WINNT\System32\wsock32.dll
     Version: 5.0.2195.2871
     Description: Windows Socket 32-Bit DLL
     Version Type: FREE
     Layered Service Provider version: 2.0.372.12
     Client version of control protocol: 10

-------------------------------------------
WSP Layerd Service Provider wasn't installed as the 1st LSP.

**Here is the drwatson log on the stack overflow.**

Application exception occurred:
        App: svchost.exe (pid=404)
        When: 8/6/2001 @ 08:12:50.194
        Exception number: c00000fd (stack overflow)

*----> System Information <----*
        Computer Name: compname
        User Name: SYSTEM
        Number of Processors: 1
        Processor Type: x86 Family 6 Model 8 Stepping 10
        Windows 2000 Version: 5.0
        Current Build: 2195
        Service Pack: 2
        Current Type: Uniprocessor Free
        Registered Organization: Company
        Registered Owner: username

*----> Task List <----*
   0 Idle.exe
   8 System.exe
 172 smss.exe
 192 csrss.exe
 108 winlogon.exe
 240 services.exe
 252 lsass.exe
 404 svchost.exe
 424 drwtsn32.exe
   0 _Total.exe

Please help.
0
Comment
Question by:swilson
  • 6
  • 3
  • 2
  • +3
15 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 6373748
Sounds like the COde Red Virus is causing problems even though ou do not have IIS running.

Get the latest patches just in case, SP2 and All related security patches !

---------------------------
its the Code Red worm.
The listing of services that stop :
               WWW publishing service
               MS SMTP service
               FTP Publishing service
               Site Server Authentification service
               Site Server LDAP Service

  http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms01-033.asp
---------------------------

I hope this helps !



0
 

Author Comment

by:swilson
ID: 6373890
This server has been patched since the patch was released. I subscribe to Microsoft's Security Bulletin. I load the server patches as soon as they are released and the code red patch was loaded long before July 17 th when the worm was discovered. I have had no problems with Code Red on any of my servers. I have seen in the logs were we have been scanned and code red attempted to take over the server but did not. Besides this has happened before code red was released.
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 6373949
OK, could it be a Denial Of Service attack ?

Is there anything odd in the event or proxy logs ??

I hope this helps !
0
 
LVL 14

Expert Comment

by:Don Thomson
ID: 6375965
Have you added any new programs to these PCs before this started.  Also try putting

stacks=64,512

and rem out any TSR programs in the Config.sys  and autoexec.bat  files  (on NTs look in etc folder  for config.nt  and autoexec.nt
0
 
LVL 4

Expert Comment

by:arminl
ID: 6380223
Comments to above:
* A stacks= statement on a NT client? Really an option? Thought that config.sys options have gone with DOS.

* If you have Proxy Server 2.0, IIS is running as well, Proxy 2.0 is based on IIS.

The crash dump infos are mostly useless for anyone but a developer having access to the crashing machine and to the crashed software soure code --> no luck.

Suggestion: there is very likely no way to get rid of the crash but reinstalling all affected machines and hope for the best. But there may be a way to get rid of the proxy client. For normal web access (HTTP, FTP read) the Proxy Client is not required at all, if you enter the Proxy Server IP into the Internet Explorer proxy server settings dialog.

Do you really need it?

Armin Linder

0
 
LVL 14

Expert Comment

by:Don Thomson
ID: 6380322
* A stacks= statement on a NT client? Really an option? Thought that config.sys options have gone with
DOS

Not altogether - Some DOS based programs like ACCPAC PLUS  still require things like files=249  in the boot in order to run properly. On an NT4 or Win2K  search for the config.nt  (not the config.sys)  or the autoexec.NT

For instance if you need to capture a printer port on the NT for a network printer (not connected to the actual NT you go into the autoexec.nt  and add

nt use lpt3: //remotepc/hpprn

Dos is not completely dead yet
0
 
LVL 3

Expert Comment

by:tortcat
ID: 6386954
ping, i'm having a simular problem i think, do you have any warning flags in your Application Event Log that refer to the proxy service?

/Tort
0
New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

 

Author Comment

by:swilson
ID: 6388347
Yes, Event ID 3 (The application was started while the service manager was locked and NtLmSsp wasn't running) but this is not the problem. These are expected. I have posted this question to other newsgroups and one response i've gotten is that some software programs (Bearshare was used an example) foul up the HKLM\system\currentcontrolset\services\winsock2 registry key. One fix was suggested to me but doesn't appear to work. Anyone? Anyone?
0
 

Author Comment

by:swilson
ID: 6389245
Yes, Event ID 3 (The application was started while the service manager was locked and NtLmSsp wasn't running) but this is not the problem. These are expected. I have posted this question to other newsgroups and one response i've gotten is that some software programs (Bearshare was used an example) foul up the HKLM\system\currentcontrolset\services\winsock2 registry key. One fix was suggested to me but doesn't appear to work. Anyone? Anyone?
0
 

Author Comment

by:swilson
ID: 6394511
I've found the problem and the fix for this. NEWDOTNET3_15.DLL is the culprit.  This is some sort of plugin that loads under rundll32 at startup before proxy client loads. Here is the website that describes the problem and how to uninstall NewDotNet3_15.dll.

http://www.cexx.org/newnet.htm

http://www.cexx.org/newnetfix2.htm


CAN I GIVE MYSELF THE POINTS!!
Bye
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 6395084
I'm glad you got it solved !!

Ask the Community support to refund your points and set this as a PAQ, if you feel that no one helped you.

0
 

Author Comment

by:swilson
ID: 6395191
No one was even close?
0
 
LVL 4

Accepted Solution

by:
arminl earned 0 total points
ID: 6396692
Think nobody was close, and the docs about that plug-in doesn't say anything about it causing crashes.

So I think this info is gold, and should be placed in the PAQs. I even support that swilson gets the points himself for posting the solution.

Though this may be rejected by EE for reasons: if this gets common practice lots of people would, in case they solve a wicked problem, post a question, waste some people's time who try to find answers, and then post their prepared answer to increase their points.

Armin Linder
0
 

Author Comment

by:swilson
ID: 6397179
I was only kidding about giving myself the points.
0
 
LVL 3

Expert Comment

by:modder
ID: 6400707
Hi swilson,

I've refunded your points, and I'm accepting the last comment not made by you so that this becomes a PAQ

modder
Community Support
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now