Inetinfo.exe/IIS random crashes - IISState log included

Do you have any ASP pages with code looping?

Best guess is that there's something screwey with the AuthxDB.dll filter.

Dave Dietz

Thanks for your suggestions

I'm pretty confident it's not an asp/aspx code issue, as when I run IIS Debug, it shows a different web page running at the time of crash each time.

The Authentix filter's an interesting take; Any idea what specifically I should look at?

I'll drop a mail to the software authors to get their take on it.

Any other ideas anyone?

Not off the top of my head.  Used to have a *lot* of problems with Authentix since they used an MDB database file, but they've really cleaned up their code in the past year or two and I haven't seen a real problem with their products since.

What version of Authentix are you using?

Also, an actual Crash Dump would be helpful in determining what is causing the problem:
286350 How To Use ADPlus to Troubleshoot "Hangs" and "Crashes"
http://support.microsoft.com/?id=286350

If you can catch a dump and post it somewhere publicly available I'd be happy to take a look at it.

Dave Dietz

Thanks for looking into it further with me. I'm using Webquota, authentix version 5.3f1 - Never thought to upgrade, as it's always worked fine (up until now?)

Your mentioning that particular component reminded me of something that I've noticed popping up in the application log, although to be fair not around the same time as the crashes, usually.:

Event Type:      Information
Event Source:      AuthXocx
Event Category:      Flicks
Event ID:      100
Date:            02/08/2004
Time:            17:42:22
User:            N/A
Computer:      REMOTE1
Description:
Message from: "Flicks Flt"
Message:
Accept raw header overflow.  The header is longer than standard http protocol recommends. Try using POST instead of GET. Part 1 is SEARCH / ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ±  

Event Type:      Information
Event Source:      AuthXocx
Event Category:      Flicks
Event ID:      100
Date:            02/08/2004
Time:            17:42:22
User:            N/A
Computer:      REMOTE1
Description:
Message from: "Flicks Flt"
Message:
Accept raw header overflow: part 2 is 

Crazy **** there, eh?

I've had another crash, so thought it might be worth posting the iisstate dump of that too, seeing as I'm filling up EE's database right now...

Opened log file 'F:\Admin\iisstate\output\IISState-2700.log'

***********************
Starting new log output
IISState version 3.3.1

Mon Aug 02 19:06:24 2004

OS = Windows 2000
Executable: inetinfo.exe
PID =  2700

Note: Thread times are formatted as HH:MM:SS.ms

***********************


IIS has crashed...
Beginning Analysis
DLL (!FunctionName) that failed: ntdll!RtlpFindAndCommitPages




Thread ID: 40
System Thread ID: bd4
Kernel Time: 0:0:0.140
User Time: 0:0:0.453
*** WARNING: Unable to verify checksum for C:\WINNT\system32\inetsrv\zip_isapi.dll
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINNT\system32\inetsrv\zip_isapi.dll -
Thread Type: Other
 # ChildEBP RetAddr  
00 0e7befe0 77fcd020 ntdll!RtlpFindAndCommitPages+0x108
01 0e7bf018 77fccdc1 ntdll!RtlpExtendHeap+0x9e
02 0e7bf1f4 7c57374e ntdll!RtlAllocateHeap+0x3b6
03 0e7bf240 65f290dd KERNEL32!LocalAlloc+0x74
04 0e7bf250 65f28eef w3svc!FILTER_POOL_ITEM::CreateMemPoolItem+0x37
05 0e7bf25c 1000709f w3svc!AllocFilterMem+0x19
WARNING: Stack unwind information not available. Following frames may be wrong.
06 0e7bf28c 10004fd8 zip_isapi!TerminateFilter+0x1caf
07 00000000 00000000 zip_isapi!HttpFilterProc+0x12e8
Closing open log file F:\Admin\iisstate\output\IISState-2700.log
Opened log file 'F:\Admin\iisstate\output\IISState-2700.log'

***********************
Starting new log output
IISState version 3.3.1

Mon Aug 02 19:06:27 2004

OS = Windows 2000
Executable: inetinfo.exe
PID =  2700

Note: Thread times are formatted as HH:MM:SS.ms

***********************




Thread ID: 0
System Thread ID: 718
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Type: Other
 # ChildEBP RetAddr  
00 0006f89c 7c5785d1 ntdll!ZwReadFile+0xb
01 0006f910 7c2e4cd9 KERNEL32!ReadFile+0x181
02 0006f93c 7c2e4b5f ADVAPI32!ScGetPipeInput+0x28
03 0006f9b8 7c2e6632 ADVAPI32!ScDispatcherLoop+0x4a
04 0006fbf4 01002884 ADVAPI32!StartServiceCtrlDispatcherA+0x7d
05 0006fd30 01001e94 inetinfo!StartDispatchTable+0x2f1
06 0006ff70 01002fbf inetinfo!main+0x654
07 0006ffc0 7c581af6 inetinfo!mainCRTStartup+0xff
08 0006fff0 00000000 KERNEL32!BaseProcessStart+0x3d




Thread ID: 1
System Thread ID: 9a0
Kernel Time: 0:0:0.15
User Time: 0:0:0.15
Thread Type: Other
 # ChildEBP RetAddr  
00 0059fd1c 7c573b28 ntdll!ZwWaitForSingleObject+0xb
01 0059fd44 7c573b50 KERNEL32!WaitForSingleObjectEx+0x71
02 0059fd54 6e6f1685 KERNEL32!WaitForSingleObject+0xf
03 0059fd70 01002440 iisadmin!ServiceEntry+0x156
04 0059ffa4 7c2e4e9b inetinfo!InetinfoStartService+0x2bd
05 0059ffb4 7c57438b ADVAPI32!ScSvcctrlThreadW+0xe
06 0059ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 2
System Thread ID: 98c
Kernel Time: 0:0:7.0
User Time: 0:0:4.312
Thread Type: Other
 # ChildEBP RetAddr  
00 006dfe5c 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
01 006dfeac 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
02 006dff08 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
03 006dff24 6e5a5a7c USER32!MsgWaitForMultipleObjects+0x1d
04 006dff7c 780085bc IisRTL!SchedulerWorkerThread+0xa7
05 006dffb4 7c57438b MSVCRT!_endthreadex+0xc1
06 006dffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 3
System Thread ID: 62c
Kernel Time: 0:0:7.453
User Time: 0:0:4.890
Thread Type: Other
 # ChildEBP RetAddr  
00 0071fe5c 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
01 0071feac 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
02 0071ff08 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
03 0071ff24 6e5a5a7c USER32!MsgWaitForMultipleObjects+0x1d
04 0071ff7c 780085bc IisRTL!SchedulerWorkerThread+0xa7
05 0071ffb4 7c57438b MSVCRT!_endthreadex+0xc1
06 0071ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 4
System Thread ID: be0
Kernel Time: 0:0:1.187
User Time: 0:0:1.546
Thread Type: Possible ASP page.  Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

 # ChildEBP RetAddr  
00 00b7fe24 77d37ba7 ntdll!ZwReplyWaitReceivePortEx+0xb
01 00b7ff74 77d37b4c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x74
02 00b7ff78 77d35924 RPCRT4!RecvLotsaCallsWrapper+0x9
03 00b7ffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0x4f
04 00b7ffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18
05 00b7ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 5
System Thread ID: 870
Kernel Time: 0:0:0.453
User Time: 0:0:0.312
Thread Type: Other
 # ChildEBP RetAddr  
00 00e0fc1c 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
01 00e0fc6c 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
02 00e0fcc8 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
03 00e0fce4 769c71e0 USER32!MsgWaitForMultipleObjects+0x1d
04 00e0fd30 65f0cfd8 INFOCOMM!IIS_SERVICE::StartServiceOperation+0x209
05 00e0fd70 01002440 w3svc!ServiceEntry+0x1b5
06 00e0ffa4 7c2e4e9b inetinfo!InetinfoStartService+0x2bd
07 00e0ffb4 7c57438b ADVAPI32!ScSvcctrlThreadW+0xe
08 00e0ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 6
System Thread ID: 9f0
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Type: Other
 # ChildEBP RetAddr  
00 00e4fc1c 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
01 00e4fc6c 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
02 00e4fcc8 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
03 00e4fce4 769c71e0 USER32!MsgWaitForMultipleObjects+0x1d
04 00e4fd30 6fc6b2f0 INFOCOMM!IIS_SERVICE::StartServiceOperation+0x209
05 00e4fd70 01002440 ftpsvc2!ServiceEntry+0xc7
06 00e4ffa4 7c2e4e9b inetinfo!InetinfoStartService+0x2bd
07 00e4ffb4 7c57438b ADVAPI32!ScSvcctrlThreadW+0xe
08 00e4ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 7
System Thread ID: 74c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
 # ChildEBP RetAddr  
00 00f0ff5c 7c573c73 ntdll!ZwRemoveIoCompletion+0xb
01 00f0ff88 6d7029ef KERNEL32!GetQueuedCompletionStatus+0x27
02 00f0ffb4 7c57438b ISATQ!I_AtqOplockThreadFunc+0x32
03 00f0ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 8
System Thread ID: 630
Kernel Time: 0:0:7.781
User Time: 0:0:6.703
Thread Type: HTTP Listener
 # ChildEBP RetAddr  
00 00f4ff50 7c573c73 ntdll!ZwRemoveIoCompletion+0xb
01 00f4ff7c 6d702957 KERNEL32!GetQueuedCompletionStatus+0x27
02 00f4ffb4 7c57438b ISATQ!AtqPoolThread+0x40
03 00f4ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 9
System Thread ID: c28
Kernel Time: 0:0:5.562
User Time: 0:0:3.781
Thread Type: HTTP Listener
 # ChildEBP RetAddr  
00 00f8ff50 7c573c73 ntdll!ZwRemoveIoCompletion+0xb
01 00f8ff7c 6d702957 KERNEL32!GetQueuedCompletionStatus+0x27
02 00f8ffb4 7c57438b ISATQ!AtqPoolThread+0x40
03 00f8ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 10
System Thread ID: 83c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page.  Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

 # ChildEBP RetAddr  
00 0128feb8 7c573c73 ntdll!ZwRemoveIoCompletion+0xb
01 0128fee4 77d31394 KERNEL32!GetQueuedCompletionStatus+0x27
02 0128ff20 77d3e93f RPCRT4!COMMON_ProcessCalls+0x9e
03 0128ff74 77d3e8c2 RPCRT4!LOADABLE_TRANSPORT::ProcessIOEvents+0x99
04 0128ff78 77d35924 RPCRT4!ProcessIOEventsWrapper+0x9
05 0128ffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0x4f
06 0128ffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18
07 0128ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 11
System Thread ID: af8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
 # ChildEBP RetAddr  
00 0138fd20 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
01 0138fd70 7c578f0d KERNEL32!WaitForMultipleObjectsEx+0xea
02 0138fd88 778322b2 KERNEL32!WaitForMultipleObjects+0x17
03 0138ffb4 7c57438b RTUTILS!TraceServerThread+0xde
04 0138ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 12
System Thread ID: 370
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
 # ChildEBP RetAddr  
00 013dff00 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
01 013dff50 75037871 KERNEL32!WaitForMultipleObjectsEx+0xea
02 013dff6c 6fc66e80 WS2_32!WSAWaitForMultipleEvents+0x18
03 013dffb4 7c57438b ftpsvc2!PASV_ACCEPT_CONTEXT::AcceptThreadFunc+0x39
04 013dffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 13
System Thread ID: bb4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for \\?\C:\IISDebugTools\IISCHAgent.dll -
Thread Type: Other
 # ChildEBP RetAddr  
00 0181fed8 7c573c73 ntdll!ZwRemoveIoCompletion+0xb
01 0181ff04 67306fab KERNEL32!GetQueuedCompletionStatus+0x27
WARNING: Stack unwind information not available. Following frames may be wrong.
02 0181ffb4 7c57438b IISCHAgent!ConfigFileMonitor+0x15b
03 0181ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 14
System Thread ID: b0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
 # ChildEBP RetAddr  
00 0195ff18 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
01 0195ff68 7c578f0d KERNEL32!WaitForMultipleObjectsEx+0xea
02 0195ff80 6730649c KERNEL32!WaitForMultipleObjects+0x17
WARNING: Stack unwind information not available. Following frames may be wrong.
03 0195ffb4 7c57438b IISCHAgent!MonitorWorkerProcess+0xa3
04 0195ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 15
System Thread ID: 7ec
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
 # ChildEBP RetAddr  
00 01b2fce0 74fd1394 ntdll!ZwWaitForSingleObject+0xb
01 01b2fd1c 74fd3c59 msafd!SockWaitForSingleObject+0x1a8
02 01b2fe08 750312f5 msafd!WSPSelect+0x24e
03 01b2fe6c 6e2b3b6e WS2_32!select+0xe7
04 01b2ffb4 7c57438b inetsloc!SocketListenThread+0x51
05 01b2ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 16
System Thread ID: bf0
Kernel Time: 0:0:5.578
User Time: 0:0:5.390
Thread Type: HTTP Listener
 # ChildEBP RetAddr  
00 01b6ff50 7c573c73 ntdll!ZwRemoveIoCompletion+0xb
01 01b6ff7c 6d702957 KERNEL32!GetQueuedCompletionStatus+0x27
02 01b6ffb4 7c57438b ISATQ!AtqPoolThread+0x40
03 01b6ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 17
System Thread ID: 8b4
Kernel Time: 0:0:7.703
User Time: 0:0:7.390
Thread Type: HTTP Listener
 # ChildEBP RetAddr  
00 01baff50 7c573c73 ntdll!ZwRemoveIoCompletion+0xb
01 01baff7c 6d702957 KERNEL32!GetQueuedCompletionStatus+0x27
02 01baffb4 7c57438b ISATQ!AtqPoolThread+0x40
03 01baffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 18
System Thread ID: 770
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
 # ChildEBP RetAddr  
00 01befdfc 74fd1394 ntdll!ZwWaitForSingleObject+0xb
01 01befe38 74fd3c59 msafd!SockWaitForSingleObject+0x1a8
02 01beff24 750312f5 msafd!WSPSelect+0x24e
03 01beff88 6d7075bd WS2_32!select+0xe7
04 01beffb0 6d70791b ISATQ!ATQ_BMON_SET::BmonThreadFunc+0x22
05 01beffb4 7c57438b ISATQ!BmonThreadFunc+0x9
06 01beffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 19
System Thread ID: b24
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Compression Thread
 # ChildEBP RetAddr  
00 01e2ff5c 7c573b28 ntdll!ZwWaitForSingleObject+0xb
01 01e2ff84 7c573b50 KERNEL32!WaitForSingleObjectEx+0x71
02 01e2ff94 732c3366 KERNEL32!WaitForSingleObject+0xf
03 01e2ffb4 7c57438b compfilt!CompressionThread+0x29
04 01e2ffc0 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 20
System Thread ID: 8c0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
 # ChildEBP RetAddr  
00 0221ff30 77abbad5 USER32!NtUserGetMessage+0xb
01 0221ff70 77abba23 ole32!CDllHost::STAWorkerLoop+0x40
02 0221ff8c 77abb95e ole32!CDllHost::WorkerThread+0xc2
03 0221ff90 77ab50ee ole32!DLLHostThreadEntry+0x9
04 0221ffa8 77ab5046 ole32!CRpcThread::WorkerLoop+0x22
05 0221ffb4 7c57438b ole32!CRpcThreadCache::RpcWorkerThreadEntry+0x1a
06 0221ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 21
System Thread ID: 894
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** WARNING: Unable to verify checksum for C:\WINNT\System32\AuthxDB.dll
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINNT\System32\AuthxDB.dll -
Thread Type: Other
 # ChildEBP RetAddr  
00 0225fe54 7c573b28 ntdll!ZwWaitForSingleObject+0xb
01 0225fe7c 7c573b50 KERNEL32!WaitForSingleObjectEx+0x71
02 0225fe8c 6c37143a KERNEL32!WaitForSingleObject+0xf
03 0225fe98 6c3715b3 MFC42!CSyncObject::Lock+0xd
04 0225fea4 01fd7ba9 MFC42!CSingleLock::Lock+0xe
WARNING: Stack unwind information not available. Following frames may be wrong.
05 0225ff10 6c3bde33 AuthxDB!HouseKeep+0x1c56d
06 0225ff7c 780085bc MFC42!_AfxThreadEntry+0xf0
07 0225ffb4 7c57438b MSVCRT!_endthreadex+0xc1
08 0225ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 22
System Thread ID: a38
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
 # ChildEBP RetAddr  
00 0229fe60 7c573b28 ntdll!ZwWaitForSingleObject+0xb
01 0229fe88 7c573b50 KERNEL32!WaitForSingleObjectEx+0x71
02 0229fe98 6c37143a KERNEL32!WaitForSingleObject+0xf
03 0229fea4 6c3715b3 MFC42!CSyncObject::Lock+0xd
04 0229feb0 01fd7fec MFC42!CSingleLock::Lock+0xe
WARNING: Stack unwind information not available. Following frames may be wrong.
05 0229ff10 6c3bde33 AuthxDB!HouseKeep+0x1c9b0
06 0229ff7c 780085bc MFC42!_AfxThreadEntry+0xf0
07 0229ffb4 7c57438b MSVCRT!_endthreadex+0xc1
08 0229ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 23
System Thread ID: 394
Kernel Time: 0:0:0.0
User Time: 0:0:0.109
*** WARNING: Unable to verify checksum for f:\servertools\webquota\authXflt.dll
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for f:\servertools\webquota\authXflt.dll -
Thread Type: Other
 # ChildEBP RetAddr  
00 0231fd88 7c573b28 ntdll!ZwWaitForSingleObject+0xb
01 0231fdb0 7c573b50 KERNEL32!WaitForSingleObjectEx+0x71
02 0231fdc0 6c37143a KERNEL32!WaitForSingleObject+0xf
03 0231fdcc 6c3715b3 MFC42!CSyncObject::Lock+0xd
04 0231fdd8 01f5612e MFC42!CSingleLock::Lock+0xe
WARNING: Stack unwind information not available. Following frames may be wrong.
05 0231ff10 6c3bde33 authXflt+0x1612e
06 0231ff7c 780085bc MFC42!_AfxThreadEntry+0xf0
07 0231ffb4 7c57438b MSVCRT!_endthreadex+0xc1
08 0231ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 24
System Thread ID: a20
Kernel Time: 0:0:0.0
User Time: 0:0:0.31
Thread Type: Other
 # ChildEBP RetAddr  
00 0247fe70 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
01 0247fec0 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
02 0247ff1c 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
03 0247ff38 65f09ccb USER32!MsgWaitForMultipleObjects+0x1d
04 0247ff7c 78008454 w3svc!CMTACallbackThread::Thread+0x42
05 0247ffb4 7c57438b MSVCRT!_endthread+0xc6
06 0247ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 25
System Thread ID: 28c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
 # ChildEBP RetAddr  
00 024bfea8 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
01 024bfef8 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
02 024bff54 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
03 024bff70 65f09d47 USER32!MsgWaitForMultipleObjects+0x1d
04 024bffb4 7c57438b w3svc!OleHackThread+0x88
05 024bffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 26
System Thread ID: c10
Kernel Time: 0:0:0.937
User Time: 0:0:1.312
Thread Type: Possible ASP page.  Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

 # ChildEBP RetAddr  
00 0273fe24 77d37ba7 ntdll!ZwReplyWaitReceivePortEx+0xb
01 0273ff74 77d37b4c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x74
02 0273ff78 77d35924 RPCRT4!RecvLotsaCallsWrapper+0x9
03 0273ffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0x4f
04 0273ffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18
05 0273ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 27
System Thread ID: 910
Kernel Time: 0:0:1.31
User Time: 0:0:1.234
Thread Type: Possible ASP page.  Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

 # ChildEBP RetAddr  
00 028ffe24 77d37ba7 ntdll!ZwReplyWaitReceivePortEx+0xb
01 028fff74 77d37b4c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x74
02 028fff78 77d35924 RPCRT4!RecvLotsaCallsWrapper+0x9
03 028fffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0x4f
04 028fffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18
05 028fffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 28
System Thread ID: bfc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Idle ASP thread
 # ChildEBP RetAddr  
00 02a0ff08 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
01 02a0ff58 7c578f0d KERNEL32!WaitForMultipleObjectsEx+0xea
02 02a0ff70 787f58ce KERNEL32!WaitForMultipleObjects+0x17
03 02a0ffb4 7c57438b COMSVCS!CEventDispatcher::PushEvents+0x4e
04 02a0ffc0 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 29
System Thread ID: c20
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page.  Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

Remote call is either to a MTA object or object not initialized. Also, possible utility thread.
DCOM call being made to Process ID: 2356
Waiting on thread id: ffffffff

 # ChildEBP RetAddr  
00 02a4fb68 77d4256d ntdll!ZwRequestWaitReplyPort+0xb
01 02a4fb94 77d3ac56 RPCRT4!LRPC_CCALL::SendReceive+0x11e
02 02a4fba0 77b25b87 RPCRT4!I_RpcSendReceive+0x2c
03 02a4fbc0 77b25a52 ole32!ThreadSendReceive+0xef
04 02a4fbd8 77b22ab6 ole32!CRpcChannelBuffer::SwitchAptAndDispatchCall+0x14f
05 02a4fc18 77b258c6 ole32!CRpcChannelBuffer::SendReceive2+0x96
06 02a4fc28 77a6cb5d ole32!CRpcChannelBuffer::SendReceive+0x11
07 02a4fc88 77ab74c3 ole32!CAptRpcChnl::SendReceive+0xa9
08 02a4fce0 77d94c1a ole32!CCtxComChnl::SendReceive+0x124
09 02a4fcfc 77d9487d RPCRT4!NdrProxySendReceive+0x4c
0a 02a4ff44 77d95136 RPCRT4!NdrClientCall2+0x4f5
0b 02a4ff60 77d46e75 RPCRT4!ObjectStublessClient+0x76
0c 02a4ff70 787f5818 RPCRT4!ObjectStubless+0xf
0d 02a4ffb4 7c57438b COMSVCS!CEventDispatcher::GetEventServerInfoThread+0x118
0e 02a4ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 30
System Thread ID: b00
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

 # ChildEBP RetAddr  
00 02c1ff38 7c573a4e ntdll!NtDelayExecution+0xb
01 02c1ff58 7c573a22 KERNEL32!SleepEx+0x32
02 02c1ff64 79e8c932 KERNEL32!Sleep+0xb
03 02c1ffb4 7c57438b aspnet_isapi!ThreadGateThreadProc+0x6a
04 02c1ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 31
System Thread ID: a68
Kernel Time: 0:0:0.281
User Time: 0:0:0.46
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

 # ChildEBP RetAddr  
00 02c9ff44 7c573a4e ntdll!NtDelayExecution+0xb
01 02c9ff64 7c573a22 KERNEL32!SleepEx+0x32
02 02c9ff70 79e7dd5b KERNEL32!Sleep+0xb
03 02c9ff80 01e9940f aspnet_isapi!MonitorHealth+0x40
04 02c9ffb4 7c57438b MSVCR71!_endthread+0xaa
05 02c9ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 32
System Thread ID: 360
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
 # ChildEBP RetAddr  
00 0338ebe0 77f89ebd ntdll!ZwWaitForMultipleObjects+0xb
01 0338ffb4 7c57438b ntdll!RtlpWaitThread+0x1b9
02 0338ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 33
System Thread ID: 980
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
 # ChildEBP RetAddr  
00 033cff1c 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
01 033cff6c 7c578f0d KERNEL32!WaitForMultipleObjectsEx+0xea
02 033cff84 7c121fef KERNEL32!WaitForMultipleObjects+0x17
03 033cffb4 7c57438b USERENV!NotificationThread+0x5f
04 033cffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 34
System Thread ID: bc8
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Type: Idle ASP thread
 # ChildEBP RetAddr  
00 0364fd54 7c573b28 ntdll!ZwWaitForSingleObject+0xb
01 0364fd7c 7c573b50 KERNEL32!WaitForSingleObjectEx+0x71
02 0364fd8c 7878db85 KERNEL32!WaitForSingleObject+0xf
03 0364ffb4 7c57438b COMSVCS!PingThread+0xf5
04 0364ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 35
System Thread ID: 7fc
Kernel Time: 0:0:1.0
User Time: 0:0:1.671
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

 # ChildEBP RetAddr  
00 097dff34 7c573c73 ntdll!ZwRemoveIoCompletion+0xb
01 097dff60 79e8c820 KERNEL32!GetQueuedCompletionStatus+0x27
02 097dffb4 7c57438b aspnet_isapi!ThreadPoolThreadProc+0x64
03 097dffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 36
System Thread ID: a5c
Kernel Time: 0:0:0.406
User Time: 0:0:0.687
Thread Type: Possible ASP page.  Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made
 # ChildEBP RetAddr  
00 0bf3fe24 77d37ba7 ntdll!ZwReplyWaitReceivePortEx+0xb
01 0bf3ff74 77d37b4c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x74
02 0bf3ff78 77d359c3 RPCRT4!RecvLotsaCallsWrapper+0x9
03 0bf3ffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0x11f
04 0bf3ffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18
05 0bf3ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 37
System Thread ID: c94
Kernel Time: 0:0:2.468
User Time: 0:0:3.640
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\50\bin\fp5Autl.dll -
Thread Type: Front Page Authoring.
 # ChildEBP RetAddr  
00 0cfcfdc8 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
01 0cfcfe18 7c578f0d KERNEL32!WaitForMultipleObjectsEx+0xea
02 0cfcfe30 32e5dddf KERNEL32!WaitForMultipleObjects+0x17
WARNING: Stack unwind information not available. Following frames may be wrong.
03 0cfcff78 32e2366c fp5Autl!Ordinal1596+0xe58
04 0cfcffb4 7c57438b fp5Autl!Ordinal475+0x43b
05 0cfcffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 38
System Thread ID: bec
Kernel Time: 0:0:2.359
User Time: 0:0:2.593
Thread Type: Front Page Authoring.
 # ChildEBP RetAddr  
00 0d05fdc8 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
01 0d05fe18 7c578f0d KERNEL32!WaitForMultipleObjectsEx+0xea
02 0d05fe30 32e5dddf KERNEL32!WaitForMultipleObjects+0x17
WARNING: Stack unwind information not available. Following frames may be wrong.
03 0d05ff78 32e2366c fp5Autl!Ordinal1596+0xe58
04 0d05ffb4 7c57438b fp5Autl!Ordinal475+0x43b
05 0d05ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 39
System Thread ID: be8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\50\servsupp\fp5amsft.dll -
Thread Type: Front Page Authoring.
 # ChildEBP RetAddr  
00 0d22fef8 7c573b28 ntdll!ZwWaitForSingleObject+0xb
01 0d22ff20 7c573b50 KERNEL32!WaitForSingleObjectEx+0x71
02 0d22ff30 32d48b57 KERNEL32!WaitForSingleObject+0xf
WARNING: Stack unwind information not available. Following frames may be wrong.
03 0d22ff70 32db651d fp5amsft!prepareToUnload+0xfc29
04 0d22ffb4 7c57438b fp5Autl!Ordinal587+0x19
05 0d22ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 40
System Thread ID: bd4
Kernel Time: 0:0:0.140
User Time: 0:0:0.453
Thread Type: Other
 # ChildEBP RetAddr  
00 0e7befe0 77fcd020 ntdll!RtlpFindAndCommitPages+0x108
01 0e7bf018 77fccdc1 ntdll!RtlpExtendHeap+0x9e
02 0e7bf1f4 7c57374e ntdll!RtlAllocateHeap+0x3b6
03 0e7bf240 65f290dd KERNEL32!LocalAlloc+0x74
04 0e7bf250 65f28eef w3svc!FILTER_POOL_ITEM::CreateMemPoolItem+0x37
05 0e7bf25c 1000709f w3svc!AllocFilterMem+0x19
WARNING: Stack unwind information not available. Following frames may be wrong.
06 0e7bf28c 10004fd8 zip_isapi!TerminateFilter+0x1caf
07 00000000 00000000 zip_isapi!HttpFilterProc+0x12e8




Thread ID: 41
System Thread ID: 6a4
Kernel Time: 0:0:1.62
User Time: 0:0:0.921
Thread Type: HTTP Listener
 # ChildEBP RetAddr  
00 0e94ff50 7c573c73 ntdll!ZwRemoveIoCompletion+0xb
01 0e94ff7c 6d702957 KERNEL32!GetQueuedCompletionStatus+0x27
02 0e94ffb4 7c57438b ISATQ!AtqPoolThread+0x40
03 0e94ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 42
System Thread ID: 14c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page.  Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made
 # ChildEBP RetAddr  
00 1573ff74 77d359a3 ntdll!NtDelayExecution+0xb
01 1573ffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0xc3
02 1573ffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18
03 1573ffec 00000000 KERNEL32!BaseThreadStart+0x52




Thread ID: 43
System Thread ID: b30
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page.  Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made
 # ChildEBP RetAddr  
00 1577ff74 77d359a3 ntdll!NtDelayExecution+0xb
01 1577ffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0xc3
02 1577ffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18
03 1577ffec 00000000 KERNEL32!BaseThreadStart+0x52

*****

Dump name is formatted as: PID-Timestamp.dmp

Creating F:\Admin\iisstate\output\2700-1091470005.dmp - mini user dump

*****

Closing open log file F:\Admin\iisstate\output\IISState-2700.log

Does that back up your Authentix theory? I notice that there's a zip ISAPI that may be playing up too...

OK, I got ADPlus going, and have uploaded the logs for the day here:

http://www.remote.uk.com/iiscrashlogs/

I've enabled browsing on the directory, so you can look at all the logs. The largest directory (ending 0404) I think contains all the madness.

If you wouldn't mind having a look at them, It'd be most appreciated.

Many thanks,

Bluze

Thats excellent, thanks so much for your time Dave.

I'll let you know how I get on!

Paul