Windows 2003 Server RPC Error Shutding Down PC Automatically

Hello all!

I have two Windows 2003 Server running Navision Axapta ERP software. The machines are running on dual Xeon processors with 3GB RAM each and Windows 2003 Server. That is all they are used for. They Have Symantec Antvirus Corp Edition and are regularly updated every thursday.

In the last few days they have just all of a sudden started rebooting themselves once or twice per day! Just out of the blue. I have checked the event logs and pulled the follwoing error message from event viewer at the times of shutdown. Note neither of the servers have SP1 for 2003 Server loaded, i dont know if that could be a cause.

Source : Service Control manager
Event ID: 7031

The Remote Procedure Call (RPC) service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I would greatly appreciate any boffin or genius who can assist me and point me in the direction of fixing this asap.

Many Thanks

Deadly

deadlydaveAsked:
Who is Participating?
 
ZabagaRConnect With a Mentor Commented:
Cool.  I had the same problem with a server about 1 month ago.
0
 
deadlydaveAuthor Commented:
Seeking assistance urgently, looking for at least 1 expert here on this expert sex change site! Please assist asap.

Spank you!
0
 
SoyYopCommented:
On XP, means that the Blaster worm (I think it was the Blaster) was trying to break into the machine using an RPC flaw.
If your machine is updated (windowsupdate), I think that would be no reason for that.

Can you check for any strange event before the problems started? Any update installed?

It could mean:

- A network attack (most probably by a Virus). Both machines are compromised, but most probably not infected.
  Can you check all XP clientes (and other win32/nt OS's) are fully patched? Just to take out the Blaster posibility.
- A corrupted file: Only by an install or update, because BOTH machines have the same simpthoms.
- A buggy software trying to initiate an RPC connection. Check last upgrades, including drivers.
- A buggy service (svchost32, probably, hosting a buggy service). Any service upgraded?

Download and run the Microsoft Baseline Analyzer. You can explore all the network if you have admin rights, looking for unpatched machines or services:

http://www.microsoft.com/technet/security/tools/mbsahome.mspx

Specially check your SQL machines.

Luck,
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
WadskiIT DirectorCommented:
As above you can stop it restarting the machine in the short term to allow you to run the fix tools by:

Once booted and before shutdown...  <<You only have 30 seconds to do this...>>

Control Panel
Administration Tools
Services
Remote Procedure Call(RPC)... Right Click Properties
Recovery Tab

First Failure  -> Take No Action
Second Failure  -> Take No Action
Subsequent Failures  -> Take No Action

These should be changed back ONCE BLASTER HAS BEEN REMOVED.



0
 
ZabagaRCommented:
I know the Sasser worm does this too (forces a shutdown in 30 seconds):

More from Symantec: (this is the sasser removal tool info)

http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html

- Make sure your system has all updated Microsoft OS fixes/patches.
- Make sure antivirus is updated

To do a quick ABORT SHUTDOWN on your system, go to the command prompt and type:

shutdown -a   [press enter]

That will cancel out of the 30-second countdown.
0
 
Leandro IaconoSenior Premier Field EngineerCommented:
Updating it to SP1 will probably correct this error. This is almost for sure a problem with some kind of RPC Virus/worm or whatever ...

Try it out.

UICE
0
 
ZabagaRCommented:
If you're going to install SP1 on your Windows 2003 Servers, be sure you don't break 1 thing while fixing another.
Visit the official Windows 2003 SP1 site:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/servicepack/default.mspx

0
 
SoyYopCommented:
Ups... Didn't read carefull. If you haven't installed SP1, then GO FOR IT! Not sure if 2k3 would be infected or just crush in the event of an RPC event.

Search for a way to install SP1.
Get it on CD and disconnect the machine from the network. Backup!
Apply SP1.
Reboot and, if everything goes fine, proceed with the next one.

Go for the link provided by ZabagaR and download the "Download and Deploy SP1 to Multiple Servers (32-bit)" option. Burn to a CD and proceed.

Luck,
0
 
Kini pradeepPrincipal Cloud and security consultantCommented:
how many DC's do you have and if i am correct you have Ad integrated zone If yes then you can follow these steps.
make sure DNS is configured correctly.( DNS servers point to the 1 which is hosting the zone)
change the zone to standard primary and remove the DNS from all the other Dns servers ( this could not be feasible if you have a large domain)
make a single dns server make sure the GUIDs register under _msdcs folder and then replicate to all DC's once replication is sucessful, (try repadmin /showreps)
you can install dns on the others and change the root DNS to AD integrated and the DNS will replicate.
This problem might be caused if all DNS servers are pointing to themselves.

If you have appletalk installed remove it and that would resolve the issue ( if you have mac clients)
0
 
deadlydaveAuthor Commented:
Hi thanks all, i resolved it by downloading the appropriate patch from the microsoft site. Using the error code i go the right patch. It turned out auto updates had been disabled because recently we created an active dir and these servers were not in the correct OU, so they have been added now and it looks good.

Thanks

Dave
0
 
Leandro IaconoSenior Premier Field EngineerCommented:
Glad you could sort it out mate.

Cheers ...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.