Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Windows 2003 Server RPC Error Shutding Down PC Automatically

Posted on 2005-04-15
11
Medium Priority
?
1,158 Views
Last Modified: 2012-05-05
Hello all!

I have two Windows 2003 Server running Navision Axapta ERP software. The machines are running on dual Xeon processors with 3GB RAM each and Windows 2003 Server. That is all they are used for. They Have Symantec Antvirus Corp Edition and are regularly updated every thursday.

In the last few days they have just all of a sudden started rebooting themselves once or twice per day! Just out of the blue. I have checked the event logs and pulled the follwoing error message from event viewer at the times of shutdown. Note neither of the servers have SP1 for 2003 Server loaded, i dont know if that could be a cause.

Source : Service Control manager
Event ID: 7031

The Remote Procedure Call (RPC) service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I would greatly appreciate any boffin or genius who can assist me and point me in the direction of fixing this asap.

Many Thanks

Deadly

0
Comment
Question by:deadlydave
  • 3
  • 2
  • 2
  • +3
11 Comments
 

Author Comment

by:deadlydave
ID: 13789792
Seeking assistance urgently, looking for at least 1 expert here on this expert sex change site! Please assist asap.

Spank you!
0
 
LVL 7

Expert Comment

by:SoyYop
ID: 13790445
On XP, means that the Blaster worm (I think it was the Blaster) was trying to break into the machine using an RPC flaw.
If your machine is updated (windowsupdate), I think that would be no reason for that.

Can you check for any strange event before the problems started? Any update installed?

It could mean:

- A network attack (most probably by a Virus). Both machines are compromised, but most probably not infected.
  Can you check all XP clientes (and other win32/nt OS's) are fully patched? Just to take out the Blaster posibility.
- A corrupted file: Only by an install or update, because BOTH machines have the same simpthoms.
- A buggy software trying to initiate an RPC connection. Check last upgrades, including drivers.
- A buggy service (svchost32, probably, hosting a buggy service). Any service upgraded?

Download and run the Microsoft Baseline Analyzer. You can explore all the network if you have admin rights, looking for unpatched machines or services:

http://www.microsoft.com/technet/security/tools/mbsahome.mspx

Specially check your SQL machines.

Luck,
0
 
LVL 16

Expert Comment

by:Wadski
ID: 13792112
As above you can stop it restarting the machine in the short term to allow you to run the fix tools by:

Once booted and before shutdown...  <<You only have 30 seconds to do this...>>

Control Panel
Administration Tools
Services
Remote Procedure Call(RPC)... Right Click Properties
Recovery Tab

First Failure  -> Take No Action
Second Failure  -> Take No Action
Subsequent Failures  -> Take No Action

These should be changed back ONCE BLASTER HAS BEEN REMOVED.



0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 15

Expert Comment

by:ZabagaR
ID: 13794098
I know the Sasser worm does this too (forces a shutdown in 30 seconds):

More from Symantec: (this is the sasser removal tool info)

http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html

- Make sure your system has all updated Microsoft OS fixes/patches.
- Make sure antivirus is updated

To do a quick ABORT SHUTDOWN on your system, go to the command prompt and type:

shutdown -a   [press enter]

That will cancel out of the 30-second countdown.
0
 
LVL 8

Expert Comment

by:Leandro Iacono
ID: 13796132
Updating it to SP1 will probably correct this error. This is almost for sure a problem with some kind of RPC Virus/worm or whatever ...

Try it out.

UICE
0
 
LVL 15

Expert Comment

by:ZabagaR
ID: 13798750
If you're going to install SP1 on your Windows 2003 Servers, be sure you don't break 1 thing while fixing another.
Visit the official Windows 2003 SP1 site:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/servicepack/default.mspx

0
 
LVL 7

Expert Comment

by:SoyYop
ID: 13805862
Ups... Didn't read carefull. If you haven't installed SP1, then GO FOR IT! Not sure if 2k3 would be infected or just crush in the event of an RPC event.

Search for a way to install SP1.
Get it on CD and disconnect the machine from the network. Backup!
Apply SP1.
Reboot and, if everything goes fine, proceed with the next one.

Go for the link provided by ZabagaR and download the "Download and Deploy SP1 to Multiple Servers (32-bit)" option. Burn to a CD and proceed.

Luck,
0
 
LVL 13

Expert Comment

by:Kini pradeep
ID: 13812734
how many DC's do you have and if i am correct you have Ad integrated zone If yes then you can follow these steps.
make sure DNS is configured correctly.( DNS servers point to the 1 which is hosting the zone)
change the zone to standard primary and remove the DNS from all the other Dns servers ( this could not be feasible if you have a large domain)
make a single dns server make sure the GUIDs register under _msdcs folder and then replicate to all DC's once replication is sucessful, (try repadmin /showreps)
you can install dns on the others and change the root DNS to AD integrated and the DNS will replicate.
This problem might be caused if all DNS servers are pointing to themselves.

If you have appletalk installed remove it and that would resolve the issue ( if you have mac clients)
0
 

Author Comment

by:deadlydave
ID: 13813487
Hi thanks all, i resolved it by downloading the appropriate patch from the microsoft site. Using the error code i go the right patch. It turned out auto updates had been disabled because recently we created an active dir and these servers were not in the correct OU, so they have been added now and it looks good.

Thanks

Dave
0
 
LVL 8

Expert Comment

by:Leandro Iacono
ID: 13820350
Glad you could sort it out mate.

Cheers ...
0
 
LVL 15

Accepted Solution

by:
ZabagaR earned 2000 total points
ID: 13820602
Cool.  I had the same problem with a server about 1 month ago.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Just about everyone has an old PC laying around.  Ask anyone in the IT industry, whether they are a professional or play in it as a hobby.  From outdated Desktops to cheap "throwaway" laptops, they are all around and not as hard to "fix up" as you m…
I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question