rsuguna1
asked on
lanmanserver stops automatically in win 2003 server
Hi ,
Lastweekend there was a power shutdown in the building therefore, i did a proper shutdown of my DC (windows 2003 server SP1) and web server (windows 2003 SP1 web edition)
Aft i switched on the servers, i receive the following error msg:
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- --
information - event id =1004
Reporting queued error: faulting application svchost.exe, version 5.2.3790.1830, faulting module netapi32.dll, version 5.2.3790.1830, fault address 0x0000a2be.
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
Event Id=1058
Generic Host Process for Win32 Services encountered a problem and needed to close.
then at close to 6pm, none of us in the organisation is able to access the shared folders in the server. The lanmanserver service has been stopped running therefore, the following mgs were logged in the events log:
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945 F-00C04FB9 84F9},CN=P olicies,CN =System,DC =nxgencomm s,DC=com,D C=sg. The file must be present at the location <\\nxgencomms.com.sg\sysvo l\nxgencom ms.com.sg\ Policies\{ 31B2F340-0 16D-11D2-9 45F-00C04F B984F9}\gp t.ini>. (Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. ). Group Policy processing aborted.
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------
event id=1030
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -
hijackthis log
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -
Logfile of HijackThis v1.99.1
Scan saved at 4:02:50 AM, on 10/2/2006
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\Program Files\SAV\DefWatch.exe
C:\WINDOWS\system32\Dfssvc .exe
C:\WINDOWS\System32\dns.ex e
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\inetsr v\inetinfo .exe
C:\WINDOWS\system32\CBA\pd s.exe
C:\WINDOWS\System32\ismser v.exe
f:\PROGRA~1\MICROS~1\MSSQL $~1\binn\s qlservr.ex e
C:\WINDOWS\system32\ntfrs. exe
C:\WINDOWS\System32\snmp.e xe
C:\Program Files\SAV\Rtvscan.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\lserve r.exe
C:\WINDOWS\System32\wins.e xe
C:\Program Files\RealVNC\VNC4\WinVNC4 .exe
C:\Program Files\Common Files\System\MSSearch\Bin\ mssearch.e xe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SAV\VPTray.exe
C:\Program Files\QNAP\NetBak\NetBak.e xe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlma ngr.exe
C:\WINDOWS\system32\oobech k.exe
C:\WINDOWS\system32\mshta. exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator.NXG ENCOMMS\De sktop\hija ckthis\Hij ackThis.ex e
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = res://shdoclc.dll/hardAdmi n.htm
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\VPTray.exe
O4 - HKLM\..\Run: [QNAP_NASNetBak] C:\Program Files\QNAP\NetBak\NetBak.e xe /min
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlma ngr.exe
O16 - DPF: {17492023-C23A-453E-A040-C 7C580BBF70 0} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-F CFDF33E833 C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152437397963
O16 - DPF: {6E32070A-766D-4EE6-879C-D C1FA91D2FC 3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159338795468
O17 - HKLM\System\CCS\Services\T cpip\Param eters: Domain = nxgencomms.com.sg
O17 - HKLM\Software\..\Telephony : DomainName = nxgencomms.com.sg
O17 - HKLM\System\CCS\Services\T cpip\..\{D 9128AE0-D3 E0-417E-8B E9-57229C3 F7ED8}: NameServer = 192.168.1.99
O17 - HKLM\System\CS1\Services\T cpip\Param eters: Domain = nxgencomms.com.sg
O17 - HKLM\System\CS2\Services\T cpip\Param eters: Domain = nxgencomms.com.sg
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsnt fy.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLog on.dll
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\SAV\DefWatch.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\CBA\pd s.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\SAV\Rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4 .exe" -service (file missing)
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ----
net start
-------------------------- ---------- ---------- ---------- --
These Windows services are started:
Application Experience Lookup Service
Automatic Updates
COM+ Event System
Computer Browser
Cryptographic Services
DCOM Server Process Launcher
DHCP Client
Distributed File System
Distributed Transaction Coordinator
DNS Client
DNS Server
Error Reporting Service
Event Log
File Replication Service
FTP Publishing Service
Help and Support
HTTP SSL
IIS Admin Service
Intel PDS
Intersite Messaging
IPSEC Services
Kerberos Key Distribution Center
Logical Disk Manager
Microsoft Search
MSSQL$NXGEN
Net Logon
Network Connections
Network Location Awareness (NLA)
NT LM Security Support Provider
Plug and Play
Print Spooler
Protected Storage
Remote Access Connection Manager
Remote Procedure Call (RPC)
Remote Registry
Routing and Remote Access
Secondary Logon
Security Accounts Manager
Server
Shell Hardware Detection
SNMP Service
Symantec AntiVirus
Symantec AntiVirus Definition Watcher
System Event Notification
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Terminal Server Licensing
Terminal Services
VNC Server Version 4
Windows Audio
Windows Internet Name Service (WINS)
Windows Management Instrumentation
Windows Time
Wireless Configuration
Workstation
World Wide Web Publishing Service
The command completed successfully.
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- --------
The lanmanserver service and those dependant on it stops twice: arnd 12.30am and arnd 5.55pm
i have deleted all the scheduled taks to see if there r the one which causes the service to stop but he problem still persist.
I have run virus scan numerous times and no viruses detected.
the server has 2 network card assigned to diff static ip addresses.
i hope someone can help me.
Thanks!
su
Lastweekend there was a power shutdown in the building therefore, i did a proper shutdown of my DC (windows 2003 server SP1) and web server (windows 2003 SP1 web edition)
Aft i switched on the servers, i receive the following error msg:
--------------------------
information - event id =1004
Reporting queued error: faulting application svchost.exe, version 5.2.3790.1830, faulting module netapi32.dll, version 5.2.3790.1830, fault address 0x0000a2be.
--------------------------
Event Id=1058
Generic Host Process for Win32 Services encountered a problem and needed to close.
then at close to 6pm, none of us in the organisation is able to access the shared folders in the server. The lanmanserver service has been stopped running therefore, the following mgs were logged in the events log:
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945
--------------------------
event id=1030
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
--------------------------
hijackthis log
--------------------------
Logfile of HijackThis v1.99.1
Scan saved at 4:02:50 AM, on 10/2/2006
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\Program Files\SAV\DefWatch.exe
C:\WINDOWS\system32\Dfssvc
C:\WINDOWS\System32\dns.ex
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\inetsr
C:\WINDOWS\system32\CBA\pd
C:\WINDOWS\System32\ismser
f:\PROGRA~1\MICROS~1\MSSQL
C:\WINDOWS\system32\ntfrs.
C:\WINDOWS\System32\snmp.e
C:\Program Files\SAV\Rtvscan.exe
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\lserve
C:\WINDOWS\System32\wins.e
C:\Program Files\RealVNC\VNC4\WinVNC4
C:\Program Files\Common Files\System\MSSearch\Bin\
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SAV\VPTray.exe
C:\Program Files\QNAP\NetBak\NetBak.e
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlma
C:\WINDOWS\system32\oobech
C:\WINDOWS\system32\mshta.
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator.NXG
R1 - HKCU\Software\Microsoft\In
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\VPTray.exe
O4 - HKLM\..\Run: [QNAP_NASNetBak] C:\Program Files\QNAP\NetBak\NetBak.e
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlma
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {6414512B-B978-451D-A0D8-F
O16 - DPF: {6E32070A-766D-4EE6-879C-D
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\Software\..\Telephony
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CS1\Services\T
O17 - HKLM\System\CS2\Services\T
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsnt
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLog
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\SAV\DefWatch.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\CBA\pd
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\SAV\Rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4
--------------------------
net start
--------------------------
These Windows services are started:
Application Experience Lookup Service
Automatic Updates
COM+ Event System
Computer Browser
Cryptographic Services
DCOM Server Process Launcher
DHCP Client
Distributed File System
Distributed Transaction Coordinator
DNS Client
DNS Server
Error Reporting Service
Event Log
File Replication Service
FTP Publishing Service
Help and Support
HTTP SSL
IIS Admin Service
Intel PDS
Intersite Messaging
IPSEC Services
Kerberos Key Distribution Center
Logical Disk Manager
Microsoft Search
MSSQL$NXGEN
Net Logon
Network Connections
Network Location Awareness (NLA)
NT LM Security Support Provider
Plug and Play
Print Spooler
Protected Storage
Remote Access Connection Manager
Remote Procedure Call (RPC)
Remote Registry
Routing and Remote Access
Secondary Logon
Security Accounts Manager
Server
Shell Hardware Detection
SNMP Service
Symantec AntiVirus
Symantec AntiVirus Definition Watcher
System Event Notification
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Terminal Server Licensing
Terminal Services
VNC Server Version 4
Windows Audio
Windows Internet Name Service (WINS)
Windows Management Instrumentation
Windows Time
Wireless Configuration
Workstation
World Wide Web Publishing Service
The command completed successfully.
--------------------------
The lanmanserver service and those dependant on it stops twice: arnd 12.30am and arnd 5.55pm
i have deleted all the scheduled taks to see if there r the one which causes the service to stop but he problem still persist.
I have run virus scan numerous times and no viruses detected.
the server has 2 network card assigned to diff static ip addresses.
i hope someone can help me.
Thanks!
su
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi all,
Managed to solve the problem after installing critical updates.
Thanks!
Managed to solve the problem after installing critical updates.
Thanks!
Excellent!
I think i answered helped resolve this issue
I said
Please try to reinstall SP1, then Please make sure that your server has all security patches install, R
They said
Managed to solve the problem after installing critical updates.
I said
Please try to reinstall SP1, then Please make sure that your server has all security patches install, R
They said
Managed to solve the problem after installing critical updates.
Hi plimpias,
<quote>then Please make sure that your server has all security patches install<quote>
Sorry, I missed that part. Therefore my new recommendation is : accept : plimpias.
Sorry again
Cheers
vsg375
EE Cleanup Volunteer
<quote>then Please make sure that your server has all security patches install<quote>
Sorry, I missed that part. Therefore my new recommendation is : accept : plimpias.
Sorry again
Cheers
vsg375
EE Cleanup Volunteer
Then follow these directions and change the binding order to point to the active nic first,
http://support.microsoft.com/?kbid=894564