Solved

SBS2003 Random Lockups.

Posted on 2007-11-27
7
507 Views
Last Modified: 2013-12-09
Client server locks up randomly - there is no pattern to this and it could happen once or 4 times in one day, sometimes it doesn't happen at all.

NEW hardware (quad core processor/4gb memory/R5 array), Windows Small Business Server 2003, fully patched.  I hope I'm not answering my own question here but I have the newest release from Symantec, SEPP11.0.  I'm not crazy about it and have followed the proper instructions to get it up and running.  I've reviewed its logs and nothing is reported there.

When server locks up, there are no helpful solutions in the windows event log except the following:
 - 1030 / Group Policy
 - 1058 / userenv
 - 1074 / user32 (nothing listed)

I'm going bananas trying to diagnose this. I've researched for a while and modified the network card from Automatic to 100mb/FD.  I'm not sure if that helped, but others had success with it.

This is kind of random - but your thoughts/ideas are appreciated.

TIA - Steve
0
Comment
Question by:sdeblock
  • 3
  • 2
  • 2
7 Comments
 
LVL 66

Expert Comment

by:johnb6767
ID: 20360517
When it locks up, are the CAPS ad NUM locks responding?

Have you run a test on the RAM?

How do you recover from it, full power down, or does it eventually come back?
0
 

Author Comment

by:sdeblock
ID: 20361043
When it locks up it does the following:
 - Num/Cap locks ok
 - It takes 5 minutes to login to the server locally w/ admin account
 - Network users can not access the server

No test on the memory.  To reboot it, I go through the standard windows reboot procedures, no power button or plugs pulled.
0
 
LVL 9

Expert Comment

by:dreamyguy
ID: 20361084
what do u mean by "lock ups"?
what do u do to resolve the lock ups, reboot the machine or does it unfreeze automatially on its own?
did u notice anything in the task manager? any process spiking the cpu or consuming lot of ram?
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 66

Accepted Solution

by:
johnb6767 earned 125 total points
ID: 20361090
Sounds like a massive drain on CPU resources....

Process Explorer for Windows v10.21
http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx

Double click the offending file. If it is a svchost.exe, then Select the Services Tab. Please list what services are in that svchost.exe.

Then Select the Threads tab, and see what .exe or .dll is using the CPU, and then select it by double clicking it....and copying/pasting the call stack here.....

Let it sit and look to the graph on the right for some clues....

What I would also be curious to see is the Interupts, and the DPC's in Process Explorer. If thats what is using the CPU (not seeen in the Task manager), then you have either a HW problem, or a Driver problem. Since the Live CD worked ok, I would say the HW is probably ok.
0
 
LVL 9

Assisted Solution

by:dreamyguy
dreamyguy earned 125 total points
ID: 20361101
id also suggest enabling userenv logging as per MS KB 221833 and then uploading the logs to www.ee-stuff.com
0
 

Author Comment

by:sdeblock
ID: 20362460
Another note:
 - 2.0ghz, intel Quad Core Processor.
 - 29% of it is constantly in use with the new rockstar version of SEPP 11.0

Per other questions:
 - When the server (from a user side) appears to lockup, all network resources are un-available.  It takes approximately 5-7 minutes to locally log onto the server.  There are no process or memory problems outside of what is listed above.

 - I'm going to check out the userenv logging per the note above.
 - I'm also going to yank SEPP11.0 and replace it with SAVCE10.x which I have never had any trouble with.
0
 

Author Comment

by:sdeblock
ID: 20377172
It looks as though the problem was Symantec End Point Protection 11.0.  I pulled it off, cleaned out any remaining files and installed SAVCE 10.x.  That seems to have stabalized the situation.  This is exactly why a majority of my clients are running Panda Security now, symantec is absolutely killing me!

Thanks for all your notes on this problem - you're all winners!

Steve
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now