DCOMRPC service stuck in starting phase, server service failing
Hello,
I have a windows 2003 server whose primary purpose is a backup mail server (domino 6.5.4) and desktop authority. Recently, the server service has been failing almost daily and the server has to be rebooted in order for it to function properly again.
On some closer inspection, it appears that a service called DcomRpc is stuck in the starting phase (event viewer has an error event which says it hung on starting) .
-------------------
Event-
Source: Service Control Manager
Event ID: 7022
Desc: The DcomRpc process Launcher for Remote Procedure Call(RPC) service hung on starting.
Service Details -
Service Name: DcomRpc
Desc: Provides Service for DcomRpc process Launcher for Remote Procedure Call(RPC)
Path to exec: C:\WINDOWS\System32\svchos
Startup: Automatic
-----------------------
WMI might fail at some point later, and server service too. I have not yet determined if the server service fails after a set number of hours, but it only appears random at the moment.
First thing I need to determine is if there is some Malware or virus at work. Preliminary scans have come up clean so far.
Thanks in advance!
I have a windows 2003 server whose primary purpose is a backup mail server (domino 6.5.4) and desktop authority. Recently, the server service has been failing almost daily and the server has to be rebooted in order for it to function properly again.
On some closer inspection, it appears that a service called DcomRpc is stuck in the starting phase (event viewer has an error event which says it hung on starting) .
-------------------
Event-
Source: Service Control Manager
Event ID: 7022
Desc: The DcomRpc process Launcher for Remote Procedure Call(RPC) service hung on starting.
Service Details -
Service Name: DcomRpc
Desc: Provides Service for DcomRpc process Launcher for Remote Procedure Call(RPC)
Path to exec: C:\WINDOWS\System32\svchos
Startup: Automatic
-----------------------
WMI might fail at some point later, and server service too. I have not yet determined if the server service fails after a set number of hours, but it only appears random at the moment.
First thing I need to determine is if there is some Malware or virus at work. Preliminary scans have come up clean so far.
Thanks in advance!
ASKER
Apologies for the delayed response. The server had a rootkit which was causing the problems. Once the rk was discovered, it was cleaned and all malware/viruses removed.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
- Is your service up to date with regards to Patches & hot fixes ?
- Please post a hijack this log here .