Solved

SBS 2003 frozen each morning

Posted on 2009-05-10
12
1,290 Views
Last Modified: 2012-09-26
SBS 2003 system with Windows 2003 server SP2 and Exchange 2003 SP2.

When someone comes into the office first thing, they find they cannot log on to the domain, and on checking the server they find that it has a light grey or black screen, with a mouse cursor showing, but the server appears to be unresponsive, and the mouse doesn't move.  To get things happening again the server is manually rebooted around 8 am.

The last application log before the freeze is informational from WBLOGSVC, at 4:30:10 am and says
"The description for Event ID ( 2004 ) in Source ( WBLOGSVC ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: ." (and there's no following information)

The last few system log entries shown that
3:59:00 am "The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state"  (after being idle for 15 minutes and being suspended)
4:51:34 am "The WinHTTP Web Proxy Auto-Discovery Service service was successfully sent a start control."
4:51:34 am "The WinHTTP Web Proxy Auto-Discovery Service service entered the running state."
-these seem innocent enough.

The last security log entry is a 5:05 am and there's no errors or warnings, but looking back to 4:30 am there's quite a bit of Account Management activity related to sbsmonacct.
Server status and usage reports are set to run at 6 am and 6:30 am respectively.
The collect usage data task is set to start at 4:30 am.
Exchange server database management is set to run from 1 am to 5:00 am

After the server is rebooted there is a problem with the Exchange E00.log file which prevents the exchange databases mounting.
(Application log error from ESE, event 465)
"Information Store (2828) First Storage Group: Corruption was detected during soft recovery in logfile C:\Program Files\Exchsrvr\mdbdata\E00.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 5128 (0x00001408). This logfile has been damaged and is unusable. "

CA Etrust Threat Management with antivirus signature 31.6.6497.0 dated 11 May 09

APC Back-UPS ES550 running APC Powerchute personal edition 2.0.  It shows no blackout, overvoltage, undervoltage or electrical noise events in the last 4 weeks.

Adaptec card with RAID1 showing healthy.
0
Comment
Question by:Tonyfai
12 Comments
 
LVL 42

Expert Comment

by:paulsolov
ID: 24351302
how much space do you have on the drive that houses the information store?  How you do clear the Exchange logs, what backup method are you using?
0
 
LVL 6

Expert Comment

by:automationstation
ID: 24351307
Are you running any tasks at night? like a backup or antivirus scan? If so, try disabling those to see if that is causing the conflict.

Do you have all the latest drivers for the server. When did the freeze begin happening. Was anything added to the server at that time?
0
 
LVL 2

Accepted Solution

by:
asethi19 earned 500 total points
ID: 24351321
you get this kind of error is the exchange cannot manage the log files anymore. This is happening the exchange server is moving to a new file for logging.

If you backup the exchange server even to local hdd it will get rid of all the log entries (even the ones stuck in a circular loop) and that should resolve your problem.
0
 

Author Comment

by:Tonyfai
ID: 24351446
Paulsolov:
232 Gb freespace on c: where the information store is housed.  It's a small business with only 5 clients.

Exchange logs are normally cleared with a weekly normal backup using ntbackup.  Except in the case of the error with the E00.log file, where replaying the log files is interrupted by the corruption of the E00.log file, well, as the priv1.edb and pub1.edb files were in clean shutdown, I just deleted all the non-edb files in the c:\program files\mdbdata directory (after backing them up).  Seems to have preserved recent emails.

Automationstation:
Tasks at night as mentioned in my original post, plus shadowcopy at 7am and 12 pm every day
backukp at 11pm every Sunday as above.

I think the server is up to date, but I haven't checked every single driver.  Freeze began happening shortly after configuration of this machine was complete (its predecessor got hit by lighting), so plenty of things got added at that time...  do you have any specific suggestions?

asethi19:
I did a backup of exchange server on Friday and the latest freeze happened on Saturday morning sometime between 4:30 and well, 8am on Monday but pretty sure the problem originated between 4:30 am and 5am because the logs peter out at 5 as I described above.

While I've been waiting for a response I have expanded the exclusions in ETrust Threat Management to include many more directories as per http://www.tech-archive.net/Archive/Windows/microsoft.public.windows.server.general/2007-12/msg01131.html, and sought advice from CA as to what the exemptions should be.

- Tony

0
 

Author Comment

by:Tonyfai
ID: 24359619
Update 8:15 am my time:
Server is up and healthy.  I think the antivirus exemptions did it. But I'll wait till tomorrow morning to be sure.
0
 

Author Comment

by:Tonyfai
ID: 24411094
Server ran fine up until this weekend.  It was frozen on Monday morning.  Still havent figured out why, but I'm betting it's not the same issue.  So I think Aesthi19 was closest, I think the Exchange was being interfered with by E-Trust threat management so I'm giving him the points.

Tony.
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 

Expert Comment

by:remedina8
ID: 35199747
I am experiencing a similar issue where the server locks up every day at the same time. I too see the same last 3 entries every time before the failure. I am disabling the service today and will let you know how it goes.
0
 

Expert Comment

by:remedina8
ID: 35199759
Apologies... the service I am referring to is:
WINHTTP WEB PROXY AUTO DISCOVERY SERVICE
0
 

Author Comment

by:Tonyfai
ID: 35212454
remedina8 are you using E-Trust threat management, or another antivirus on the server, and have you excluded the directory (I think its c:\program files\exchsrvr\MDBDATA) from all scanning?
0
 

Author Comment

by:Tonyfai
ID: 35212460
Also, in the c:\program files\exchsrvr\MDBDATA folder how many .log files do you see?
0
 

Expert Comment

by:remedina8
ID: 35214957
I am not using E-Trust TM. Also, I should have been a bit clearer, this is not occurring on a Exchange Sever, but a standard F&P WIN2K3 R2 Server. Looks like this thread is mostly for the exchange issue. I share the issue of what seems to be network congestion or something to that effect. I was interested in this thread because the issue described a loss of network connectivity approx the same time every day with the same few event log entries that I have before the failure. I have started a seperate thread to discsuss this issue but wanted to query those on this one to see if a resolution was discovered... I am desperate! ;)

0
 

Author Comment

by:Tonyfai
ID: 35227994
Well the short of it was that the antivirus wasn't installed with necessary exclusions, and was interfering with windows to the extent that the server crashed every night.  I'm not sure exactly which bit of windows though.
0

Featured Post

Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A lot of problems and solutions are available on the net for the error message "Source server does not meet minimum requirements for migration" while performing a migration from Small Business Server 2003 to SBS 2008. This error pops up just before …
This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008. You will need the following: Exchange Best Practice Analyzer: http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-…
This is a video describing the growing solar energy use in Utah. This is a topic that greatly interests me and so I decided to produce a video about it.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now