Solved

Windows Server 2003 event id 2001 &2003 Shadow copy causing firewall svc to crash

Posted on 2010-08-25
11
2,709 Views
Last Modified: 2013-11-16
Please help!!

I am working with windows server 2003 and isa server 2004 about a week ago the firewall sevice started crashing mysteriously after daily reboots.

The first error is usually "The ISA Server Web filter failed to log information to file ISALOG_20100824_WEB_000.w3c in path E:\ISALogs\Web Proxy. The data is the error code."

Followed by "The Firewall service stopped because an application filter module C:\WINNT\system32\msvcrt.dll generated an exception code C0000005 in address 77BC6F76 when function CompleteAsyncConnect was called. To resolve this error, remove recently installed application filters and restart the service."

After that a bunch of cannot write to cache errors.

At first i believed it to be a problem with the urlcache so i deleted it and it recreated itself.
-no dice

 I know that if it cannot log the firewall stops. I made the isalogs an exception in the anti-virus scan. Then i realized that the logs were over the size limit so i increased the size limit and made the logs delete after 3 days which got the size down plenty.  I thought the problem was solved because it went away for a couple of days then returned.

Then one of my coworkers noticed a trend of information events before every single crash.

1. Event ID 2001: lsass (512) Shadow copy 2 freeze started.  -Source ESENT
2. Event ID 2001: wins (3176) Shadow copy 2 freeze started. -Source ESENT
3. Event ID 2003: lsass (512) Shadow copy 2 freeze stopped. -Source ESENT
4. Event ID 2003: wins (3176) Shadow copy 2 freeze stopped.-Source ESENT

Then the crash

Im in the military and I'm sure our servers aren't set up 100% properly. I've been working with computers for quite some time but am very new on servers. So please explain solutions so i can understand.

Thank-you very much!!

V/R
josefah
USN
0
Comment
Question by:Josef Al-Chacar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 4

Expert Comment

by:vickzz
ID: 33519100
Check your cache and disable it for a while. Try to start the service and monitor. Once it's up you can restart the cache.
0
 
LVL 2

Expert Comment

by:aimcitp
ID: 33522988
Disable shadow copy?
0
 
LVL 3

Author Comment

by:Josef Al-Chacar
ID: 33523156
I already disabled the cache and re enabled it..

I have not disabled shadow copy i will try this

-Thank you-
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 3

Author Comment

by:Josef Al-Chacar
ID: 33534094
Yeah disabling shadow copy only caused VCC errors. the firewall shut down still. I noticed that the shadow copy service was set to automatic but did not start im gonna try and start it and see what happens.  
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 33539462
What backup software are you using for the server and are you backing up the URLCACHE during the backup?
Does the ISA server crash around the time the backup is running?
If so, please exclude the URLCACHE directory from the backup and see if that improves the situation.
0
 
LVL 3

Author Comment

by:Josef Al-Chacar
ID: 33539518
Hmmm...i haven't thought of this.

I thought i tried every thing. Starting to get worried. But it does crash around backup time right after nightly reboots.

We use Veritas 10.0 to perform backups.

-Thank You-

I will respond later tonight i work the night shift but thats when we have maintenance hours so ill let you know what happens.

0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 33539594
There is a known issue with a number of backup products that causes the Extensible Storage Engine (ESENT) to crash.  Make sure all Windows and 3rd party products are upto
0
 
LVL 3

Author Comment

by:Josef Al-Chacar
ID: 33547462
So far so good. Backups are commenced normally and no errors...so far. Its been an hour and a half.

I'm gonna try this over the next few days and see what happens

-thank you both-

V/R
josefah



 
0
 
LVL 3

Author Comment

by:Josef Al-Chacar
ID: 33551031
Its is good today also. One more day with no errors and I'll consider this one solved.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33551125
: )
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question