Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2751
  • Last Modified:

Windows Server 2003 event id 2001 &2003 Shadow copy causing firewall svc to crash

Please help!!

I am working with windows server 2003 and isa server 2004 about a week ago the firewall sevice started crashing mysteriously after daily reboots.

The first error is usually "The ISA Server Web filter failed to log information to file ISALOG_20100824_WEB_000.w3c in path E:\ISALogs\Web Proxy. The data is the error code."

Followed by "The Firewall service stopped because an application filter module C:\WINNT\system32\msvcrt.dll generated an exception code C0000005 in address 77BC6F76 when function CompleteAsyncConnect was called. To resolve this error, remove recently installed application filters and restart the service."

After that a bunch of cannot write to cache errors.

At first i believed it to be a problem with the urlcache so i deleted it and it recreated itself.
-no dice

 I know that if it cannot log the firewall stops. I made the isalogs an exception in the anti-virus scan. Then i realized that the logs were over the size limit so i increased the size limit and made the logs delete after 3 days which got the size down plenty.  I thought the problem was solved because it went away for a couple of days then returned.

Then one of my coworkers noticed a trend of information events before every single crash.

1. Event ID 2001: lsass (512) Shadow copy 2 freeze started.  -Source ESENT
2. Event ID 2001: wins (3176) Shadow copy 2 freeze started. -Source ESENT
3. Event ID 2003: lsass (512) Shadow copy 2 freeze stopped. -Source ESENT
4. Event ID 2003: wins (3176) Shadow copy 2 freeze stopped.-Source ESENT

Then the crash

Im in the military and I'm sure our servers aren't set up 100% properly. I've been working with computers for quite some time but am very new on servers. So please explain solutions so i can understand.

Thank-you very much!!

V/R
josefah
USN
0
Josef Al-Chacar
Asked:
Josef Al-Chacar
1 Solution
 
vickzzCommented:
Check your cache and disable it for a while. Try to start the service and monitor. Once it's up you can restart the cache.
0
 
aimcitpCommented:
Disable shadow copy?
0
 
Josef Al-ChacarAuthor Commented:
I already disabled the cache and re enabled it..

I have not disabled shadow copy i will try this

-Thank you-
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
Josef Al-ChacarAuthor Commented:
Yeah disabling shadow copy only caused VCC errors. the firewall shut down still. I noticed that the shadow copy service was set to automatic but did not start im gonna try and start it and see what happens.  
0
 
Alan HardistyCommented:
What backup software are you using for the server and are you backing up the URLCACHE during the backup?
Does the ISA server crash around the time the backup is running?
If so, please exclude the URLCACHE directory from the backup and see if that improves the situation.
0
 
Josef Al-ChacarAuthor Commented:
Hmmm...i haven't thought of this.

I thought i tried every thing. Starting to get worried. But it does crash around backup time right after nightly reboots.

We use Veritas 10.0 to perform backups.

-Thank You-

I will respond later tonight i work the night shift but thats when we have maintenance hours so ill let you know what happens.

0
 
Glen KnightCommented:
There is a known issue with a number of backup products that causes the Extensible Storage Engine (ESENT) to crash.  Make sure all Windows and 3rd party products are upto
0
 
Josef Al-ChacarAuthor Commented:
So far so good. Backups are commenced normally and no errors...so far. Its been an hour and a half.

I'm gonna try this over the next few days and see what happens

-thank you both-

V/R
josefah



 
0
 
Josef Al-ChacarAuthor Commented:
Its is good today also. One more day with no errors and I'll consider this one solved.
0
 
Alan HardistyCommented:
: )
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now