Windows Server 2003 event id 2001 &2003 Shadow copy causing firewall svc to crash
Posted on 2010-08-25
I am working with windows server 2003 and isa server 2004 about a week ago the firewall sevice started crashing mysteriously after daily reboots.
The first error is usually "The ISA Server Web filter failed to log information to file ISALOG_20100824_WEB_000.w3c in path E:\ISALogs\Web Proxy. The data is the error code."
Followed by "The Firewall service stopped because an application filter module C:\WINNT\system32\msvcrt.dll generated an exception code C0000005 in address 77BC6F76 when function CompleteAsyncConnect was called. To resolve this error, remove recently installed application filters and restart the service."
After that a bunch of cannot write to cache errors.
At first i believed it to be a problem with the urlcache so i deleted it and it recreated itself.
I know that if it cannot log the firewall stops. I made the isalogs an exception in the anti-virus scan. Then i realized that the logs were over the size limit so i increased the size limit and made the logs delete after 3 days which got the size down plenty. I thought the problem was solved because it went away for a couple of days then returned.
Then one of my coworkers noticed a trend of information events before every single crash.
1. Event ID 2001: lsass (512) Shadow copy 2 freeze started. -Source ESENT
2. Event ID 2001: wins (3176) Shadow copy 2 freeze started. -Source ESENT
3. Event ID 2003: lsass (512) Shadow copy 2 freeze stopped. -Source ESENT
4. Event ID 2003: wins (3176) Shadow copy 2 freeze stopped.-Source ESENT
Then the crash
Im in the military and I'm sure our servers aren't set up 100% properly. I've been working with computers for quite some time but am very new on servers. So please explain solutions so i can understand.
Thank-you very much!!