Solved

Windows Server 2003 event id 2001 &2003 Shadow copy causing firewall svc to crash

Posted on 2010-08-25
11
2,622 Views
Last Modified: 2013-11-16
Please help!!

I am working with windows server 2003 and isa server 2004 about a week ago the firewall sevice started crashing mysteriously after daily reboots.

The first error is usually "The ISA Server Web filter failed to log information to file ISALOG_20100824_WEB_000.w3c in path E:\ISALogs\Web Proxy. The data is the error code."

Followed by "The Firewall service stopped because an application filter module C:\WINNT\system32\msvcrt.dll generated an exception code C0000005 in address 77BC6F76 when function CompleteAsyncConnect was called. To resolve this error, remove recently installed application filters and restart the service."

After that a bunch of cannot write to cache errors.

At first i believed it to be a problem with the urlcache so i deleted it and it recreated itself.
-no dice

 I know that if it cannot log the firewall stops. I made the isalogs an exception in the anti-virus scan. Then i realized that the logs were over the size limit so i increased the size limit and made the logs delete after 3 days which got the size down plenty.  I thought the problem was solved because it went away for a couple of days then returned.

Then one of my coworkers noticed a trend of information events before every single crash.

1. Event ID 2001: lsass (512) Shadow copy 2 freeze started.  -Source ESENT
2. Event ID 2001: wins (3176) Shadow copy 2 freeze started. -Source ESENT
3. Event ID 2003: lsass (512) Shadow copy 2 freeze stopped. -Source ESENT
4. Event ID 2003: wins (3176) Shadow copy 2 freeze stopped.-Source ESENT

Then the crash

Im in the military and I'm sure our servers aren't set up 100% properly. I've been working with computers for quite some time but am very new on servers. So please explain solutions so i can understand.

Thank-you very much!!

V/R
josefah
USN
0
Comment
Question by:Josef Al-Chacar
11 Comments
 
LVL 4

Expert Comment

by:vickzz
ID: 33519100
Check your cache and disable it for a while. Try to start the service and monitor. Once it's up you can restart the cache.
0
 
LVL 2

Expert Comment

by:aimcitp
ID: 33522988
Disable shadow copy?
0
 
LVL 3

Author Comment

by:Josef Al-Chacar
ID: 33523156
I already disabled the cache and re enabled it..

I have not disabled shadow copy i will try this

-Thank you-
0
 
LVL 3

Author Comment

by:Josef Al-Chacar
ID: 33534094
Yeah disabling shadow copy only caused VCC errors. the firewall shut down still. I noticed that the shadow copy service was set to automatic but did not start im gonna try and start it and see what happens.  
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 33539462
What backup software are you using for the server and are you backing up the URLCACHE during the backup?
Does the ISA server crash around the time the backup is running?
If so, please exclude the URLCACHE directory from the backup and see if that improves the situation.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 3

Author Comment

by:Josef Al-Chacar
ID: 33539518
Hmmm...i haven't thought of this.

I thought i tried every thing. Starting to get worried. But it does crash around backup time right after nightly reboots.

We use Veritas 10.0 to perform backups.

-Thank You-

I will respond later tonight i work the night shift but thats when we have maintenance hours so ill let you know what happens.

0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 33539594
There is a known issue with a number of backup products that causes the Extensible Storage Engine (ESENT) to crash.  Make sure all Windows and 3rd party products are upto
0
 
LVL 3

Author Comment

by:Josef Al-Chacar
ID: 33547462
So far so good. Backups are commenced normally and no errors...so far. Its been an hour and a half.

I'm gonna try this over the next few days and see what happens

-thank you both-

V/R
josefah



 
0
 
LVL 3

Author Comment

by:Josef Al-Chacar
ID: 33551031
Its is good today also. One more day with no errors and I'll consider this one solved.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33551125
: )
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now