Solved

Windows Server 2003 event id 2001 &2003 Shadow copy causing firewall svc to crash

Posted on 2010-08-25
11
2,681 Views
Last Modified: 2013-11-16
Please help!!

I am working with windows server 2003 and isa server 2004 about a week ago the firewall sevice started crashing mysteriously after daily reboots.

The first error is usually "The ISA Server Web filter failed to log information to file ISALOG_20100824_WEB_000.w3c in path E:\ISALogs\Web Proxy. The data is the error code."

Followed by "The Firewall service stopped because an application filter module C:\WINNT\system32\msvcrt.dll generated an exception code C0000005 in address 77BC6F76 when function CompleteAsyncConnect was called. To resolve this error, remove recently installed application filters and restart the service."

After that a bunch of cannot write to cache errors.

At first i believed it to be a problem with the urlcache so i deleted it and it recreated itself.
-no dice

 I know that if it cannot log the firewall stops. I made the isalogs an exception in the anti-virus scan. Then i realized that the logs were over the size limit so i increased the size limit and made the logs delete after 3 days which got the size down plenty.  I thought the problem was solved because it went away for a couple of days then returned.

Then one of my coworkers noticed a trend of information events before every single crash.

1. Event ID 2001: lsass (512) Shadow copy 2 freeze started.  -Source ESENT
2. Event ID 2001: wins (3176) Shadow copy 2 freeze started. -Source ESENT
3. Event ID 2003: lsass (512) Shadow copy 2 freeze stopped. -Source ESENT
4. Event ID 2003: wins (3176) Shadow copy 2 freeze stopped.-Source ESENT

Then the crash

Im in the military and I'm sure our servers aren't set up 100% properly. I've been working with computers for quite some time but am very new on servers. So please explain solutions so i can understand.

Thank-you very much!!

V/R
josefah
USN
0
Comment
Question by:Josef Al-Chacar
11 Comments
 
LVL 4

Expert Comment

by:vickzz
ID: 33519100
Check your cache and disable it for a while. Try to start the service and monitor. Once it's up you can restart the cache.
0
 
LVL 2

Expert Comment

by:aimcitp
ID: 33522988
Disable shadow copy?
0
 
LVL 3

Author Comment

by:Josef Al-Chacar
ID: 33523156
I already disabled the cache and re enabled it..

I have not disabled shadow copy i will try this

-Thank you-
0
Register Today - IoT Current and Future Threats

Are you prepared to protect your organization from current and future IoT Threats?  Join our Wi-Fi expert in episode three of our webinar series for a look at the current state of Wi-Fi IoT and what may lie ahead. Register for our live webinar on April 20th at 9 am PDT!

 
LVL 3

Author Comment

by:Josef Al-Chacar
ID: 33534094
Yeah disabling shadow copy only caused VCC errors. the firewall shut down still. I noticed that the shadow copy service was set to automatic but did not start im gonna try and start it and see what happens.  
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 33539462
What backup software are you using for the server and are you backing up the URLCACHE during the backup?
Does the ISA server crash around the time the backup is running?
If so, please exclude the URLCACHE directory from the backup and see if that improves the situation.
0
 
LVL 3

Author Comment

by:Josef Al-Chacar
ID: 33539518
Hmmm...i haven't thought of this.

I thought i tried every thing. Starting to get worried. But it does crash around backup time right after nightly reboots.

We use Veritas 10.0 to perform backups.

-Thank You-

I will respond later tonight i work the night shift but thats when we have maintenance hours so ill let you know what happens.

0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 33539594
There is a known issue with a number of backup products that causes the Extensible Storage Engine (ESENT) to crash.  Make sure all Windows and 3rd party products are upto
0
 
LVL 3

Author Comment

by:Josef Al-Chacar
ID: 33547462
So far so good. Backups are commenced normally and no errors...so far. Its been an hour and a half.

I'm gonna try this over the next few days and see what happens

-thank you both-

V/R
josefah



 
0
 
LVL 3

Author Comment

by:Josef Al-Chacar
ID: 33551031
Its is good today also. One more day with no errors and I'll consider this one solved.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33551125
: )
0

Featured Post

Backup Solution for AWS

Read about how CloudBerry Backup fully integrates your backups with Amazon S3 and Amazon Glacier to provide military-grade encryption and dramatically cut storage costs on any platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question