Solved

iexplore.exe and firefox.exe leak memory in RDP sessions on Windows Server 2003

Posted on 2011-03-09
14
3,098 Views
Last Modified: 2013-11-21
Server running Windows Server 2003 Standard, SP2, with Terminal Services installed in application mode. IE8 and Firefox installed. From the desktop of the server, IE8 and Firefox open and operate normally.
But if you open either IE8 or Firefox from inside a terminal services session, the pgm opens normally. IE8 opens 2 iexplore.exe processes. But if you watch the processes in task manager, the memory usage continues to climb, even though I am doing nothing within IE or Firefox.
So far, I have tried uninstalling and reinstalling IE8 and scanning with malwarebytes and with Vipre. Each has found 3-5 different infections and quarantined them, but the behavior continues. What I found interesting is that 2 different browsers exhibit the same behavior, but neither misbehaves when run on the server desktop. I have deleted a profile, then logged back in with the same account, allowed the system recreate the profile, but the problem persists.

Has anyone ever seen this before or can someone suggest a resolution?

Thanks.
0
Comment
Question by:ClydeB
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
  • +1
14 Comments
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 35090928
sounds like an issue with browser plug in. Try to disable all Add-on and see if the issue still exist
0
 
LVL 5

Expert Comment

by:nazg82
ID: 35137604
Does anyone have a solution yet?

Disabled all browser plugins but the problem still exists.
Thanks!
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 35142364
is the page that you open using Flash?

what processor and cpu are using on the server?
0
Raise the IQ of Your IT Alerts

From IT major incidents to manufacturing line slowdowns, every business process generates insights that need to reach the people required to take action. You need a platform that integrates with your business tools to create fully enabled DevOps toolchains.

You need xMatters.

 
LVL 5

Expert Comment

by:nazg82
ID: 35146563
It happens even on the about:blank page. Also when we start Internet Explorer without addons, it will consume memory. Same thing happens to firefox.

CPU is Intel Xeon quad core 2,2 Ghz.
0
 

Expert Comment

by:IC-Automatisering
ID: 35149083
I have the exact same problem, as a workaround i installed google chrome that does not have the problem. Did you come with a solution yet?
0
 

Author Comment

by:ClydeB
ID: 35161316
No solution yet. I appreciate all of the observations. We have opened an incident with Microsoft and have engaged the IE team on this. Still sending tons of dump files for their analysis.
What is really weird is why does it only occur in the TS sessions? And why with both IE and Firefox? On the desktop, IE works fine.
I will try Chrome.
0
 

Expert Comment

by:IC-Automatisering
ID: 35163146
I agree, i even tried a portable versions of firefox with the same effect. Our client (a small firm with only 7 users) has installed Google chrome for each seperate user. The use Chrome without any problems. Ofcourse this is a workaround so the client can resume normal operations.
The Windows 2003 EE SP2 terminal server is fully patched and both Eset Business Edititon and Malware byte detect no threads. Because it only occurs in a TS session and not on the console itself i do not think it is virus or malware.
0
 
LVL 5

Expert Comment

by:nazg82
ID: 35205192

Anyone?
0
 

Expert Comment

by:IC-Automatisering
ID: 35366793
Did Microsoft found a cause of the problem in the dump files you send for analysis yet?
0
 

Author Comment

by:ClydeB
ID: 35366830
We have sent them dump files and they have turned us over to their Antivirus team. We have basically given up, and will be going in this weekend, wiping the server, reinstalling the OS, and reinstalling all applications.
0
 
LVL 5

Expert Comment

by:nazg82
ID: 35418095
Hi folks,

we are on to something! If it all works, i'll post te solution tonight!

0
 
LVL 5

Accepted Solution

by:
nazg82 earned 500 total points
ID: 35418485
Okay guys,

First we drink a vodka, then we apply the solution. :)

Open your task manager. Search for all the processes with the name rundll.exe and kill them all.
Now startup Internet Explorer. Is your memory leak gone? Yes? Then read on!

open command prompt on the terminal server and goto c:\windows\tasks.
type: dir<enter>
then type: dir *.* /ah<enter>
Do you see any difference? Yes? Great, read on.

In our situation there was a hidden file called emeigww.job. This job started the rundll.exe and was also causing the memory leak.
This file cannot be deleted by the DEL command. So download jt.zip from the microsoft FTP server.
Extract jt.exe to the local C: drive of the terminal server. type the following command: jt.exe /sd c:\windows\tasks\the_Hidden_jobfile
Reboot your terminal server.
0
 

Expert Comment

by:IC-Automatisering
ID: 35431702
Hi, i first applied the solution and tested it before the vodka.

In our situation we had a hidden file called ssjn.job. After i removed the job with jt.exe and rebooted the server the users are able to browse with IE again and no memory leak!.
Sad to see the users stop using Google Chrome, it saved us from reinstallling the server and gave us time to wait for a solution.
Just to be curious, how did you came up with this solution??

The bottle of vodka is now empty :-)
0
 

Author Closing Comment

by:ClydeB
ID: 35432185
You are THE MAN! We were headed to this site this weekend to wipe their server and do a complete re-install. Once again, you have proven the value of Peer Power!

Thank you !
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question