Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

iexplore.exe and firefox.exe leak memory in RDP sessions on Windows Server 2003

Posted on 2011-03-09
14
Medium Priority
?
3,127 Views
Last Modified: 2013-11-21
Server running Windows Server 2003 Standard, SP2, with Terminal Services installed in application mode. IE8 and Firefox installed. From the desktop of the server, IE8 and Firefox open and operate normally.
But if you open either IE8 or Firefox from inside a terminal services session, the pgm opens normally. IE8 opens 2 iexplore.exe processes. But if you watch the processes in task manager, the memory usage continues to climb, even though I am doing nothing within IE or Firefox.
So far, I have tried uninstalling and reinstalling IE8 and scanning with malwarebytes and with Vipre. Each has found 3-5 different infections and quarantined them, but the behavior continues. What I found interesting is that 2 different browsers exhibit the same behavior, but neither misbehaves when run on the server desktop. I have deleted a profile, then logged back in with the same account, allowed the system recreate the profile, but the problem persists.

Has anyone ever seen this before or can someone suggest a resolution?

Thanks.
0
Comment
Question by:ClydeB
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
  • +1
14 Comments
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 35090928
sounds like an issue with browser plug in. Try to disable all Add-on and see if the issue still exist
0
 
LVL 5

Expert Comment

by:nazg82
ID: 35137604
Does anyone have a solution yet?

Disabled all browser plugins but the problem still exists.
Thanks!
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 35142364
is the page that you open using Flash?

what processor and cpu are using on the server?
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
LVL 5

Expert Comment

by:nazg82
ID: 35146563
It happens even on the about:blank page. Also when we start Internet Explorer without addons, it will consume memory. Same thing happens to firefox.

CPU is Intel Xeon quad core 2,2 Ghz.
0
 

Expert Comment

by:IC-Automatisering
ID: 35149083
I have the exact same problem, as a workaround i installed google chrome that does not have the problem. Did you come with a solution yet?
0
 

Author Comment

by:ClydeB
ID: 35161316
No solution yet. I appreciate all of the observations. We have opened an incident with Microsoft and have engaged the IE team on this. Still sending tons of dump files for their analysis.
What is really weird is why does it only occur in the TS sessions? And why with both IE and Firefox? On the desktop, IE works fine.
I will try Chrome.
0
 

Expert Comment

by:IC-Automatisering
ID: 35163146
I agree, i even tried a portable versions of firefox with the same effect. Our client (a small firm with only 7 users) has installed Google chrome for each seperate user. The use Chrome without any problems. Ofcourse this is a workaround so the client can resume normal operations.
The Windows 2003 EE SP2 terminal server is fully patched and both Eset Business Edititon and Malware byte detect no threads. Because it only occurs in a TS session and not on the console itself i do not think it is virus or malware.
0
 
LVL 5

Expert Comment

by:nazg82
ID: 35205192

Anyone?
0
 

Expert Comment

by:IC-Automatisering
ID: 35366793
Did Microsoft found a cause of the problem in the dump files you send for analysis yet?
0
 

Author Comment

by:ClydeB
ID: 35366830
We have sent them dump files and they have turned us over to their Antivirus team. We have basically given up, and will be going in this weekend, wiping the server, reinstalling the OS, and reinstalling all applications.
0
 
LVL 5

Expert Comment

by:nazg82
ID: 35418095
Hi folks,

we are on to something! If it all works, i'll post te solution tonight!

0
 
LVL 5

Accepted Solution

by:
nazg82 earned 2000 total points
ID: 35418485
Okay guys,

First we drink a vodka, then we apply the solution. :)

Open your task manager. Search for all the processes with the name rundll.exe and kill them all.
Now startup Internet Explorer. Is your memory leak gone? Yes? Then read on!

open command prompt on the terminal server and goto c:\windows\tasks.
type: dir<enter>
then type: dir *.* /ah<enter>
Do you see any difference? Yes? Great, read on.

In our situation there was a hidden file called emeigww.job. This job started the rundll.exe and was also causing the memory leak.
This file cannot be deleted by the DEL command. So download jt.zip from the microsoft FTP server.
Extract jt.exe to the local C: drive of the terminal server. type the following command: jt.exe /sd c:\windows\tasks\the_Hidden_jobfile
Reboot your terminal server.
0
 

Expert Comment

by:IC-Automatisering
ID: 35431702
Hi, i first applied the solution and tested it before the vodka.

In our situation we had a hidden file called ssjn.job. After i removed the job with jt.exe and rebooted the server the users are able to browse with IE again and no memory leak!.
Sad to see the users stop using Google Chrome, it saved us from reinstallling the server and gave us time to wait for a solution.
Just to be curious, how did you came up with this solution??

The bottle of vodka is now empty :-)
0
 

Author Closing Comment

by:ClydeB
ID: 35432185
You are THE MAN! We were headed to this site this weekend to wipe their server and do a complete re-install. Once again, you have proven the value of Peer Power!

Thank you !
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is my 3rd article on SCCM in recent weeks, the 1st (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_4466-A-beginners-guide-to-installing-SCCM2007-on-Windows-2008-R2-Server.html) dealing with installat…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question