Solved

iexplore.exe and firefox.exe leak memory in RDP sessions on Windows Server 2003

Posted on 2011-03-09
14
3,036 Views
Last Modified: 2013-11-21
Server running Windows Server 2003 Standard, SP2, with Terminal Services installed in application mode. IE8 and Firefox installed. From the desktop of the server, IE8 and Firefox open and operate normally.
But if you open either IE8 or Firefox from inside a terminal services session, the pgm opens normally. IE8 opens 2 iexplore.exe processes. But if you watch the processes in task manager, the memory usage continues to climb, even though I am doing nothing within IE or Firefox.
So far, I have tried uninstalling and reinstalling IE8 and scanning with malwarebytes and with Vipre. Each has found 3-5 different infections and quarantined them, but the behavior continues. What I found interesting is that 2 different browsers exhibit the same behavior, but neither misbehaves when run on the server desktop. I have deleted a profile, then logged back in with the same account, allowed the system recreate the profile, but the problem persists.

Has anyone ever seen this before or can someone suggest a resolution?

Thanks.
0
Comment
Question by:ClydeB
  • 5
  • 4
  • 3
  • +1
14 Comments
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 35090928
sounds like an issue with browser plug in. Try to disable all Add-on and see if the issue still exist
0
 
LVL 5

Expert Comment

by:nazg82
ID: 35137604
Does anyone have a solution yet?

Disabled all browser plugins but the problem still exists.
Thanks!
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 35142364
is the page that you open using Flash?

what processor and cpu are using on the server?
0
 
LVL 5

Expert Comment

by:nazg82
ID: 35146563
It happens even on the about:blank page. Also when we start Internet Explorer without addons, it will consume memory. Same thing happens to firefox.

CPU is Intel Xeon quad core 2,2 Ghz.
0
 

Expert Comment

by:IC-Automatisering
ID: 35149083
I have the exact same problem, as a workaround i installed google chrome that does not have the problem. Did you come with a solution yet?
0
 

Author Comment

by:ClydeB
ID: 35161316
No solution yet. I appreciate all of the observations. We have opened an incident with Microsoft and have engaged the IE team on this. Still sending tons of dump files for their analysis.
What is really weird is why does it only occur in the TS sessions? And why with both IE and Firefox? On the desktop, IE works fine.
I will try Chrome.
0
 

Expert Comment

by:IC-Automatisering
ID: 35163146
I agree, i even tried a portable versions of firefox with the same effect. Our client (a small firm with only 7 users) has installed Google chrome for each seperate user. The use Chrome without any problems. Ofcourse this is a workaround so the client can resume normal operations.
The Windows 2003 EE SP2 terminal server is fully patched and both Eset Business Edititon and Malware byte detect no threads. Because it only occurs in a TS session and not on the console itself i do not think it is virus or malware.
0
Why won’t your email signature format correctly?

Struggling to get your corporate email signatures to format correctly? Does the logo keep resizing? Is the text appearing too big? What can you do to prevent this? Find out how you can save your signatures today.

 
LVL 5

Expert Comment

by:nazg82
ID: 35205192

Anyone?
0
 

Expert Comment

by:IC-Automatisering
ID: 35366793
Did Microsoft found a cause of the problem in the dump files you send for analysis yet?
0
 

Author Comment

by:ClydeB
ID: 35366830
We have sent them dump files and they have turned us over to their Antivirus team. We have basically given up, and will be going in this weekend, wiping the server, reinstalling the OS, and reinstalling all applications.
0
 
LVL 5

Expert Comment

by:nazg82
ID: 35418095
Hi folks,

we are on to something! If it all works, i'll post te solution tonight!

0
 
LVL 5

Accepted Solution

by:
nazg82 earned 500 total points
ID: 35418485
Okay guys,

First we drink a vodka, then we apply the solution. :)

Open your task manager. Search for all the processes with the name rundll.exe and kill them all.
Now startup Internet Explorer. Is your memory leak gone? Yes? Then read on!

open command prompt on the terminal server and goto c:\windows\tasks.
type: dir<enter>
then type: dir *.* /ah<enter>
Do you see any difference? Yes? Great, read on.

In our situation there was a hidden file called emeigww.job. This job started the rundll.exe and was also causing the memory leak.
This file cannot be deleted by the DEL command. So download jt.zip from the microsoft FTP server.
Extract jt.exe to the local C: drive of the terminal server. type the following command: jt.exe /sd c:\windows\tasks\the_Hidden_jobfile
Reboot your terminal server.
0
 

Expert Comment

by:IC-Automatisering
ID: 35431702
Hi, i first applied the solution and tested it before the vodka.

In our situation we had a hidden file called ssjn.job. After i removed the job with jt.exe and rebooted the server the users are able to browse with IE again and no memory leak!.
Sad to see the users stop using Google Chrome, it saved us from reinstallling the server and gave us time to wait for a solution.
Just to be curious, how did you came up with this solution??

The bottle of vodka is now empty :-)
0
 

Author Closing Comment

by:ClydeB
ID: 35432185
You are THE MAN! We were headed to this site this weekend to wipe their server and do a complete re-install. Once again, you have proven the value of Peer Power!

Thank you !
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now