Solved

SBS2008 Boot Problem - Some Services Not Starting

Posted on 2013-01-19
6
741 Views
Last Modified: 2013-02-04
Hi,

We have an SBS2008 box that has been built for around two years and has been performing well - no issues, clean event logs etc.

We went through our usual monthly MS patching routine and rebooted the server only to find that when it rebooted, some services failed to start, including DNS, Event Log Service and NetBios Helper. Also, if you try to log in right after the Ctrl-Alt-Del prompt comes up, you get an error saying that you can't log in as the Netlogon process isn't available. Wait a little longer, and you can log in. Safe Mode returns the same results.

The only way that we can restart the server normally, is to change the default system locale from UK to US, reboot the server (comes up as it should), change the default system locale back to UK, reboot the server, and it comes up as it should. This is clearly not a good situation.

Server has Exchange 2007, Symantec BESR 10, AVG 2011 Business Edition, APC Powerchute installed. The internal Sharepoint site is up and running. It has one NIC. We have a second LoB server (Windows 2008) that is a member of the domain. Nothing too complicated.

We use Symantec BESR for backups and have put the image onto another machine which displays the same problems. On this machine we have tried the following:

Event Log only has one error relating to DCOM not being able to communicate with another server, but that is a firewall issue on the other server
dcdiag - returns no issues
sfc /scannow - no integrity violations
SBS2008 BPA - nothing found
MS IT EHS - only found one issue under File Replaication Service and SYSVOL Admin (The file could not be written on the server01.mydomian.local server - See KB249256 but this is not relevant to our environment
Checked the C:\windows\winsxs\ folder for pending.xml - nothing found

One other thing that we think may cause the issue is the version of APC Powerchute that we have seems to cause a lot of problems. It won't uninstall through Control Panel and we have posted to their forums to ask for manual uninstall instrucions.

Does anyone have any solutions that may help in getting our server to boot normally, and also does anyone know how our strange workaround (found through Googling) gets us round the issue of services not starting?

Thanks.
0
Comment
Question by:e-matters
  • 3
  • 2
6 Comments
 
LVL 6

Expert Comment

by:arroryn
Comment Utility
How many updates went in? Any major patches?

As that's what you went through, I'd roll the server pack to prior to your monthly routine, and take it from there.

I have no idea why the system locale would make any difference to the boot process - very odd workaround, I think I'll add this to my KB for that alone!

I can only imagine that one of the patches that's gone in had corrupted the system at some level. I've found some odd M$ articles, but they're on NT server (!)

http://support.microsoft.com/kb/234655

I would also try removing invasive software such as the AV and see how this affects it - but certainly get the machine back to before those updates went on!
0
 
LVL 4

Expert Comment

by:mgpremkumar
Comment Utility
Since the event log service dont start when the default system UK there wont be any relevant events that would provide some leads.

Probably you could move the contents of the C:\Windows\System32\winevt\Logs to another folder and restart the server? If there is any corruption with these files, this step would fix this issue.

One other way that I can think of to find the cause is to use Process Monitor with boot logging enabled and then reboot the server. However the logs would quite a large amount of information that would need to be looked after the reboot and it is time consuming. Incase you do this make sure that you stop Process Monitor right after you login as it would continue logging.
0
 

Author Comment

by:e-matters
Comment Utility
Hi,

Thanks for the feedback.

We keep a monthly rolling backup on this server, and we duly rolled it back to before the updates took place on a test box and the same thing happened. We then went back to the earliest backup we have which was before the last set of updates, and again the same thing happens. The last time that we did updates a system restart wasn't required, which means that this issue could have been around for a while without us realising it.

I know that I won't expect to see anything in the event logs during bootup if the service doesn't start, but I mentioned this as sometimes there may be other entries in the log that might give a pointer to the problem happening. There is nothing in this case. The server runs clean of errors in the logs. I will try moving the logs but I don't believe that corruption here is an issue as the "locale swap" solution gets us in and we are able to view all the logs without issue.

I've seen the article that you mentioned but sadly it didn't provide a solution. As for removing software, we have msconfig-ed a bare boot with all third party stuff removed, and still the same problem.

We have also amended the registry as per http://support.microsoft.com/kb/2004121 with no improvement.

I think that timeouts have a part to play in the problem, because if you restart the server half a dozen times to replicate the problem, you get a different mix of services not starting. Sometimes DNS starts, sometimes it doesn't. Sometimes NetBios Helper starts and sometimes not. Event Log Service never starts.

I am waiting to get the uninstall procedure for the APC Powerchute software to see if it is this that causes problems, as there were two others that reported boot issues with this software installed.

Process Monitor Boot Logging is a good idea and I will try that this weekend. I forgot you could run it to log the boot process.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 6

Expert Comment

by:arroryn
Comment Utility
Keep us updated - if it is the APC software causing the issue I'll bank this for my KB for sure as we keep an eye on literally dozens of servers with this installed!
0
 

Accepted Solution

by:
e-matters earned 0 total points
Comment Utility
Hi,

We have found the culprit, and also why changing the locale seemed to work.

It appears that it was a Group Policy setting that was applied as per:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;951430

Thanks for taking the time to offer solutions.
0
 

Author Closing Comment

by:e-matters
Comment Utility
I have chosen my solution as it was the one that resolved the problem.
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now