Windows 2008 Server, R2 Standard, SP1 - suddenly pausing up, needs restarting, can i upload something?
Hi,
client has 3 windows 2008 servers, r2 standard, sp1
recently the server 1, domian server, dns, file / print services has been freezing up, im not physically on site,,, but its been since that windows updates installed earlier this week, about 3 or 4 days ago.
im scanning for malware, scanning for virus, im also seeing if maybe theres a newer trendmicro worry free that may be some update for the latest windows updates.
but if there anything i can download or event logs type report or diag i can upload to you experts to check out and identify any possible issues happening?
if so, can you also inform me how to obtain this report or log.thanks
m
client has 3 windows 2008 servers, r2 standard, sp1
recently the server 1, domian server, dns, file / print services has been freezing up, im not physically on site,,, but its been since that windows updates installed earlier this week, about 3 or 4 days ago.
im scanning for malware, scanning for virus, im also seeing if maybe theres a newer trendmicro worry free that may be some update for the latest windows updates.
but if there anything i can download or event logs type report or diag i can upload to you experts to check out and identify any possible issues happening?
if so, can you also inform me how to obtain this report or log.thanks
m
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Just red flags in the event viewer mainly or warnings.
Event Viewer
To create the filter you would go to lets say the application log (Event viewer > Windows Logs > Application)
On the right side you will see Filter Current Log, Select it and options will be available. Put a check in the box for Critical and Error. Click OK and it will now only show you those events.
Performance Monitor
Use the start menu search box and type Perfmon and press enter
http://technet.microsoft.com/en-us/library/cc749115.aspx
Event Viewer
To create the filter you would go to lets say the application log (Event viewer > Windows Logs > Application)
On the right side you will see Filter Current Log, Select it and options will be available. Put a check in the box for Critical and Error. Click OK and it will now only show you those events.
Performance Monitor
Use the start menu search box and type Perfmon and press enter
http://technet.microsoft.com/en-us/library/cc749115.aspx
ASKER
okay , ill do that.
as well i installed the intel raid web console 2 to try to see/daig the arry and its not 'finding the server' (i installed this on the 3rd server, the remote desktop server to just see how it works, etc.. and got that 'server not found... error'
marc
ill do the perfmon, as well as the custom view in event viewer
what does perfmon do, create a report?
as well i installed the intel raid web console 2 to try to see/daig the arry and its not 'finding the server' (i installed this on the 3rd server, the remote desktop server to just see how it works, etc.. and got that 'server not found... error'
marc
ill do the perfmon, as well as the custom view in event viewer
what does perfmon do, create a report?
ASKER
im going tomorrow to see the exact event viewer error id #'s, as well as to check the ram with ramtest memtest, and im going to use the bios based raid console to turn on the audio alerts, and see if any of the drives is in failed state,
currently, i cannot even use logmein to access server1, when i take over server #3 and ping server 1 i get reply, but cannot browse it explorer or anything, as well the remote desktop users that loginto server #3 cannot login as they cannot see domian server (#1).
so tomorrow im going into office to hopefully reboot, and see event viewer, and see raid.
if the raid console says a drive is failed, how do i know whether it just requires a rebuild, or whether a drive is bad, and needs replacing and rebuild?
currently, i cannot even use logmein to access server1, when i take over server #3 and ping server 1 i get reply, but cannot browse it explorer or anything, as well the remote desktop users that loginto server #3 cannot login as they cannot see domian server (#1).
so tomorrow im going into office to hopefully reboot, and see event viewer, and see raid.
if the raid console says a drive is failed, how do i know whether it just requires a rebuild, or whether a drive is bad, and needs replacing and rebuild?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I would remove and reinstall the antivirus.
ASKER
ok, we just rebooted, because it bogged down over night... id cleared the event logs, so they should have all recent critiical errors, however i cant uplaod them to oyu.
it appears theres some form of dns realted issue...maybe, event id 5774, alot of them
we just manually rebooted, so i also ran a dcdiag /test:dns and a standard dcdiag and will upload. However, ive replaced them with the more recent ones since ive made minor changes.
ive removed the 2nd ip from the adapter, just pointing to itself 192.168.1.1
im currently getting DCOM errors, event id 100009.
also, i uploaded a screenshot of the e vent id 5774, i was getting overnight, that may have caused the bogging.
it has an ip address there under dns ip (204.97.92.x), and id like to know where is it getting this ip address from? as its not in the sonicwall, its not the adapter..?
any help is appreciated.
error-5774-screenschot-with-dns-.bmp
dns.txt
dc.txt
it appears theres some form of dns realted issue...maybe, event id 5774, alot of them
we just manually rebooted, so i also ran a dcdiag /test:dns and a standard dcdiag and will upload. However, ive replaced them with the more recent ones since ive made minor changes.
ive removed the 2nd ip from the adapter, just pointing to itself 192.168.1.1
im currently getting DCOM errors, event id 100009.
also, i uploaded a screenshot of the e vent id 5774, i was getting overnight, that may have caused the bogging.
it has an ip address there under dns ip (204.97.92.x), and id like to know where is it getting this ip address from? as its not in the sonicwall, its not the adapter..?
any help is appreciated.
error-5774-screenschot-with-dns-.bmp
dns.txt
dc.txt
ASKER
It turns out i did perform many of the tests and monitors you'd recommended.
however, the sata raid array seems in normal status, all 3 drives in normal.
i believe the system was overheating, as i had to blow alot of dust off the cpu and cpu fan.
thanks as always expert!
however, the sata raid array seems in normal status, all 3 drives in normal.
i believe the system was overheating, as i had to blow alot of dust off the cpu and cpu fan.
thanks as always expert!
ASKER
also, its an intel raid controller, integrated.
how do i open, view save the performance manager.
also, i wouldnt really know what to look for in the event viewer, except for red flags...