I have a SBS 2011 server that started crashing a few days ago.
It crashed and then got stuck in a boot sequence where it would blue-screen trying to Apply Computer Settings.
I was able to get into safe mode and safe mode with networking with no issues.
I was able to get back into Windows normally booting it once, but I think i just got lucky as then next 2 boots also blue-screened at Applying Computer settings.
I logged a ticked with MS and we have been working on the issue for 2 days with no success. I am reaching out for help here hoping someone has any ideas.
I got back into Windows normally using Last Known Good Config, but it after a couple more reboots, the issue came back.
We discovered a strange issue where the network logon service was not starting (this had never happened before). MS determined that somehow the hostname of the computer was changed in a couple of places in the registry. We disabled Exchange services as they were also failing due to the Network Logon Service failing to start. Once we modified the registry settings back to the actual name of the server, the network logon service started up again normally.
Thinking the issue was fixed, we began restarting the Exchange services and then we crashed again when about half of them were started up. We rebooted and then got a couple more started and then crashed again.
MS then tried to disable 3rd party drivers and storage drivers (the ones that don't load in safe mode) but the server was unstable in that state. My MS engineer then quit for the night.
I had the data center run a full diagnostic on the hardware which came back clean.
I disabled all Exchange services again, and behold it has not crashed since.
So, any ideas?
I can't get the idea out of my head that it is related to RAM. This server is very undersized; it's running 8 GB RAM. Even with Exchange disabled 6.5 GB of RAM is used up just booting to the desktop.
My thought was that as services were starting up, and RAM was being given to processes, that it encountered some issue with the physical module, or that the page file filled up and somehow causing the crash. Is this valid reasoning?
Another thought was that registry entry that was changed which was causing the network logon service to fail. The name of the server that was appearing in the registry was generic, like WIN-67L5UNORI4I.
I scanned the security logs for failed logon attempts and I see similar PC names appearing from strange IP addresses (China, South Korea, Brazil, Germany).
Could someone have gained access and caused some damage that is making it crash?
Any advice you can give would be great.