lasirius
asked on
Windows Server 2012 shares crashing
Hi
I have a a network set up with Windows Server 2012 and about 35 users all on Windows 7 Professional. I recently added some shares to a set of pre-existing shares. After doing this each client began began losing their connection to the 2012 file server and the connection for the shares is lost. After the connection to the share drops it will come back within 2 or 3 minutes. This happens on a regular basis (every one hour) throughout the day. The error message ID in Event Viewer on the file server is 30623.
I have a a network set up with Windows Server 2012 and about 35 users all on Windows 7 Professional. I recently added some shares to a set of pre-existing shares. After doing this each client began began losing their connection to the 2012 file server and the connection for the shares is lost. After the connection to the share drops it will come back within 2 or 3 minutes. This happens on a regular basis (every one hour) throughout the day. The error message ID in Event Viewer on the file server is 30623.
ASKER
The Server service is running continuously but port 445 closes at the time of the crash.
Good, that's the problem. Please make sure that the service is really not crashing: open eventvwr and look into the system log for service manager events.
ASKER
The service is not crashing. This is the only error in event viewer:
UNSVMFILE01 30620 Warning Microsoft-Windows-SMBClien
I am not sure how to determine what is causing the port to close. Do you have any advice?
UNSVMFILE01 30620 Warning Microsoft-Windows-SMBClien
I am not sure how to determine what is causing the port to close. Do you have any advice?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The first error is a 30623, then a 30620. I have posted the details for both errors below (while I have taken out some details for security). These errors do only appear while the problem is happening. I have not tried to recreate the shares or restarting the service, or any other modifications. Another detail is that I cannot ping the file server while the problem is occurring. Does this suggest that it is not an application layer problem, and probably a transport layer problem? I will have the person in control of the firewall look for any negative activity on port 445. Do you have any other advice?
Log Name: Microsoft-Windows-SMBClien
Source: Microsoft-Windows-SMBClien
Date: 1/7/2014 9:34:03 AM
Event ID: 30623
Task Category: None
Level: Warning
Keywords: (16)
User: N/A
Computer:
Description:
Connection to share \unsvmfile01\"I HAVE DELETED HERE" was lost. Status 0xC000020C
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-SM
<EventID>30623</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x20000000000000
<EventRecordID>14</EventRe
<Correlation />
<Execution ProcessID="4" ThreadID="3008" />
<Channel>Microsoft-Windows
<Computer></Computer>
<Security />
</System>
<EventData>
<Data Name="Object">0xfffffa8005
<Data Name="OldState">0</Data>
<Data Name="NewState">1</Data>
<Data Name="Status">3221225996</
<Data Name="NameLength">29</Data
<Data Name="ObjectName">
</EventData>
</Event>
Log Name: Microsoft-Windows-SMBClien
Source: Microsoft-Windows-SMBClien
Date: 1/7/2014 9:34:03 AM
Event ID: 30620
Task Category: None
Level: Warning
Keywords: (16),(2)
User: N/A
Computer:
Description:
Connection to server "" IP Address [fe80::551c:fe94:417b:fede
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-SM
<EventID>30620</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x20000000000000
<EventRecordID>1</EventRec
<Correlation />
<Execution ProcessID="4" ThreadID="3008" />
<Channel>Microsoft-Windows
<Computer>""</Computer>
<Security />
</System>
<EventData>
<Data Name="VcEndpoint">0xfffffa
<Data Name="RemoteAddressLength"
<Data Name="RemoteAddress">17000
<Data Name="ServerNameLength">12
<Data Name="ServerName">""</Data
</EventData>
</Event>
Log Name: Microsoft-Windows-SMBClien
Source: Microsoft-Windows-SMBClien
Date: 1/7/2014 9:34:03 AM
Event ID: 30623
Task Category: None
Level: Warning
Keywords: (16)
User: N/A
Computer:
Description:
Connection to share \unsvmfile01\"I HAVE DELETED HERE" was lost. Status 0xC000020C
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-SM
<EventID>30623</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x20000000000000
<EventRecordID>14</EventRe
<Correlation />
<Execution ProcessID="4" ThreadID="3008" />
<Channel>Microsoft-Windows
<Computer></Computer>
<Security />
</System>
<EventData>
<Data Name="Object">0xfffffa8005
<Data Name="OldState">0</Data>
<Data Name="NewState">1</Data>
<Data Name="Status">3221225996</
<Data Name="NameLength">29</Data
<Data Name="ObjectName">
</EventData>
</Event>
Log Name: Microsoft-Windows-SMBClien
Source: Microsoft-Windows-SMBClien
Date: 1/7/2014 9:34:03 AM
Event ID: 30620
Task Category: None
Level: Warning
Keywords: (16),(2)
User: N/A
Computer:
Description:
Connection to server "" IP Address [fe80::551c:fe94:417b:fede
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-SM
<EventID>30620</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x20000000000000
<EventRecordID>1</EventRec
<Correlation />
<Execution ProcessID="4" ThreadID="3008" />
<Channel>Microsoft-Windows
<Computer>""</Computer>
<Security />
</System>
<EventData>
<Data Name="VcEndpoint">0xfffffa
<Data Name="RemoteAddressLength"
<Data Name="RemoteAddress">17000
<Data Name="ServerNameLength">12
<Data Name="ServerName">""</Data
</EventData>
</Event>
> I have not tried to recreate the shares or restarting the service, or any other modifications.
You should try it.
> Another detail is that I cannot ping the file server while the problem is occurring
Interesting. Then the whole network connectivity breaks, not only the server service.
You should try it.
> Another detail is that I cannot ping the file server while the problem is occurring
Interesting. Then the whole network connectivity breaks, not only the server service.
ASKER
This is the first time that I am awarding points. Please do not let my 'B' grade for the solution distract you. Your help will assist me in solving the problem. Thank you!
I'm having a very similar problem with a client's 2012 server. You've accepted a solution, and awarded points for it, but you didn't say what you actually did to solve the problem. Any chance you might share that? This is very relevant for me right now.
The smb shares use port 445. Please monitor if 445 is continuously open by using this tool: portping http://www.tkolb.de/download/dl.php?download=portping_win.rar
Also see if the service called "server" is constantly running.