I am rolling out a new server on an exsisting network the client computers currently use offline sycn to \\server\userfiles\username how do i change that path to \\dellserver\userfiles\username.
I look at
http://technet.microsoft.com/en-us/library/cc739470(v=ws.10)
and launched mobsync via the run line. I can see the server path but see no what to change it (via client computers) any ideas?
As the Administrator, I cannot log on to my primary domain controller (2008 R2) in normal mode and users cannot access files on that server. I am able to log in Safe Mode.
This server is a virtual machine, is the primary DC and has the operations masters but there are also two other 2003 DC's one of which also runs DNS.
In Directory Services Restore Mode I have tried removing all windows updates from the night before and disabling the McAfee services. I also restored the System State (but not the entire System drive) from the previous nights backup. Those steps didn't get me anywhere. In trying to resolve this problem I also noticed that whenever I boot the system normally the time seems to freeze and when I restart into Safe mode I have to reset the time and it works fine while in that mode.
The event logs when the problem started show these items:
System Log
Log Name: System
Source: NETLOGON
Date: 8/17/2012 1:42:18 PM
Event ID: 5737
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: CCADDC2.mydomain.com
Description:
The system returned the following unexpected error code:
An internal error occurred.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="NETLOGON" />
<EventID Qualifiers="0">5737</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-08-17T17:42:18.000000000Z" />
<EventRecordID>50301</EventRecordID>
<Channel>System</Channel>
<Computer>CCADDC2.mydomain.com</Computer>
<Security />
</System>
<EventData>
<Data>%%1359</Data>
<Binary>4F050000</Binary>
</EventData>
</Event>
Log Name: System
Source: Service Control Manager
Date: 8/17/2012 1:42:21 PM
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: CCADDC2.mydomain.com
Description:
The Netlogon service terminated with the following error:
An internal error occurred.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7023</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2012-08-17T17:42:21.671875000Z" />
<EventRecordID>50305</EventRecordID>
<Correlation />
<Execution ProcessID="520" ThreadID="584" />
<Channel>System</Channel>
<Computer>CCADDC2.mydomain.com</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Netlogon</Data>
<Data Name="param2">%%1359</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-DfsSvc
Date: 8/17/2012 1:42:29 PM
Event ID: 14548
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: CCADDC2.mydomain.com
Description:
The DFS Namespace service could not initialize the trusted domain information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DfsSvc" Guid="{7DA4FE0E-FD42-4708-9AA5-89B77A224885}" EventSourceName="DfsSvc" />
<EventID Qualifiers="49152">14548</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-08-17T17:42:29.000000000Z" />
<EventRecordID>50320</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>CCADDC2.mydomain.com</Computer>
<Security />
</System>
<EventData Name="DfsNoTrustedDomainInfo">
<Binary>B5060000</Binary>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-Time-Service
Date: 8/17/2012 1:42:50 PM
Event ID: 46
Task Category: None
Level: Error
Keywords:
User: LOCAL SERVICE
Computer: CCADDC2.mydomain.com
Description:
The time service encountered an error and was forced to shut down. The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Time-Service" Guid="{06EDCFEB-0FD0-4E53-ACCA-A6F8BBF81BCB}" />
<EventID>46</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-08-17T17:42:50.734375000Z" />
<EventRecordID>50338</EventRecordID>
<Correlation />
<Execution ProcessID="980" ThreadID="2792" />
<Channel>System</Channel>
<Computer>CCADDC2.mydomain.com</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData Name="TMP_EVENT_ERROR_SHUTDOWN">
<Data Name="ErrorMessage">0x80070700: An attempt was made to logon, but the network logon service was not started.
</Data>
</EventData>
</Event>
Log Name: System
Source: Service Control Manager
Date: 8/17/2012 1:42:50 PM
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: CCADDC2.mydomain.com
Description:
The Windows Time service terminated with the following error:
An attempt was made to logon, but the network logon service was not started.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7023</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2012-08-17T17:42:50.750000000Z" />
<EventRecordID>50340</EventRecordID>
<Correlation />
<Execution ProcessID="520" ThreadID="720" />
<Channel>System</Channel>
<Computer>CCADDC2.mydomain.com</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Windows Time</Data>
<Data Name="param2">%%1792</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 8/17/2012 1:27:59 PM
Event ID: 1097
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: CCADDC2.mydomain.com
Description:
The processing of Group Policy failed. Windows could not determine the computer account to enforce Group Policy settings. This may be transient. Group Policy settings, including computer configuration, will not be enforced for this computer.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
<EventID>1097</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-08-17T17:27:59.827375000Z" />
<EventRecordID>50350</EventRecordID>
<Correlation ActivityID="{8500A3FC-136D-4174-9C69-D19D9E7A7DA0}" />
<Execution ProcessID="904" ThreadID="2388" />
<Channel>System</Channel>
<Computer>CCADDC2.mydomain.com</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="SupportInfo1">1</Data>
<Data Name="SupportInfo2">2346</Data>
<Data Name="ProcessingMode">1</Data>
<Data Name="ProcessingTimeInMilliseconds">2953</Data>
<Data Name="ErrorCode">2148074252</Data>
<Data Name="ErrorDescription">The logon attempt failed </Data>
<Data Name="DCName">\\CCBACKUP1.mydomain.com</Data>
</EventData>
</Event>
Log Name: System
Source: LsaSrv
Date: 8/17/2012 1:28:01 PM
Event ID: 40961
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: CCADDC2.mydomain.com
Description:
The Security System could not establish a secured connection with the server
LDAP/ccaddc1.mydomain.com/mydomain.com@mydomain.com. No authentication protocol was available.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="LsaSrv" Guid="{199FE037-2B82-40A9-82AC-E1D46C792B99}" />
<EventID>40961</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-08-17T17:28:01.671125000Z" />
<EventRecordID>50353</EventRecordID>
<Correlation />
<Execution ProcessID="528" ThreadID="576" />
<Channel>System</Channel>
<Computer>CCADDC2.mydomain.com</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Target">LDAP/ccaddc1.mydomain.com/mydomain.com@mydomain.com</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-WinRM
Date: 8/17/2012 1:29:53 PM
Event ID: 10154
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: CCADDC2.mydomain.com
Description:
The WinRM service failed to create the following SPNs: WSMAN/CCADDC2.mydomain.com; WSMAN/CCADDC2.
Additional Data
The error received was 1355: %%1355.
User Action
The SPNs can be created by an administrator using setspn.exe utility.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WinRM" Guid="{A7975C8F-AC13-49F1-87DA-5A984A4AB417}" EventSourceName="WinRM" />
<EventID Qualifiers="7">10154</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-08-17T17:29:53.000000000Z" />
<EventRecordID>50373</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>CCADDC2.mydomain.com</Computer>
<Security />
</System>
<EventData>
<Data Name="spn1">WSMAN/CCADDC2.mydomain.com</Data>
<Data Name="spn2">WSMAN/CCADDC2</Data>
<Data Name="error">1355</Data>
</EventData>
</Event>
Application Log
Log Name: Application
Source: SRMSVC
Date: 8/17/2012 1:42:32 PM
Event ID: 12317
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: CCADDC2.mydomain.com
Description:
File Server Resource Manager failed to enumerate share paths or DFS paths. Mappings from local file paths to share and DFS paths may be incomplete or temporarily unavailable. FSRM will retry the operation at a later time.
Context:
Domain: mydomain
Error-specific details:
Error: DfsMapCacheAdd(Domain), 0x8007054b, The specified domain either does not exist or could not be contacted.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="SRMSVC" />
<EventID Qualifiers="32772">12317</EventID>
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-08-17T17:42:32.000000000Z" />
<EventRecordID>22423</EventRecordID>
<Channel>Application</Channel>
<Computer>CCADDC2.mydomain.com</Computer>
<Security />
</System>
<EventData>
<Data>
Context:
Domain: mydomain
Error-specific details:
Error: DfsMapCacheAdd(Domain), 0x8007054b, The specified domain either does not exist or could not be contacted.
</Data>
<Binary>2D20436F64653A20504D43414348454330303030303830322D2043616C6C3A20504D43414348454330303030303732362D205049443A202030303030313835322D205449443A202030303030313938302D20434D443A2020433A5C57696E646F77735C73797374656D33325C737663686F7374202D6B2073726D7376637320202D20557365723A204E616D653A204E5420415554484F524954595C53595354454D2C205349443A532D312D352D313820</Binary>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Date: 8/17/2012 3:26:43 PM
Event ID: 6
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: CCADDC2.mydomain.com
Description:
Automatic certificate enrollment for local system failed (0x8007052e) Logon failure: unknown user name or bad password.
.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-CertificateServicesClient-AutoEnrollment" Guid="{F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43}" EventSourceName="AutoEnrollment" />
<EventID Qualifiers="16384">6</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-08-17T19:26:43.000000000Z" />
<EventRecordID>22483</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>CCADDC2.mydomain.com</Computer>
<Security />
</System>
<EventData>
<Data Name="Context">local system</Data>
<Data Name="ErrorCode">0x8007052e</Data>
<Data Name="ErrorMsg">Logon failure: unknown user name or bad password.
</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-Winlogon
Date: 8/17/2012 5:23:40 PM
Event ID: 6000
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: CCADDC2.mydomain.com
Description:
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Winlogon" Guid="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}" EventSourceName="Wlclntfy" />
<EventID Qualifiers="32768">6000</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-08-17T21:23:40.000000000Z" />
<EventRecordID>22585</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>CCADDC2.mydomain.com</Computer>
<Security />
</System>
<EventData>
<Data>GPClient</Data>
<Binary>D9060000</Binary>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-EFS
Date: 8/17/2012 5:23:41 PM
Event ID: 7002
Task Category: None
Level: Error
Keywords:
User: mydomain\kimmel1
Computer: CCADDC2.mydomain.com
Description:
Default group policy object cannot be created. Error 8007054b to open GPO Domain EFS Recovery Policy in domain
LDAP://DC=mydomain,DC=com.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-EFS" Guid="{3663A992-84BE-40EA-BBA9-90C7ED544222}" />
<EventID>7002</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2012-08-17T21:23:41.656250000Z" />
<EventRecordID>22587</EventRecordID>
<Correlation />
<Execution ProcessID="1744" ThreadID="1748" />
<Channel>Application</Channel>
<Computer>CCADDC2.mydomain.com</Computer>
<Security UserID="S-1-5-21-3652510090-3284530662-2708934488-1003" />
</System>
<EventData>
<Data Name="Reason">Error 8007054b to open GPO Domain EFS Recovery Policy in domain
LDAP://DC=mydomain,DC=com.</Data>
</EventData>
</Event>
Jeff Speirs
Hi
I know that there is RAID 5, RAID 1 etc, and some RAIDs are better for some types of applicaton behaviour than others. For instance, RAID 1 is supposedly better for transactional logging because of the write behaviour.
Does anyone have a list of the different RAID types for Windows servers and which application behavior they suit best? In terms of behaviour, I was thinking;
A) Sequential writes
B) Sequential reads
C) Random writes
D) Random reads
Also, if parts of the app wanted to carry out a mixure of the above, are we better off seperating them into seperate RAID drives?
I have a Windows Server 2008 R2 box running a DHCP server and Routing and Remote Access. It is also running Hyper-V.
The host has two NICs, one providing an internet connection, the other is listed a "private" network in RRAS.
If I connect a laptop to the private NIC, it provides the laptop with an IP address. At that point, everything works. The laptop gets internet access, and can access the various virtual servers by their computer names (I am not on a domain and there is no local DNS server in play here, aside from assigning Google's 8.8.8.8 via the DHCP settings).
If I then disconnect the laptop and instead setup a VPN connection, pointing to the public IP address of the Server, I can connect, get an IP address, and I can still access the virtual machines - but only by IP address. Name no longer works.
From what I have read and seen, NetBIOS is enabled by default across Remote Access, but I can't seem to get it to work.
On the server, in the Routing and Remote Access "Properties" window, "IPv4" tab, "Enable broadcast name resolution" is checked.
On the laptop, in the VPN connection settings, IPv4, Advanced, on the WINS tab, NetBIOS is explicitly set to enabled.
Any ideas on what is preventing this? Thanks!
Greetings,
I'm looking to set up a test lab at home. This seems like a good opportunity to get a (better) feel for Hyper-V on Server 2012.
I have access to an MSDNAA program that will likely have Windows Server 2012 Datacenter edition posted. I could also purchase a TechNet subscription, although I'm not sure if I would be comfortable footing the bill for the 'Pro' subscription, if that would be required for the Datacenter edition.
My question is this: If I obtain Windows Server 2012 Datacenter edition from MSDNAA, will the licensing work out the same (i.e. unlimited virtual instances on my single processor lab system)? If not, do you offer deals on TechNet Pro subscriptions to students?
Your insight would be greatly appreciated!
Regards,
CM
I have two hard drives. Hard Drive A had Win 7 and is for personal use, Hard Drive B was formatted so I could test out Win Sever 08.
I downloaded the Windows Sever 2008 ISO and ran it using PowerISO, which emulates a DVD drive. I ran the installer and selected Hard Drive B as the installation drive. After several reboots during the installer I realized that even though the Windows Server Directories were installed to Hard Drive B, the boot manager is on Hard Drive A.
I can not boot to Hard Drive B which contains the Windows Server 08 installation, if I try it gives me a "BOOTMGR is missing" error. I have to boot to Hard Drive A and select the Window Server instead of Win 7.
This is horrible. I did not want the 2008 server having anything to do with my personal Hard Drive A. And now I'm stuck with Windows Boot Manger selection on my personal drive. I absolutely need to separate and isolate the two installations on their respective hard drives. Why would it install all the files on a certain drive but put the boot info on another, that I didn't even select during installation? How do I recover from this?
How do I get the 2008 Server Boot off Hard Drive A?
How do I get Hard Drive B with the 2008 Server Files to boot?
Could the 2008 Server installation on Hard Drive B effected anything else on Hard Drive A?
Finally, why doesn't the installer warn that it's going to make changes to a hard drive that was not selected during installation?
I'm working on updating my servers for my monthly maintenance window. A new windows update agent is out there and has to be installed in order to get new updates. So, I install the update and now I'm getting an endless loop on the update.microsoft.com screen. It flips from the "Checking if your computer has the latest version of Windows updating software for use with the website...", then to the "Checking for the latest version of Windows updating software..." then back and forth and back and forth and eventually times out to the "The website has encountered a problem and cannot display the page you are trying to view." screen.
The os is windows 2003
In fact it doesnt matter if it is windows 2003 or windows 2003 enterprise, 32 or 64bit.
If anyone can assist, it would be most appreciative.
How to check disk latency in windows server ,
How to check i/o queue's in windows server
How to check over all san performance in windows
I was running updates from the windows update service just fine on a new install for several months. One day I received an error Windows failed to download an update 0x80072efe error. Ever since then I have been unable to connect to the Microsoft update service and all of the troubleshooting I have done has made no difference. I am also occasionally receiving 0x80072ee2 errors.
The server is our database server and it is behind a domain firewall but that is not the issue. I have tried resetting and reinstalling the NIC, uninstalling anti-virus, deleting all the various download folders, etc. I have been working on this on and off for almost two months. I am able to download the updates on another computer and install them that way, but I would really like to resolve this issue. I saw an error in the update logs for the first download that failed and installed it and all the other ones in the log after it, but to no avail.
Any suggestions are appreciated. Thank you.
When I try to run Windows Update on any of my Server 2003 machines I get a looping condition where it says "Checking if your computer has the latest version of Windows updating software for use from the website..." and then "Checking for the latest version of Windows updating software..."
There are two suspicous entries in the windowsupdate.log:
WARNING: Digital Signatures on file C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\7971f918-a847-4430-9279-4a52d1efe18d.auth.cab.temp\muauth.cab are not trusted: Error 0x800b0001
and
FATAL: Update required for C:\WINDOWS\system32\wuweb.dll: target version = 7.4.7600.226, required version = 7.6.7600.256
Since it's not just one server but ALL 2003 servers, I am guessing it's not something on the server itself.
Hi all,
I have been struggling with a BSOD for the past 5 weeks and have scoured the web trying in vain to find someone else with the same issue.
Environment:
8 x 2008 R2 SP1 Windows Servers (8Gb RAM, 25Gb HDD) with Remote Desktop Services Roles installed, running as part of an RDS Farm. All Servers are VM Guests (hardware version 7) running on VMware vSphere v4.1.0-260247 Hosts (Dell
PowerEdge R710 - 128Gb RAM). Our vSphere 'farm' has 5 Hosts that connect to our EMC SAN via iSCSI with multipath routes.
Each RDS Server is load balanced via a Connection Broker, and each server has the same set of software / vm hardware installed. In a nutshell, each has Symantec Endpoint Protection v11.0.5002.333, Symantec Altiris v7.0, Microsoft Office 2007 as well as
other various software essential to these servers.
Symptoms:
Randomly throughout the day, one (or more) of the RDS Servers will crash with a BSOD more often than not with "caused by driver ntoskrnl.exe" sometimes with "cng.sys" and once with "ksecpkg.sys". So far in the 5 weeks I have had 90 crashes. Yesterday
all 8 of the RDS Servers crashed at some point throughout the day.
On a typical BSOD, it says:
-----------------------------
The problem seems to be caused by the following file: ntoskrnl.exe
PAGE_FAULT_IN_NONPAGED_AREA
Technical Information:
*** STOP: 0x00000050 (0xfffffa800c153284, 0x0000000000000001, 0xfffff880053dc0c9, 0x0000000000000000)
*** ntoskrnl.exe - Address 0xfffff8000169ac40 base at 0xfffff8000161e000 DateStamp 0x4e02aaa3
------------------------------
Using BlueScreenView it says "caused by address: ntoskrnl.exe+7cc40" nearly every time.
I have analysed as best I could using Microsoft WinDbg, and this is the output of a typical mini-dump file:
------------------------------
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [\\hqrds01\c$\Windows\Minidump\030112-19359-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\Program Files\Debugging Tools for Windows (x64)\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: Server, suite: TerminalServer
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`01609000 PsLoadedModuleList = 0xfffff800`0184e670
Debug session time: Thu Mar 1 09:14:00.921 2012 (UTC + 0:00)
System Uptime: 0 days 21:31:41.950
Loading Kernel Symbols
...............................................................
................................................................
.............
Loading User Symbols
Loading unloaded module list
..............
*******************************************************************************
* Bugcheck Analysis
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffffa800be83284, 1, fffff8800576f0c9, 0}
Could not read faulting driver name
Probably caused by : RDPWD.SYS ( RDPWD!memcpy+1d9 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* Bugcheck Analysis
*
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa800be83284, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff8800576f0c9, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800018b8100
fffffa800be83284
FAULTING_IP:
RDPWD!memcpy+1d9
fffff880`0576f0c9 668901 mov word ptr [rcx],ax
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
BUGCHECK_STR: 0x50
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff8800bf70a80 -- (.trap 0xfffff8800bf70a80)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000000000000023d rbx=0000000000000000 rcx=fffffa800be83284
rdx=ffffffffffe7e63b rsi=0000000000000000 rdi=0000000000000000
rip=fffff8800576f0c9 rsp=fffff8800bf70c18 rbp=0000000000000001
r8=000000000000001c r9=fffff8a0033401e8 r10=fffff8a0033401e8
r11=fffffa800be83268 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
RDPWD!memcpy+0x1d9:
fffff880`0576f0c9 668901 mov word ptr [rcx],ax ds:0c40:fffffa80`0be83284=????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800016319fc to fffff80001685c40
STACK_TEXT:
fffff880`0bf70918 fffff800`016319fc : 00000000`00000050 fffffa80`0be83284 00000000`00000001 fffff880`0bf70a80 : nt!KeBugCheckEx
fffff880`0bf70920 fffff800`01683d6e : 00000000`00000001 fffffa80`0be83284 00000000`00000000 fffff8a0`0be85820 : nt! ?? ::FNODOBFM::`string'+0x4611f
fffff880`0bf70a80 fffff880`0576f0c9 : fffff880`057547cf 00000000`00000000 00000000`00000022 00000000`00000002 : nt!KiPageFault+0x16e
fffff880`0bf70c18 fffff880`057547cf : 00000000`00000000 00000000`00000022 00000000`00000002 fffff880`0576c99d : RDPWD!memcpy+0x1d9
fffff880`0bf70c20 fffff880`0576c9fc : fffff8a0`0f938010 00000000`00000022 00000000`00000019 00000000`00000002 : RDPWD!SM_MCSSendDataCallback+0x303
fffff880`0bf70c60 fffff880`0576b354 : fffff880`0bf70da0 fffff8a0`033401e8 00000000`00000000 fffff880`0576abfd : RDPWD!HandleAllSendDataPDUs+0x188
fffff880`0bf70d10 fffff880`0576af64 : 00000000`00000031 fffffa80`0bd01895 00000006`0000001f fffff880`05739079 : RDPWD!RecognizeMCSFrame+0x28
fffff880`0bf70d50 fffff880`029ba1f8 : fffff8a0`03345000 fffffa80`0bae6e80 fffffa80`0a5c0e60 fffff880`05737e00 : RDPWD!MCSIcaRawInputWorker+0x3d4
fffff880`0bf70df0 fffff880`057378d0 : 00000000`00000000 fffff880`0bf70f10 fffff880`0bf70f08 00000000`00000000 : termdd!IcaRawInput+0x50
fffff880`0bf70e20 fffff880`05736d85 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tssecsrv!CRawInputDM::PassDataToServer+0x2c
fffff880`0bf70e50 fffff880`057367c2 : fffffa80`088e8a28 fffffa80`00000000 00000000`00000031 fffff800`00000000 : tssecsrv!CFilter::FilterIncomingData+0xc9
fffff880`0bf70ef0 fffff880`029ba1f8 : fffff880`009b8180 00000000`00000001 00000000`00000000 00000000`00000000 : tssecsrv!ScrRawInput+0x82
fffff880`0bf70f60 fffff880`0572c4c5 : fffffa80`088e8a10 fffffa80`0bd01658 00000000`00000000 fffffa80`088e8a10 : termdd!IcaRawInput+0x50
fffff880`0bf70f90 fffff880`029baf3e : fffffa80`0bd01620 fffffa80`0c100420 fffffa80`0bd4b450 fffffa80`0973b9b0 : tdtcp!TdInputThread+0x465
fffff880`0bf71810 fffff880`029b9ae3 : fffffa80`09d902b0 fffffa80`0973b9b0 fffffa80`093d8520 fffffa80`0bd4b450 : termdd!IcaDriverThread+0x5a
fffff880`0bf71840 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : termdd!IcaDeviceControlStack+0x827
STACK_COMMAND: kb
FOLLOWUP_IP:
RDPWD!memcpy+1d9
fffff880`0576f0c9 668901 mov word ptr [rcx],ax
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: RDPWD!memcpy+1d9
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: RDPWD
IMAGE_NAME: RDPWD.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7ab45
FAILURE_BUCKET_ID: X64_0x50_VRF_RDPWD!memcpy+1d9
BUCKET_ID: X64_0x50_VRF_RDPWD!memcpy+1d9
Followup: MachineOwner
------------------------------
The RDS servers are set to reboot automatically, and after a period of 5 minutes or so, the users can reconnect and log back in. On a typical day each server will have around 10 people RDP'd in to them.
The Users connecting to the RDS Servers included XP laptops/desktops and IGEL UD-120-LX Thin Terminals. The XPs have SP3 installed and are fully patched via Symantec Altiris.
Things I have tried:
- Analyse the dump-files (as per above).
- I have tracked each user logging on to the RDS Farm (via batch scripts) and tried to determine if this is caused by the same individual(s) but it appears random.
- Check to see if the crashing Virtual Machine is running on a specific host, but it has happened on all Hosts.
- Check to see if there was anything specific that happened on the day that the crashes started. There were about 5 new poeple introduced to the RDS Farm at that time, but there were using (a) client machines that had been used previously elsewhere with
no issues, (b) software that had been used previously, (c) in a remote location that had previous users using RDS, (d) have not been logged on to a RDS Server when it has crashed.
- Updated Windows Server 2008 R2 SP1 to the latest patches (as of Feb 2012).
- Turned on Verifier (using recommended settings), and then analysed dump-files with the same reference to rdpwd.sys.
- Fixed the Memory Resource Reservation in vSphere to the full 8Gb for all these RDS Servers (so that the memory is not shared at all).
- Ran MEMTEST on a VM Guest with the full 8Gb RAM, on a couple of the ESX Hosts.
- Changed the VMTools Video Driver to the SVGA II driver from the Standard VGA Driver.
- Ran a full AV Scan (using SEP).
- Isolated the Printer Drivers using the Printer Management MMC.
- Ran sfc /scannow of all RDS Servers and rebooted.
The mini-dump file mentioned above is here:https://skydrive.live.com/redir.aspx?cid=48f471f287af2349&resid=48F471F287AF2349!105&parid=48F471F287AF2349!103
I hope someone can help, as what hair I have left (from pulling it out) is turning grey!
Andy
Client PC is a Windows 7 Professional laptop, the staff member is trying to connect to their work computer (Windows 7 Enterprise) through Remote Desktop and the VPN server. When they try, Remote Desktop reports back that it cannot find the machine.
If we enter the IP address, it works perfectly, so we know the ports for RDP are open and not a problem. Open up a command prompt, and we can resolve the name via nslookup, we can ping the system by name, and we can telnet to the system on port 3389 by
name. So all tools that operate through the command prompt seem to have no problems resolving the name of this persons work computer, yet remote desktop still reports back that it can't find it.
Using the unqualified name and the fully qualified name makes no difference.
The source computer is Windows 7 Professional, not part of the domain.
The VPN server is Windows 2003 Server.
The DNS servers are Windows 2008 R2 Server.
The destination computer is Windows 7 Enterprise, part of the domain.
Hi,
I have tried to analyze minidump with the windbg tool, but the result shows inconclusive. I have pasted the results of windbg below here
C:\Program Files\Windows Kits\8.0\Debuggers\x86>kd.exe -y srv*c:\symbols*http://The OpsMgr Connector could not connect to x.x.com:5723. The error code is 10060L(A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
). Please verify there is network connectivity, the server is running and has registered it's listening port, and there are no firewalls blocking traffic to the destination.
Quick background, this is a Hyper-V host, my knowledge of the network is very limited. They have very little documentation for any of the things they have, so please bare with me.
The correct ports are open on WinFirewall/AS, I believe at one point they had a VSCE server, but it is no longer there. Can I remove the agent from the host and solve this problem that way?
Hi every one,
Please tell me about medals like gold medal, bronze medal. How to get points?
!-! /-\ /\/\ E E S /-\ !-! /\/\ E !) K !-! /-\ /\/