Strange svchost crash

-

i running windows 2008 r2 sp1 64-bit server. , encountering weird error, namely every 1-2 hours svchost crashes following error:

"faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1

faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
exception code: 0xc0000005
fault offset: 0x000000000004e4b4
faulting process id: 0x398
faulting application start time: 0x01cd0089bb8a8f90
faulting application path: c:\windows\system32\svchost.exe
faulting module path: c:\windows\system32\ntdll.dll
report id: 0fe60889-6cf5-11e1-8ee5-001e67257e05"

this crash coensides system account log in (possibly scheduled task, although have not found tasks scheduled run @ these times):

an account logged on.


"subject:
security id: system
account name: "servername"$
account domain: ktmk
logon id: 0x3e7


logon type: 5


new logon:
security id: system
account name: system
account domain: nt authority
logon id: 0x3e7
logon guid: {00000000-0000-0000-0000-000000000000}


process information:
process id: 0x214
process name: c:\windows\system32\services.exe


network information:
workstation name:
source network address: -
source port: -


detailed authentication information:
logon process: advapi  
authentication package: negotiate
transited services: -
package name (ntlm only): -
key length: 0"

after svchost crash following services crash:

application experience service
bits
certificate propagation service
group police client
ike , authip ipsec keying modules service
ip helper service
multimedia class scheduler service
user profile service service
task scheduler service
system event notification service service
remote desktop configuration service
themes service
windows management instrumentation service
windows update service

and after wmi reports error id 10:

"event filter query "select * __instancemodificationevent within 60 targetinstance isa "win32_processor" , targetinstance.loadpercentage > 99" not reactivated in namespace "//./root/cimv2" because of error 0x80041003. events cannot delivered through filter until problem corrected."

the strange thing 1 system of 2 same (hardware , software wise) , 1 of these running perfectly, other getting errors.

i appreciate advice.


hello,


it’s hard determine service causing problem. mrx suggested, apply update , check result. suggest update anti-virus , perform full disk scan. run sfc tool , install latest system update readiness tool. start server in clean boot to bypass third-party software , services. if still no luck, consider in-place upgrade. in-place upgrade reinstall system while keep programs , data intact.


thanks
zhang



Windows Server  >  Windows Server General Forum



Comments

Post a Comment

Popular posts from this blog

DCOM received error "2147746132" from...

-
hi everybody, i have dc (my windows essentials 2012 server) , windows 2012 server in network.  the windows server 2012 inside domain. on server, got "non stopping" error says in event logs : ===> dcom received error "2147746132" fromd computer xxxx(my dc computer) while server trying activation : {6df8cb71-153b-4c66-8fc4-e59301b8011b} it never stops, got 11000+ new events :s i found : http://support.microsoft.com/kb/971153/fr i'm not sure should ? does got idea ? matthieu. hi, please try solution mentioned in below link: http://www.eventid.net/display-eventid-10006-source-dcom-eventno-272-phase-1.htm regards, cicely Windows Server  >  Windows Server 2012 General ...
Read more

ADFS 3.0 Event ID 4625 | An Error occurred During Logon | Status: 0xC000035B

-
we're getting these random errors on our adfs security logs, how can track down generating them? an account failed log on. subject: security id: null sid account name: - account domain: - logon id: 0x0 logon type: 3 account logon failed: security id: null sid account name: account domain: failure information: failure reason: an error occured during logon. status: 0xc000035b sub status: 0x0 process information: caller process id: 0x0 caller process name: - network information: workstation name: - source network address: - source port: - detailed authentication information: logon process: kerberos authentication package: kerberos transited services: - package name (ntlm only): - key length: 0 event generated when logon request fails. generated on computer access attempted. subject fields indicate account on local system requested logon. commonly service such server service, or local process such ...
Read more

DFSR RPC replication errors 5014 1726 with large files over VPN

-
i have similar issue ryan in reply http://social.technet.microsoft.com/forums/en-gb/winserverfiles/thread/6d49fd71-2236-4fcb-9763-bf1c03459ee8 cited below. start additional thread here because other 1 related windows server 2003 (r2) , i'm (as ryan) on windows 2008 r2 x64. here first of post ryan: i've got same problem on 2008 r2 dfsr server.  the spoke server has 2x intel 1 gigb on-board nics in active/standby teamed configuration. the hub server (running on vmware using 10gbit vmnet3 nic driver) logs dfsr event 5014 every 2-15mins (usually around 5mins). the spoke server not log event. replication running slowly. initial sync/replication. had re-configure replication folder because of lost dfsr database on spoke server.  could teamed nic on spoke causing error on host? a note: last time did initial sync on folder processed @ 30k files , hour. time it's doing few hundred and hour. another note: hub server has several replication groups , conne...
Read more