Have you got a copy of one of the dumps I can look at?

Thanks,
Brian Desmond
[email protected]

c - 312.731.3132

From: Craig Gauss [mailto:[email protected]]
Sent: Tuesday, July 07, 2009 1:27 PM
To: NT System Admin Issues
Subject: RE: Weird issue with Domain Controllers

Well no new update on this.  We thought we had it taken care of on Friday but 
it seems to have started back up today.

Friday we removed one troublesome DC from the domain but today we have another 
one doing it.  We have not narrowed it down to anything.  I cant get the one 
that is currently rebooting to stay online long enough to remove AV from it yet.


Craig Gauss,  Technical Supervisor/Security Officer
Riverview Hospital Association
Phone: 715-423-6060 ext. 8572


________________________________
From: Brian Desmond [mailto:[email protected]]
Sent: Monday, July 06, 2009 11:07 AM
To: NT System Admin Issues
Subject: RE: Weird issue with Domain Controllers

  *   0x00000008, or Double Fault, indicates that an exception occurs during a 
call to the handler for a prior exception. Typically, the two exceptions are 
handled serially. However, there are several exceptions that cannot be handled 
serially, and in this situation the processor signals a double fault. There are 
two common causes of a double fault:
     *   A kernel stack overflow. This overflow occurs when a guard page is 
hit, and the kernel tries to push a trap frame. Because there is no stack left, 
a stack overflow results, causing the double fault. If you think this overview 
has occurred, use 
!thread<mk:@MSITStore:C:\debuggers64\debugger.chm::/hh/DebugMS/r29_exts_kernel_q_127b52f2-51ff-49c3-9392-7059a2f5a723.xml.htm>
 to determine the stack limits, and then use kb (Display Stack 
Backtrace)<mk:@MSITStore:C:\debuggers64\debugger.chm::/hh/DebugMS/r17_cmds_i_58e69e42-fcda-4972-9358-60ab7a6e1def.xml.htm>
 with a large parameter (for example, kb 100) to display the full stack.
     *   A hardware problem.


Thanks,
Brian Desmond
[email protected]

c - 312.731.3132

From: Craig Gauss [mailto:[email protected]]
Sent: Monday, July 06, 2009 10:49 AM
To: NT System Admin Issues
Subject: RE: Weird issue with Domain Controllers

Windows Server 2003

The stop errors were all similar to this: 0x00000007f (0x000000008, 0xf7727fe0, 
0x00000000, 0x00000000).  Nothing really helpful.

Servers are a mix of HP DL 140s and DL 380s.

No recent updates


Craig Gauss,  Technical Supervisor/Security Officer
Riverview Hospital Association
Phone: 715-423-6060 ext. 8572


________________________________
From: Maglinger, Paul [mailto:[email protected]]
Sent: Monday, July 06, 2009 10:31 AM
To: NT System Admin Issues
Subject: RE: Weird issue with Domain Controllers
What version is your domain?  What's the stop error?  Are all the servers the 
same hardware?  Any recent updates?

________________________________
From: Craig Gauss [mailto:[email protected]]
Sent: Monday, July 06, 2009 10:24 AM
To: NT System Admin Issues
Subject: RE: Weird issue with Domain Controllers
Kaspersky


Craig Gauss,  Technical Supervisor/Security Officer
Riverview Hospital Association
Phone: 715-423-6060 ext. 8572


________________________________
From: Richard Stovall [mailto:[email protected]]
Sent: Monday, July 06, 2009 10:23 AM
To: NT System Admin Issues
Subject: RE: Weird issue with Domain Controllers
What's your AV solution?
From: Craig Gauss [mailto:[email protected]]
Sent: Monday, July 06, 2009 11:04 AM
To: NT System Admin Issues
Subject: Weird issue with Domain Controllers

Has anyone experienced any strange issues with Domain Controllers lately?

Friday we had every single one of ours randomly reboot with Stop errors 
throughout the day.  We ended up having to remove one and that seemed to have 
calmed down the issues.  Today it seems to have started up again.

I have no idea of where to even start looking.


Craig Gauss,  Technical Supervisor/Security Officer
Riverview Hospital Association





























~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to