Have you got a copy of one of the dumps I can look at? Thanks, Brian Desmond [email protected]
c - 312.731.3132 From: Craig Gauss [mailto:[email protected]] Sent: Tuesday, July 07, 2009 1:27 PM To: NT System Admin Issues Subject: RE: Weird issue with Domain Controllers Well no new update on this. We thought we had it taken care of on Friday but it seems to have started back up today. Friday we removed one troublesome DC from the domain but today we have another one doing it. We have not narrowed it down to anything. I cant get the one that is currently rebooting to stay online long enough to remove AV from it yet. Craig Gauss, Technical Supervisor/Security Officer Riverview Hospital Association Phone: 715-423-6060 ext. 8572 ________________________________ From: Brian Desmond [mailto:[email protected]] Sent: Monday, July 06, 2009 11:07 AM To: NT System Admin Issues Subject: RE: Weird issue with Domain Controllers * 0x00000008, or Double Fault, indicates that an exception occurs during a call to the handler for a prior exception. Typically, the two exceptions are handled serially. However, there are several exceptions that cannot be handled serially, and in this situation the processor signals a double fault. There are two common causes of a double fault: * A kernel stack overflow. This overflow occurs when a guard page is hit, and the kernel tries to push a trap frame. Because there is no stack left, a stack overflow results, causing the double fault. If you think this overview has occurred, use !thread<mk:@MSITStore:C:\debuggers64\debugger.chm::/hh/DebugMS/r29_exts_kernel_q_127b52f2-51ff-49c3-9392-7059a2f5a723.xml.htm> to determine the stack limits, and then use kb (Display Stack Backtrace)<mk:@MSITStore:C:\debuggers64\debugger.chm::/hh/DebugMS/r17_cmds_i_58e69e42-fcda-4972-9358-60ab7a6e1def.xml.htm> with a large parameter (for example, kb 100) to display the full stack. * A hardware problem. Thanks, Brian Desmond [email protected] c - 312.731.3132 From: Craig Gauss [mailto:[email protected]] Sent: Monday, July 06, 2009 10:49 AM To: NT System Admin Issues Subject: RE: Weird issue with Domain Controllers Windows Server 2003 The stop errors were all similar to this: 0x00000007f (0x000000008, 0xf7727fe0, 0x00000000, 0x00000000). Nothing really helpful. Servers are a mix of HP DL 140s and DL 380s. No recent updates Craig Gauss, Technical Supervisor/Security Officer Riverview Hospital Association Phone: 715-423-6060 ext. 8572 ________________________________ From: Maglinger, Paul [mailto:[email protected]] Sent: Monday, July 06, 2009 10:31 AM To: NT System Admin Issues Subject: RE: Weird issue with Domain Controllers What version is your domain? What's the stop error? Are all the servers the same hardware? Any recent updates? ________________________________ From: Craig Gauss [mailto:[email protected]] Sent: Monday, July 06, 2009 10:24 AM To: NT System Admin Issues Subject: RE: Weird issue with Domain Controllers Kaspersky Craig Gauss, Technical Supervisor/Security Officer Riverview Hospital Association Phone: 715-423-6060 ext. 8572 ________________________________ From: Richard Stovall [mailto:[email protected]] Sent: Monday, July 06, 2009 10:23 AM To: NT System Admin Issues Subject: RE: Weird issue with Domain Controllers What's your AV solution? From: Craig Gauss [mailto:[email protected]] Sent: Monday, July 06, 2009 11:04 AM To: NT System Admin Issues Subject: Weird issue with Domain Controllers Has anyone experienced any strange issues with Domain Controllers lately? Friday we had every single one of ours randomly reboot with Stop errors throughout the day. We ended up having to remove one and that seemed to have calmed down the issues. Today it seems to have started up again. I have no idea of where to even start looking. Craig Gauss, Technical Supervisor/Security Officer Riverview Hospital Association ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
