Active Directory Servers hang

[RBW]

I have 3 Windows 2000 Active Directory servers on 2
different subnets which all began to mysteriously hang
for no apparent reason. The servers are not the only W2K
servers on the network, but are the only AD servers. The
problem seems to effect only the AD servers, and it
effects all the AD servers on the WAN (3). This problem
often happens at night, when there is little network
activity. We cannot find anything that has changed on
the network, and there were no updates from Microsoft
installed in the time frame. All of our servers run
Symantec Norton AV Corporate Edition (8.1). Any ideas?

 

[David Brandt [MSFT]]

Some questions to help clarify the problem a bit more;
1) How often does this happen, does it always affect all three dc's, and
what might be going on at the time it does, ie backups etc
2) Are you seeing any events or errors in the logs of those machines that
point to a problem.
3) What problems, if any, do you see when you run "dcdiag /v) and netdiag
/v from support tools.
4) Do the machines have to be rebooted in order to fix themselves, or do
they "work through it" on their own after "x" time.
5) You mentioned wan3, so are there other dc's for this domain on other
wans in different sites from the 2 that these 3 dc's are in? Any
replication problems between them.
6) If you leave task mgr running for processes open on the screen so its
already up when this happens, do you see any abnormal cpu or memory usage.
7) You might try also running a different flavor of AV you can get off web
just to be sure. Don't necessarly think that it is a virus problem, and I'm
sure you're running the latest sigunatures, but have customers running one
brand which reports nothing, and when they run another, they find lots of
stuff.
8) "Often times" problems like this are caused by a service or app, and you
might need to also set up a perf mon log and/or take a trace between 2 of
those to see if you're seeing a flood between them.

--
David Brandt
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.

 

[Guest]

1. The problem can occur anywhere from 1x every 1or 2
days to 2 or more times in a day. It affects all three
dc's, but not necessarily at the same time. The only
thing we have seen going on at the time is Norton AV scan
activity on the server files. Backup is done via a
continuous online service (Iron Mountain). The only
things we see in the error logs is the entry placed when
we reboot the server saying that the previous shutdown
was unexpected.

There are 2 sites, connected w/ a point-to-point T1
line. Site 'a' has two dc's and site 'b' has one dc.
These are the only sites. It is a single domain.

I am not familiar with the use of dcdiag or netdiag, so I
will have to look into them. I am taking the suggestion
that we leave task manager open on the desktop.

When the problem occurs, we have to restart the server,
it has never cleared on it's own. I do not see any AD
replication problems or errors to that effect. AD seems
to replicate OK.

 

[David Brandt [MSFT]]

Some people have reported that using AV (any knind) to scan sysvol can cause
abnormal replication traffic as the scans touch and can increment the
contents, which can be substantial in size. If AV is always running when
this happens, and can be considered one of the "constants" for this problem,
see what files/folders it's scanning and try not scaning sysvol if it is.
Dcdiag and netdiag are support tools that can be installed fromt he server
CD (support/tools/setup.exe and are very useful - the typical install will
add about 25 or so utilities)

--
David Brandt
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.

 

[RBW]

I am going to run performance monitor on the machine
before, and during a scan. It seems now that the hanging
is definitly related to our Norton AV scans...when we
initiated a scan on the server, it hung. We will also
try to stop scanning the sysvol, according to the scan
log, this is approximately where the scan is when the
server hangs.

-----Original Message-----
Some people have reported that using AV (any knind) to scan sysvol can cause
abnormal replication traffic as the scans touch and can increment the
contents, which can be substantial in size. If AV is always running when
this happens, and can be considered one of

the "constants" for this problem,