Server Crashes every weekend

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello,

Hope someone can help. For the last 3 weekends my windows server has
crashed useally late Sat night or early Sun Morning. I would find DNS errors
indicating Active directory was crashed, this Monday I was able to login and
sure enough active diectory was down, I could not reconnect it to server. I
needed to reboot, it then crashed 3 more times after 1 hour; all errors
indicating Active directory was down. I could not log back in and needed to
do power off restart. After the last reboot just like the previous week
everything is fine. There are no backups or utilities running on weekends
and my other server is fine other then a few errors caused by the other
server crashing.
 
Hi Artie,

Pls post the details of the error/crash such as event log info. Otherwise it
would be difficult to help.

br,
Denis
 
Hi Dennis

Here are the first log events when system crashed from System and DNS the
other logs showed no problem up to that point logs were clean.

System log:
Event Type: Error
Event Source: LsaSrv
Event Category: Devices
Event ID: 5000
Date: 6/25/2005
Time: 11:02:07 PM
User: N/A
Computer: SERVER
Description:
The security package Negotiate generated an exception. The package is now
disabled. The exception information is the data.
Data:
0000: 05 00 00 c0 00 00 00 00 ...À....
0008: 00 00 00 00 a9 95 f8 77 ....©•øw
0010: 02 00 00 00 00 00 00 00 ........
0018: e3 06 90 90 3f 00 01 00 ã.ÂÂ?...
0020: 00 00 00 00 00 00 00 00 ........
0028: 00 00 00 00 00 00 00 00 ........
0030: 00 00 00 00 00 00 00 00 ........
0038: 7f 02 ff ff 20 00 ff ff .ÿÿ .ÿÿ
0040: ff ff ff ff 93 1c 18 70 ÿÿÿÿ“..p
0048: 1b 00 d9 06 d8 3a 17 70 ..Ù.Ø:.p


Event Type: Warning
Event Source: MRxSmb
Event Category: None
Event ID: 3034
Date: 6/25/2005
Time: 11:11:31 PM
User: N/A
Computer: SERVER
Description:
The redirector was unable to initialize security context or query context
attributes.
Data:
0000: 00 00 08 00 02 00 56 00 ......V.
0008: 00 00 00 00 da 0b 00 80 ....Ú..€
0010: 00 00 00 00 fe 00 00 c0 ....þ..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 7d 04 00 00 fe 00 00 c0 }...þ..À


Event Type: Warning
Event Source: BROWSER
Event Category: None
Event ID: 8021
Date: 6/25/2005
Time: 11:11:31 PM
User: N/A
Computer: SERVER
Description:
The browser was unable to retrieve a list of servers from the browser master
\\SERVER2000 on the network
\Device\NetBT_Tcpip_{39EAF80C-E9BF-413E-93E0-909DF2BADA9E}. The data is the
error code.
Data:
0000: 54 05 00 00 T...


Event Type: Error
Event Source: BROWSER
Event Category: None
Event ID: 8032
Date: 6/25/2005
Time: 11:13:31 PM
User: N/A
Computer: SERVER
Description:
The browser service has failed to retrieve the backup list too many times on
transport \Device\NetBT_Tcpip_{39EAF80C-E9BF-413E-93E0-909DF2BADA9E}. The
backup browser is stopping.
Data:
0000: 54 05 00 00 T...


DNS Log

Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4016
Date: 6/25/2005
Time: 11:11:49 PM
User: N/A
Computer: SERVER
Description:
The DNS server timed out attempting an Active Directory service operation on
DC=RootDNSServers,cn=MicrosoftDNS,cn=System,DC=MHMS-LAW,DC=com. Check Active
Directory to see that it is functioning properly. The event data contains the
error.
Data:
0000: 55 00 00 00 U...

Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4016
Date: 6/25/2005
Time: 11:17:49 PM
User: N/A
Computer: SERVER
Description:
The DNS server timed out attempting an Active Directory service operation on
---. Check Active Directory to see that it is functioning properly. The
event data contains the error.
Data:
0000: 55 00 00 00 U...

Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 3000
Date: 6/25/2005
Time: 11:17:49 PM
User: N/A
Computer: SERVER
Description:
The DNS server is logging numerous run-time events. For information about
these events, see previous DNS Server event log entries. To prevent the DNS
Server from clogging server logs, further logging of this event and other
events with higher Event IDs will now be suppressed.







--
Thank You

Artie Maas


Denis Wong @ Hong Kong said:
Hi Artie,

Pls post the details of the error/crash such as event log info. Otherwise it
would be difficult to help.

br,
Denis
Click to expand...
 
Hi Artie,

You have a more serious problem with your first error. This might be the
cause of your crash. There are a no of KB articles about it.

LsaSrv Event ID 5000 Error Message: The Security Package Negotiate Generated
an Exception
http://support.microsoft.com/?kbid=328948

Your Windows 2000 domain controller stops authenticating users and you see
LsaSrv event 5000 in Event Viewer
http://support.microsoft.com/?kbid=831726

NTLM authentication may stop unexpectedly in Windows 2000
http://support.microsoft.com/?kbid=841037

The Lsass.exe process stops responding or uses 100 percent of the CPU
resources on a Microsoft Windows 2000-based computer
http://support.microsoft.com/?kbid=896179

What is your service pack level of the server? The first KB suggests that
the problem was first corrected in SP4. So if you are not at SP4, you are
recommended to update to SP4. If you are already at SP4, then you better
call MS PSS to ask for a fix according to articles 2,3,4.

br,
Denis

Artie Maas said:
Hi Dennis

Here are the first log events when system crashed from System and DNS the
other logs showed no problem up to that point logs were clean.

System log:
Event Type: Error
Event Source: LsaSrv
Event Category: Devices
Event ID: 5000
Date: 6/25/2005
Time: 11:02:07 PM
User: N/A
Computer: SERVER
Description:
The security package Negotiate generated an exception. The package is now
disabled. The exception information is the data.
Data:
0000: 05 00 00 c0 00 00 00 00 ...À....
0008: 00 00 00 00 a9 95 f8 77 ....©•øw
0010: 02 00 00 00 00 00 00 00 ........
0018: e3 06 90 90 3f 00 01 00 ã.?...
0020: 00 00 00 00 00 00 00 00 ........
0028: 00 00 00 00 00 00 00 00 ........
0030: 00 00 00 00 00 00 00 00 ........
0038: 7f 02 ff ff 20 00 ff ff .ÿÿ .ÿÿ
0040: ff ff ff ff 93 1c 18 70 ÿÿÿÿ“..p
0048: 1b 00 d9 06 d8 3a 17 70 ..Ù.Ø:.p


Event Type: Warning
Event Source: MRxSmb
Event Category: None
Event ID: 3034
Date: 6/25/2005
Time: 11:11:31 PM
User: N/A
Computer: SERVER
Description:
The redirector was unable to initialize security context or query context
attributes.
Data:
0000: 00 00 08 00 02 00 56 00 ......V.
0008: 00 00 00 00 da 0b 00 80 ....Ú..€
0010: 00 00 00 00 fe 00 00 c0 ....þ..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 7d 04 00 00 fe 00 00 c0 }...þ..À


Event Type: Warning
Event Source: BROWSER
Event Category: None
Event ID: 8021
Date: 6/25/2005
Time: 11:11:31 PM
User: N/A
Computer: SERVER
Description:
The browser was unable to retrieve a list of servers from the browser master
\\SERVER2000 on the network
\Device\NetBT_Tcpip_{39EAF80C-E9BF-413E-93E0-909DF2BADA9E}. The data is the
error code.
Data:
0000: 54 05 00 00 T...


Event Type: Error
Event Source: BROWSER
Event Category: None
Event ID: 8032
Date: 6/25/2005
Time: 11:13:31 PM
User: N/A
Computer: SERVER
Description:
The browser service has failed to retrieve the backup list too many times on
transport \Device\NetBT_Tcpip_{39EAF80C-E9BF-413E-93E0-909DF2BADA9E}. The
backup browser is stopping.
Data:
0000: 54 05 00 00 T...


DNS Log

Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4016
Date: 6/25/2005
Time: 11:11:49 PM
User: N/A
Computer: SERVER
Description:
The DNS server timed out attempting an Active Directory service operation on
DC=RootDNSServers,cn=MicrosoftDNS,cn=System,DC=MHMS-LAW,DC=com. Check Active
Directory to see that it is functioning properly. The event data contains the
error.
Data:
0000: 55 00 00 00 U...

Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4016
Date: 6/25/2005
Time: 11:17:49 PM
User: N/A
Computer: SERVER
Description:
The DNS server timed out attempting an Active Directory service operation on
---. Check Active Directory to see that it is functioning properly. The
event data contains the error.
Data:
0000: 55 00 00 00 U...

Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 3000
Date: 6/25/2005
Time: 11:17:49 PM
User: N/A
Computer: SERVER
Description:
The DNS server is logging numerous run-time events. For information about
these events, see previous DNS Server event log entries. To prevent the DNS
Server from clogging server logs, further logging of this event and other
events with higher Event IDs will now be suppressed.
Click to expand...
 
Thanks guys for the feedback.

I will give MS support a call reguarding Event ID 5000 the symptoms sure
seem to match.

I had also looked at event ID 5000 as a possible problem, I did not persue
it because the previous 3 crashes only showed event ID 8021 and 8032 in
system event log multiple times. The only other possibilty I could think of
but have not been able to confirm is that windows runs utilites on Active
Directory on weekends by default, ( I might be rembering a Netware utility)
and that maybe there may be a problem with one of the indexes causing AD to
crash. I was thinking of running integrity check and maybe a softrepair in
AD restore mode.
 
Back
Top