cluberti

Honestly, that's a long time for creds to validate. You might want to consider a network trace to see if the problem machines are all hitting a specific domain controller, or going over a specific WAN link, etc, that could be causing the delay.

The dump file is so large because Vista actually, by default, creates a memory dump of the actual contents of memory rather than XP, which just dumped a call stack and module info (which was almost always completely useless, and required you to configure XP as Vista is by default and have to have the problem happen twice to learn anything... but I digress). As to the bugcheck, it's a STOP 0x50, which means: From the parameters referenced, it looks like a kernel-mode driver tried to write to an invalid memory address location, and that's obviously a no-no. Without looking at the dump file itself in a debugger I can't tell you more, but the initial indication is a driver failure. Since you were doing a virus scan at the time, you would have virus filter drivers and your disk drivers actively in use - I'd start with the virus driver and get an update from the vendor, if one exists.

Well, actually, that isn't quite what it looks like. Usually you only get that bugcheck when a device driver has gone over it's maximum number of outstanding refcounts - however, if that first parameter was 0x00000001, this could be a bad hibernate file issue, a fatal mishandled IRP sent to a device for power status or change, or a thermal power IRP contained the fatal flag (meaning shut down now, the heat's too high inside ). I'd still say it's possible you've got a bad driver for that video card, or the hardware itself is bad.

Themes and Sounds?

Search before posting.

Sounds more like an issue with the quorum drive and cluster DB if shutting down and restarting nodes in this manner "fixes" the issue.

Gotta agree with Mr Snrub, this looks like a disk error: c000000e = STATUS_NO_SUCH_DEVICE

There's the Technet article/guide, and then there's the Exchange team blog on the subject as well. Great pieces of information to get you going.

You can indeed do this, but this then requires a split DNS structure - one for external clients, and one for internal clients. You could disable the DNS update for the web server box, but that's a temporary quick-fix. You need to investigate setting up a split DNS.

The error means the virtual disk service is not able to speak properly to the drivers for your disks (and perhaps USB or firewire devices, if any are attached). The disks themselves are almost always just fine, but the Virtual Disk Service itself is broken. I've never found a good way of fixing this short of a repair installation, though.

It'd be useful to see a process monitor log of the lag, so it can be seen what's happening on disk and in the registry when the problem occurs.

And beta 1 is a dev beta - the rendering engine is what is being tested in beta 1. A lot of other things should be addressed later in the betas, but beta 1 is definitely not for use as an everyday browser .

Hmmm - looks like spooler crashing, not stopping (access violation on a readfile usually means you've got a printer driver or processor/monitor trying to do something that's not allowed, and honestly, this isn't that uncommon). Would you be able to download / install userdump 8.1 onto that box, and create a rule for spoolsv.exe and get a dump of it crashing? Userdump 8.1 download Just install it, open the Process Dumper control panel icon and create a new rule for spoolsv.exe and take all the defaults. The next time the spooler crashes after that, you should get a userdump .dmp file in the default location (you can see where it puts it in the rule properties).

Yes, I do mean I am suspicious the Symantec driver was causing the bugchecks, but definitely test your RAM to make sure it's OK. Usually when someone gets the same bugcheck code over and over, it isn't RAM, but in your case with the codes being all over the place, it's always good to run a memory test just to be safe. Not sure why, but it could be video BIOS/RAM shadowing in the BIOS, which you may be able to disable. Otherwise, no.

According to that error, the error you got was "OBJECT_NAME_NOT_FOUND". What this means is that there is really two possible reasons for this - either a file on disk is missing or corrupted, or you have a bad device driver. Since this is Session3, it's probably smss.exe or one of the files it calls if we have corruption, and if it's a driver, that's nigh impossible to troubleshoot if you can't boot. It can also be caused if Windows is trying to load a driver during setup for your hardware, but the hardware isn't working properly - this is really rare, but it can be that too.When during the install do you see this error?

You might want to read this, so you know what a client access license is, and when/why you need one.

Actually, I see a FreePoolWithTag failure in kernel (minidump, can't tell which tag), a MiDeleteAddressesInWorkingSet failure in usermode, a win32k bLockHobj handle lock failure (eip points to an invalid address), 2 ExAllocatePoolWithTag failures in kernel after a call-in from win32k (eax is invalid in both), a SystemFatalException doing a ParseDevice function in drvinst.exe, and a trap on a TimerCallback into NDIS (network). One thing in common amongst all of these? They've got srtsp.sys loaded on, or just off, the stack, which is the Symantec Endpoint protection product driver. I'd say test the RAM to make sure that it's OK, because these are all over the place, but I'm also very suspicious that the Symantec product isn't causing it - VERY suspicious.

That sounds like the network driver itself is misbehaving. I'd consider removing the driver completely and reinstalling with the latest certified version, if possible.

Follow the article here, and then follow the section entitled "Memory dump from an application/process that is HANGING (not crashing)".

I'm moving this to the proper forum, as this does appear to be potentially malicious (I can't think of a valid app that would have been designed to act this way, but I've been wrong in the past - shoddy programmers do exist ).

Actually... I would consider using something like MBSA to scan for missing Office updates, and update it that way. I know of no HTML front-end for this (there may be, but it won't be from MS).

It may, but I'm not sure about that. There are some limitations to the system builder program, including having to be a system builder yourself, or buying a machine that an actual OEM system builder installed the OEM software on. This is one of those grey areas where you buy a system builder OEM copy, from the system builder, but he/she sells you the OEM software and doesn't actually install it on hardware. I suppose if one was to sign up for the OEM system builder program...

It's odd, and it's been years since I've seen this (not since W2K ghost images) - I don't remember what caused it anymore, but I logged in, ran secedit to refresh back to defaults, and re-applied group policy (and my autologin .reg file) and the problem went away (again, IIRC).

How did you go about remapping C on 2003, may I ask?

You have a service, or an app running as one, that is trying to pop-up a window from the SYSTEM (session 0) desktop to your logged-on session. By default, this is NOT allowed anymore - it worked in XP/2003/downlevel OSes because in those OSes, you logged into session 0, but not so anymore in Vista / Server 2008. The fact that it's ieframe.dll in IE trying to do it indicates some app or service running under system is suspicious (most apps use their own windows under their own apps to display windows, so some app using IE is definitely at least suspicious). I'd run autoruns to disable all non-Microsoft items, and perhaps shellexview to disable all non-Microsoft shell extensions, and msconfig to disable non-Microsoft services and see if the problem goes away.