John3 Posted March 2, 2006 Share Posted March 2, 2006 (edited) We use Windows NT4+SP6a server . sorry only Windows NT4 SP6but this server sometimes hungup. We are investigating now,but we can't get the reason of hungup.I suspect Virus.but I don't have evidence. In this case, How do we investigate this problem? Any tools ? Pls advise me!! Edited March 3, 2006 by John3 Link to comment Share on other sites More sharing options...
cluberti Posted March 2, 2006 Share Posted March 2, 2006 Perfmon, poolmon, and configuring the server to do a keyboard-initiated dump the next time the server hangs up would be your best options (actually all three at the same time should be sufficient to diagnose the problem).1. Configure perfmon using the perfwiz.exe utility available from Microsoft:http://www.microsoft.com/downloads/details...&DisplayLang=en2. Use the poolmon utility to gather kernel pool tagging data:http://support.microsoft.com/?scid=http%3a...7415%2fen-us%2f3. Configure the server to do a complete memory dump, and enable the CTRL+Scroll Lock manual bugcheck option:http://support.microsoft.com/kb/244139/4. Reboot your servers after making changes in steps 1 - 3 on both, and the next time the issue occurs, hold down the RIGHT CTRL key, and while holding the key down, press the Scroll Lock key twice. The server will bugcheck with a STOP 0x000000E2 code, and create a complete memory dump.Once you've completed steps 1 - 4 on the server, let us know and we can go through the perfmon, poolmon, and memory dump data to tell you why your server is hanging. Link to comment Share on other sites More sharing options...
John3 Posted March 2, 2006 Author Share Posted March 2, 2006 (edited) Thnks very much, I'll try it.but How do I send memory dump to you ?And I have a question.Windows NT4 support step3 ? Can we issue memory dump using step3 ? Edited March 2, 2006 by John3 Link to comment Share on other sites More sharing options...
cluberti Posted March 2, 2006 Share Posted March 2, 2006 Yes, it supports the method listed in the KB article in step 3 - if you look at the products affected in the KB article, NT4 SP6 is listed.As to the dump, you'll have to PM me and I'll give you a location where to upload via ftp. Link to comment Share on other sites More sharing options...
John3 Posted March 3, 2006 Author Share Posted March 3, 2006 (edited) Thanks for your kind support.I check KKB244139. but I can't find the description about Windows NT4.see below. applies to platform as for KB244139.・ Microsoft Windows Server 2003, Datacenter Edition (32-bit x86) • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86) • Microsoft Windows Server 2003, Standard Edition (32-bit x86) • Microsoft Windows Server 2003, Web Edition • Microsoft Windows XP Professional • Microsoft Windows 2000 Server • Microsoft Windows 2000 Advanced Server • Microsoft Windows 2000 Professional Edition • Microsoft Windows 2000 Datacenter Server • Microsoft Windows Small Business Server 2003 Premium Edition • Microsoft Windows Small Business Server 2003 Standard EditionAnyway I try to run step1 and step3. As for step2, I have no workload to do this.I can't moniter poolmon at 15 minutes interval. Edited March 3, 2006 by John3 Link to comment Share on other sites More sharing options...
cluberti Posted March 3, 2006 Share Posted March 3, 2006 Sorry - I've been looking at internal documents, and I noticed that the article did indeed not specifically include NT4 (I believe it used to - it's been awhile ). Since it's probably the same issue on the Windows 2000 server as on the NT4 server it may not be necessary to get a dump, but if you'd like I _am_ certain that this will work for NT4 (note that it requires a null-modem cable and a second server or PC, but it'll work):http://support.microsoft.com/default.aspx?...kb;en-us;303021 Link to comment Share on other sites More sharing options...
John3 Posted March 3, 2006 Author Share Posted March 3, 2006 Thnks for your kind support.While I diagnotise this problem, I know that NT4 server only issue this problem.And anyway I will try step3 to get a memory dump. If I can't, I will try KB303021 Link to comment Share on other sites More sharing options...
John3 Posted March 6, 2006 Author Share Posted March 6, 2006 (edited) I try above step3 for get a dump, but I can't get a dump because of kernel error.I will try KB303021... Edited March 7, 2006 by John3 Link to comment Share on other sites More sharing options...
cluberti Posted March 11, 2006 Share Posted March 11, 2006 (edited) This data is incredibly hard for me to parse, and it's not what I was expecting. On one of the Windows 2000 Servers that is experiencing this issue, please do the following - do not modify these instructions. Failure to follow them properly will result in more data I can not help you with:1. I need you to download the poolmon2vbs.zip file from the FTP site, and extract it to C:\POOLMON.- Double click C:\POOLMON\EnableRightCtrlScrollScroll.reg- Verify that "Write Debugging Information" is currently set for a "Complete Memory Dump", under Control Panel, System, System Properties, Advanced tab, Startup and Recovery.- Double click C:\POOLMON\EnablePoolTagging.cmd2. I need you to configure the machine to gather a COMPLETE memory dump the next time the server hangs.- Right-Click My Computer and select Properties. Go to the Advanced TAB and click Performance Options. Click Change under Virtual Memory. Set the page file on the partition where the OS is installed to be equal to Physical RAM + 50 MB.- Create or modify the following registry value:Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\ParametersValue: CrashOnCtrlScrollType: REG_DWORDData: 1Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControlValue: CrashDumpEnabledType: REG_DWORDData: 1*** REBOOT ***3. Start gathering the poolmon data:- Double click C:\POOLMON\LogPool.CMD, and press any key when prompted to start poolmon data gathering.- DO NOT CLOSE THE COMMAND PROMPT OR LOG OFF - THIS WILL STOP THE DATA GATHERING.4. I then need you to download the perfwiz.exe file located here:http://www.microsoft.com/downloads/details...&displaylang=en- Double click on PerfWiz.exe and click "Next"- For "Monitoring Computer:" enter the machine name that you are monitoring from, and click "Next"- Select "Create New Log" and click "Next"- Choose the "Standard Perfmon log" radio button and click "Next"- For the "Target Computer" enter the machine name again- For the "Log Name:", please name it using the name of the computer being monitored. Set "Log file size" to 250MB, then click "Next"- Under "What is the average elapsed time for the issue to occur?" set the "Average Time to issue" to 1 hour and click "Next".- click "Start" button on the "Start, Stop or Delete Performance Log" window then click "Next", then "Finish".5. The next time the server hangs, please hold down the right-hand CTRL key, then press the SCROLL LOCK key twice. This will cause the server to bugcheck and restart.6. When the server reboots, please zip up the C:\POOLMON directory, the C:\PerfLogs directory, and the C:\WINNT\memory.dmp file. Upload all three .zip files to the FTP site, then let me know when this is complete.If you have any questions regarding these steps, please let me know. Edited March 11, 2006 by cluberti Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now