Hi,I have been pulling my hair out with this one. Hope someone can guide me in the right direction to resolve this issue. Will give as much info as I can.I have 2 DC on the network. Both run Windows Server 2003 Standard. Server 1 acts as the Primary DC, Global Catelog and WSUS server. It also provides DHCP to the clients. Server 2 is the Alternate DC and Email Server. Both Servers have AD running and replicating. Both were working fine and the network was in stable condition for over 4 months.As of today, Server 2 is working fine without any issues. Around a month back, Server 1 has started to display a strange behaviour. Every 34 hours, the AD, DHCP and WSUS screens on the console can no longer be accessed. The network shares on the server can be accessed, the server continues to hand out IP addresses to the clients via DHCP, even the SQL server database can be accessed by the clients via a front end module. But access to AD, DHCP and WSUS screens from the console is no longer possible. I suspected it to be related to DNS. But restarting the DNS server service has no effect on the server. If I do a complete reboot of the server, then things start working once again for 34 hours before the problem resurfaces. This happens every 34 hours, not 1 hour before not 1 hour later.I get the following errors on the console:1) While trying to open AD:Naming Information cannot be located for the following reason: The server is not operation.2) While trying to open DHCP:Not enough storage space is avaliable to complete this operation.3) While trying to open WSUS:Error : Connection Error I have tried the following when the server is not functioning properly:1) Ping to the server returns the correct data.2) Nslookup returns the correct data.3) Stopped Wsus server. No effect. Error continues to appear every 34 hours.4) Serched high and low for a solution on various forums with no success.Could anyone suggest what I can do to bring this server back into normal operation? Is it something to do with Windows Update? Is there a hotfix avaliable? Thanks,Cecil

Are you sure its restarting for every 34hours, can you please see the task scheduled from the control panal and see if it helps.http://technetfaqs.wordpress.com

Hi Syed,The server does not auto restart every 34 hours. I am forced to manually restart the server after a duration of 34 hours because certain functionality such as AD, DHCP, WSUS no longer can be controlled from the console, although they work fine on the network and respond to all client PC requests. It's only after I do the manual reboot that I get control over these services for the next 34 hours before the problem arises again. There is nothing in the task scheduler.

Can you please disable the Antivirus and monitor the server for some time ??http://technetfaqs.wordpress.com

Hi Araujo,Your server seems to be having a hang problem, there might be multiple reasons for this to happen and we would required to perform phase wise troublehsooting to eliminate the possible components involved in the problem. For hang issues there would be nothing registered in the event viewer unless there is an exception thrown by some of the appln's . Please have a thorough AV scan done on the server to eliminate virus possibilities. Second - can you disable 3rd party applications using msconfig utility and check if the issue occurs.Third -- if the above did not resolve you could restart the server in safe mode with networking and monitor for 34 hours ( in safe mode none of the 3rd party services would be loaded ) Fourth -- if the above methods did not help us to identify the RC , then we would need to take appropriate hang / memory dump when the issue occurs and analyze them accordingly.

I have tried all the above suggestions, but I have still not been able to resolve the issue. Here's a list of what I have tried so far:1) Ran a complete anti-virus test on the server, no virues found. Server still hangs. 2) Turned off anti-virus. No effect. Server still hangs.3) Disabled all 3ed party software using msconfig. No effect. Server still hangs.4) Changed the primary DNS server in the TCP/IP settings to the another DNS server on the network. No effect. Server still hangs.5) Stop / Start DNS when server is in partial 'hung' mode. No effect6) Monitored Event viewer. No noticable errors.7) Monitored task manager. No noticable difference in activity during normal and partial hang.8) Ping and NSLookup works perfectly even when server is in partial 'hung' mode.Just to repeat my problem: I have a domain controller which works fine for 34 odd hours. After 34 odd hours, many of the mmc's on the server such as active directory, dhcp, msus, sql server, etc. start to throw up errors when you try to access them on the console / desktop. All the services (active directory, dhcp, msus, sql server, etc) continue to function and serve clients on the network, it's just that they cannot be access from their respective mmc's on the console / desktop. I get random errors such as a) The directory schema is not accesible because: An invalid directory pathname was passed or b) Naming information cannot be located for the following reason : the server is not operatinal or c) Data from active directory users and computers ('server-name') is not available from domain controller 'sever-name' because the server is not operational. As I said, all the services on the server are working fine and the clients on the network are not even aware of the problem. Restarting the server resolves the mmc access problem on the console, but only for the next 34 odd hours.Any suggestions to resolve this issue???

Just wanted to give you'll an update.In task manager, I noticed that Sql Server was using up a lot of memory (almost 1 GB). Stopped SQL Server and tried to open the active directory users and computers mmc. No effect, still getting the errors. Restarted SQL Server and this time, it consumed a lot less memory (around 300 MB). Tried opening the active directory users and computers mmc . Still no effect. Logged off and logged in to the windows server. Tried opening the active directory users and computers mmc and this time it opened. I am not sure why this worked but I think it has got something to do with memory utilisation. When I logged off and logged on again, I was no longer getting the "out of storage space" or "server is not operational" errors. Looks like some application is causing problems with the memory and logging off causes that application to stop and restart once I login again. Will investigate further and let you'll know if I come up with anything.

this has the ringing of a token size issue. you can run poolmon /iToke to see if it is a server side issue or tokensz (http://www.microsoft.com/downloads/details.aspx?FamilyID=4a303fa5-cf20-43fb-9483-0f0b0dae265c&DisplayLang=en) to see if it is an issue with your account. you can often get a good idea just by looking at the number of groups that you are in. if you'd like, post the output of whoami /groups. if by chance it is a token size issue, there is a good whitepaper on resolving it: http://www.microsoft.com/downloads/details.aspx?FamilyID=22dd9251-0781-42e6-9346-89d577a3e74a&DisplayLang=en. thx. /richhttp://cbfive.com/blog

adding to Syed Khairuddin update & run a full system scan...check for all critical/sec updates installed properly. and considering the last reboot...check the system and application log throughly for that time...does it give any vibe? post any unusual event msg as you find..

Hi, i am having THE EXACT SAME ISSUE with our windows standard 2003 domain controller - the SQLMANGR.EXE service doesn't seem to be taking much memory (5,540k) althougha few weeks ago when we where having the same issue i logged out and back in again and it seemed to work again for 15 mins but then when down againI don't know what to do with the token data, but when i type whoami /groups i get the following info :C:\Program Files\Support Tools>whoami /groups GROUP INFORMATION----------------- Group Name Type SID Attributes ========================================== ================ ============================================ ===============================================================ADMIN\Domain Admins Group S-1-5-21-2302879980-82491078-1619987606-512 Mandatory group, Enabled by default, Enabled group Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group BUILTIN\Account Operators Alias S-1-5-32-548 Mandatory group, Enabled by default, Enabled group BUILTIN\Administrators Alias S-1-5-32-544 Mandatory group, Enabled by default, Enabled group, Group ownerBUILTIN\Backup Operators Alias S-1-5-32-551 Mandatory group, Enabled by default, Enabled group BUILTIN\Distributed COM Users Alias S-1-5-32-562 Mandatory group, Enabled by default, Enabled group BUILTIN\Incoming Forest Trust Builders Alias S-1-5-32-557 Mandatory group, Enabled by default, Enabled group BUILTIN\Network Configuration Operators Alias S-1-5-32-556 Mandatory group, Enabled by default, Enabled group BUILTIN\Performance Log Users Alias S-1-5-32-559 Mandatory group, Enabled by default, Enabled group BUILTIN\Performance Monitor Users Alias S-1-5-32-558 Mandatory group, Enabled by default, Enabled group BUILTIN\Pre-Windows 2000 Compatible Access Alias S-1-5-32-554 Mandatory group, Enabled by default, Enabled group BUILTIN\Print Operators Alias S-1-5-32-550 Mandatory group, Enabled by default, Enabled group BUILTIN\Replicator Alias S-1-5-32-552 Mandatory group, Enabled by default, Enabled group BUILTIN\Server Operators Alias S-1-5-32-549 Mandatory group, Enabled by default, Enabled group BUILTIN\Terminal Server License Servers Alias S-1-5-32-561 Mandatory group, Enabled by default, Enabled group BUILTIN\Windows Authorization Access Group Alias S-1-5-32-560 Mandatory group, Enabled by default, Enabled group BUILTIN\Remote Desktop Users Alias S-1-5-32-555 Mandatory group, Enabled by default, Enabled group BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group NT AUTHORITY\REMOTE INTERACTIVE LOGON Well-known group S-1-5-14 Mandatory group, Enabled by default, Enabled group NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group LOCAL Well-known group S-1-2-0 Mandatory group, Enabled by default, Enabled group ADMIN\Domain Computers Group S-1-5-21-2302879980-82491078-1619987606-515 Mandatory group, Enabled by default, Enabled group ADMIN\Group Policy Creator Owners Group S-1-5-21-2302879980-82491078-1619987606-520 Mandatory group, Enabled by default, Enabled group ADMIN\DnsUpdateProxy Group S-1-5-21-2302879980-82491078-1619987606-1107 Mandatory group, Enabled by default, Enabled group ADMIN\Sophos PureMessage Administrators Group S-1-5-21-2302879980-82491078-1619987606-3221 Mandatory group, Enabled by default, Enabled group ADMIN\Enterprise Admins Group S-1-5-21-2302879980-82491078-1619987606-519 Mandatory group, Enabled by default, Enabled group ADMIN\Schema Admins Group S-1-5-21-2302879980-82491078-1619987606-518 Mandatory group, Enabled by default, Enabled group ADMIN\Session Directory Computers Alias S-1-5-21-2302879980-82491078-1619987606-1513 Mandatory group, Enabled by default, Enabled group ADMIN\RAS and IAS Servers Alias S-1-5-21-2302879980-82491078-1619987606-553 Mandatory group, Enabled by default, Enabled group, Local GroupADMIN\HelpServicesGroup Alias S-1-5-21-2302879980-82491078-1619987606-1000 Mandatory group, Enabled by default, Enabled group, Local GroupADMIN\DHCP Users Alias S-1-5-21-2302879980-82491078-1619987606-1003 Mandatory group, Enabled by default, Enabled group, Local GroupADMIN\OWS_2340676300_admin Alias S-1-5-21-2302879980-82491078-1619987606-1112 Mandatory group, Enabled by default, Enabled group, Local GroupADMIN\WINS Users Alias S-1-5-21-2302879980-82491078-1619987606-1108 Mandatory group, Enabled by default, Enabled group, Local GroupADMIN\Sophos DB Users Alias S-1-5-21-2302879980-82491078-1619987606-3182 Mandatory group, Enabled by default, Enabled group, Local GroupADMIN\DnsAdmins Alias S-1-5-21-2302879980-82491078-1619987606-1106 Mandatory group, Enabled by default, Enabled group, Local GroupADMIN\Cert Publishers Alias S-1-5-21-2302879980-82491078-1619987606-517 Mandatory group, Enabled by default, Enabled group, Local GroupADMIN\DHCP Administrators Alias S-1-5-21-2302879980-82491078-1619987606-1004 Mandatory group, Enabled by default, Enabled group, Local GroupADMIN\TelnetClients Alias S-1-5-21-2302879980-82491078-1619987606-1002 Mandatory group, Enabled by default, Enabled group, Local GroupADMIN\SophosAdministrator Alias S-1-5-21-2302879980-82491078-1619987606-3186 Mandatory group, Enabled by default, Enabled group, Local GroupADMIN\IIS_WPG Alias S-1-5-21-2302879980-82491078-1619987606-1111 Mandatory group, Enabled by default, Enabled group, Local GroupADMIN\Sophos DB Admins Alias S-1-5-21-2302879980-82491078-1619987606-3181 Mandatory group, Enabled by default, Enabled group, Local GroupADMIN\Debugger Users Alias S-1-5-21-2302879980-82491078-1619987606-1489 Mandatory group, Enabled by default, Enabled group, Local GroupADMIN\Sophos Console Administrators Alias S-1-5-21-2302879980-82491078-1619987606-3180 Mandatory group, Enabled by default, Enabled group, Local Group I have done all what C Araujo did and cannot find anything unusual, please can someone help??

Hi, Please understand that it is difficult to predict which process --> thread is causing the problem without analyzing the dumps, For critical hang issues, we recommend to contact Microsoft Support to get best brains to work on the dump anlaysis. Yes with out approaching microsoft you can resolve the issue but you need to be exceptional in assembly level debugging. Second-- after debugging for 3 days , you found out that module belongs to Microsoft, then you need to contact microsoft if there are no updates on that dll / module.

Hi All, A quick check , can you please check if there are new services added to SCM / services.msc ? try to locate the services which are unknown and have different / wierd descriptions.

Hi, I have similar problem which I have posted here. http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/30c21b1c-13be-4d89-937c-ae81d34233b3/#b35d4d68-179f-4dad-bd4d-0a7b79b8000b Some of my servers have weird services which I am sure are related to virus/malware. These services cannot be disabled, and their registry values cannot be deleted or edited (even in safe mode). All of these "new services" have different names and descriptions but are executing the same thing: Path to executable: C:\WINDOWS\system32\svchost.exe -k netsvcs However, the service never starts, instead it just states "Starting" or "Stopped". But when it is starting, server and network becomes slow.

Hi Fazrul, Thanks for the update