Results 1 to 3 of 3

Thread: Windows 2000 adv. crash - Help with application logs please!

  1. #1
    Junior Member
    Join Date
    Feb 2005
    Posts
    2

    Windows 2000 adv. crash - Help with application logs please!

    Hi there,
    I'm running a windows 2000 advanced server webserver; this afternoon it crashed, remaining unreachable over the internet (couldn't even ping it) until I got my host to reboot.

    I'm at a loss as to what might have caused it, as the event logs are showing loads of errors and warnings - I don't know where to start!

    Is there anyone that could have a look at these logs for me, and give me a pointer?

    I've listed both application and system logs here - What you see is the server closing down, and starting up again.

    Many thanks in advance,
    Bluze

    SYSTEM LOG
    --------------------------------------------------------------------------

    Event Type: Error
    Event Source: TermServDevices
    Event Category: None
    Event ID: 1100
    Date: 21/02/2005
    Time: 12:21:52
    User: N/A
    Computer: REMOTE1
    Description:
    Initialization of Notify Failed.
    Data:
    0000: ff ff ff ff 5d 01 00 00 ÿÿÿÿ]...
    --------------------------------------------------------------------------
    Event Type: Error
    Event Source: Removable Storage Service
    Event Category: None
    Event ID: 133
    Date: 21/02/2005
    Time: 16:17:25
    User: N/A
    Computer: REMOTE1
    Description:
    Refused request to hibernate/suspend.
    One or more applications have active connections open to this service. Close all applications that are using this service (including the "Removable Storage Manager" MMC snap-in) before attempting to hibernate/suspend the system.
    --------------------------------------------------------------------------
    Event Type: Warning
    Event Source: Win32k
    Event Category: None
    Event ID: 240
    Date: 21/02/2005
    Time: 16:17:25
    User: N/A
    Computer: REMOTE1
    Description:
    A request to suspend power was denied by svchost.exe.
    Data:
    0000: 00 00 00 00 02 00 4e 00 ......N.
    0008: 00 00 00 00 f0 00 00 80 ....ð..€
    0010: 00 00 00 00 00 00 00 00 ........
    0018: 00 00 00 00 00 00 00 00 ........
    0020: 00 00 00 00 00 00 00 00 ........
    --------------------------------------------------------------------------
    Event Type: Information
    Event Source: Application Popup
    Event Category: None
    Event ID: 26
    Date: 21/02/2005
    Time: 16:17:38
    User: N/A
    Computer: REMOTE1
    Description:
    Application popup: Removable Storage Management : Removable Storage Manager refused the request to hibernate or suspend the system.


    One or more applications have active connections open to this service. Close all applications that are using this service (including the "Removable Storage" MMC snap-in) before attempting to hibernate or suspend the system.
    --------------------------------------------------------------------------
    Event Type: Error
    Event Source: EventLog
    Event Category: None
    Event ID: 6008
    Date: 21/02/2005
    Time: 16:19:26
    User: N/A
    Computer: REMOTE1
    Description:
    The previous system shutdown at 16:15:14 on 21/02/2005 was unexpected.
    Data:
    0000: d5 07 02 00 01 00 15 00 Õ.......
    0008: 10 00 0f 00 0e 00 57 01 ......W.
    0010: d5 07 02 00 01 00 15 00 Õ.......
    0018: 10 00 0f 00 0e 00 57 01 ......W.
    --------------------------------------------------------------------------
    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7000
    Date: 21/02/2005
    Time: 16:19:54
    User: N/A
    Computer: REMOTE1
    Description:
    The DNS Controller service failed to start due to the following error:
    The system cannot find the file specified.
    --------------------------------------------------------------------------
    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7000
    Date: 21/02/2005
    Time: 16:20:34
    User: N/A
    Computer: REMOTE1
    Description:
    The Smart Card Updater service failed to start due to the following error:
    The system cannot find the file specified.

    --------------------------------------------------------------------------




    APPLICATION LOG
    --------------------------------------------------------------------------
    Event Type: Error
    Event Source: Perflib
    Event Category: None
    Event ID: 1015
    Date: 21/02/2005
    Time: 11:08:37
    User: N/A
    Computer: REMOTE1
    Description:
    The timeout waiting for the performance data collection function "PerfDisk" in the "C:\WINNT\System32\perfdisk.dll" Library to finish has expired. There may be a problem with this extensible counter or the service it is collecting data from or the system may have been very busy when this call was attempted.
    --------------------------------------------------------------------------
    Event Type: Error
    Event Source: DM Analyzer
    Event Category: None
    Event ID: 0
    Date: 21/02/2005
    Time: 16:20:08
    User: N/A
    Computer: REMOTE1
    Description:
    The description for Event ID ( 0 ) in Source ( DM Analyzer ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event:

    DM Analyzer: Could not open DataBase.
    --------------------------------------------------------------------------
    Event Type: Warning
    Event Source: MSSQLServer
    Event Category: (8)
    Event ID: 19011
    Date: 21/02/2005
    Time: 16:20:18
    User: N/A
    Computer: REMOTE1
    Description:
    SuperSocket info: (SpnRegister) : Error 1355.
    --------------------------------------------------------------------------
    Event Type: Error
    Event Source: DM Maintenance
    Event Category: None
    Event ID: 0
    Date: 21/02/2005
    Time: 16:20:25
    User: N/A
    Computer: REMOTE1
    Description:
    Service cannot be started. LS.LSException: Config: DatabaseVersionGet: Could not query Database Version
    at LS.Stats.GetDatabaseVersionInfo()
    at MaintenanceDaemon.maintenaceMain.Start()
    at MaintenanceDaemon.Service1.OnStart(String[] args)
    at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
    --------------------------------------------------------------------------
    Event Type: Error
    Event Source: DM Analyzer
    Event Category: None
    Event ID: 0
    Date: 21/02/2005
    Time: 16:20:53
    User: N/A
    Computer: REMOTE1
    Description:
    The description for Event ID ( 0 ) in Source ( DM Analyzer ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event:

    DM Analyzer: Could not open DataBase.
    --------------------------------------------------------------------------
    Event Type: Error
    Event Source: FTPCtrs
    Event Category: None
    Event ID: 1000
    Date: 21/02/2005
    Time: 16:21:40
    User: N/A
    Computer: REMOTE1
    Description:
    Unable to collect the FTP performance statistics. The error code returned by the service is data DWORD 0.
    For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.
    Data:
    0000: 26 04 00 00 &...
    --------------------------------------------------------------------------
    Event Type: Error
    Event Source: Perflib
    Event Category: None
    Event ID: 2002
    Date: 21/02/2005
    Time: 16:22:11
    User: N/A
    Computer: REMOTE1
    Description:
    The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll" has taken longer than the established wait time to complete. There may be a problem with this extensible counter or the service it is collecting data from or the system may have been very busy when this call was attempted.
    --------------------------------------------------------------------------
    Event Type: Warning
    Event Source: Perflib
    Event Category: None
    Event ID: 2003
    Date: 21/02/2005
    Time: 16:24:30
    User: N/A
    Computer: REMOTE1
    Description:
    The configuration information of the performance library "C:\WINNT\system32\ftpctrs2.dll" for the "MSFTPSVC" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.
    --------------------------------------------------------------------------
    Event Type: Warning
    Event Source: Perflib
    Event Category: None
    Event ID: 2003
    Date: 21/02/2005
    Time: 16:24:32
    User: N/A
    Computer: REMOTE1
    Description:
    The configuration information of the performance library "C:\WINNT\system32\w3ctrs.dll" for the "W3SVC" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.

  2. #2
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,385
    do you know which computer is called REMOTE1?? is that your host or server name or some connected computer... looks like they tryed getting scvhost.exe to suspend the server?? virus? not sure...

    --- 0wN3D by 3gG ---

  3. #3
    Junior Member
    Join Date
    Feb 2005
    Posts
    2
    Hi, thanks for replying,

    REMOTE1 is the name of my server - the computer that the problem happened on. I did notice that the logs seem to indicate that it's trying to shut down or go into hibernation mode, but I can't work out what's causing it...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •