Multiple UDP connections for svchost.exe (netsvcs)
Can anyone advise what these connections are? The UDP port it uses on my PC always changes (random between ports 50000 and 60000), and Windows tries to open matching UPnP ports in my router.
It still continues despite windows update/bits services disabled, and many of the IP addresses are not Microsoft related.
Hi MadEngineer,
Netsvcs.exe is not essential for Windows and will often cause problems. Netsvcs.exe is located in the C:\Windows\System32 folder.Here is a link for reference :
Netsvcs.exe
http://www.file.net/process/netsvcs.exe.html
Please check the location of this process ,we can perform a full scan with the antivirus software if we suspect it is harmful.
iphlpsvc refers to IP Helper ,it provides some enhanced connectivity functionality to your PC.HomeGroups and IPv6 transition technologies rely on iphlpsvc.
Here is a link for reference :
What is the IP Helper (iphlpsvc) service?
http://maximumpcguides.com/windows-7/what-is-the-ip-helper-iphlpsvc-service/
NOTE: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites.
Best regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected]
Similar Messages
-
Multiple db connections for one report
Hi all,
I am using Oracle Reports 10g R2. Could someone tell me if Oracle Reports supports multiple database connections for one rdf file, like this (using servlet)
http://your_web_server:port_num/reports/rwservlet?server=server_name&report=myreport.rdf& userid1=username/password@my_db1&userid2=username/password@my_db2 &desformat=pdf&destype=cache
I am asking this question because my report needs data from two separate Oracle databases.
Edited by: user12239004 on Apr 27, 2010 2:14 AMNo, you can only have one login.
However, this is simple to resolve by creating a database link in one database to the other database. -
Hi,
I have two IDLE enabled IMAP accounts and I'm trying to work out if everything is working properly as it doesn't feel like it is.
When I check netstat it shows multiple established connections for each account which seems to many for it to be right.
Any thoughts on what to check? Server is showing two connections which would be right.
Thanks,
AdamIf you must have a 1-1 app user/connection to database user/connection, then using a DatabaseSession would probably be the easiest solution. The means that each user would create and connect to their own DatabaseSession when they login to the app. You could still share the same TopLink project instance to reduce some of the connecting/initialization overhead, but there would be no way to pool connections. Using a DatabaseSession would not allow for any shared caching across users.
Do you need to be connected as the user for reading, or just for writing to the database? If you can use a shared user/connection for reading, then you could use a ServerSession and have a shared cache. Define the shared user in the ServerSession, and when each user connects acquire a ClientSession through the acquireClientSession(DatabaseLogin) API, which allows you to specify the user/password to connect as for writing.
In TopLink 10.1.3 you may also wish to investigate the VPD and exclusive client connection support. This allows for some of your data to be read through a user/VPD secure connection, and other shared data to still be cached. It also allows for the user/VPD to be switched on a pooled connection. -
CSA 4.5.1.639 - svchost.exe and UDP 1900 UPNP
I have created a high priority deny for the following rule but I would for this rule to stop popping up on all the workstations, simply because the flag is always waving for all the users.
4/18/2006 8:26:13 AM: The process 'C:\WINDOWS\system32\svchost.exe' (as user NT AUTHORITY\SYSTEM) attempted to communicate with x.x.x.x on UDP port 1900. The attempted access was to initiate a connection as a client (operation = CONNECT). The operation was denied.
What other changes neeed to be made so that users do not see this process at all?You can silence the flag unless you have another network access control rule set to log for incoming connections:
If you have one rule set to deny incoming connections and log them, users will see the flag waving for all of them. You must create another rule that is set to deny (not high priority deny) acting as a server for a specific port, set to not log and set to take precedence over other deny rules.
I know this works because we do it here for the UPNP/SSDP services. The rule is set to deny svchost.exe from accepting connections on port 1900, not to log and to take precedence over other deny rules.
The only time this doesn't work is when machines are in test mode and then the only place you see messages is on the MC.
If this didn't work we would have hundreds of these flags waving every day.
Tom S -
Svchost.exe -k netsvcs constantly downloading
I was asked to move this here from Microsoft Answers.
I am working on an XP Home SP3 computer that constantly downloads using system32\svchost.exe -k netsvcs. It will download as long as the computer is connected. Before I realized the problem, it downloaded 1.4GB. I am using Netbalancer to watch the process.
Things I've tried:
>Turn off windows auto updates. The computer was up to date last week.
>Scan with Malwarebytes, Security Essentials, MFRT, AVG, TDDSkiller in windows and safe mode when possible. Avg found 6 corrupted google toolbar.exe in Temp files. Others found nothing.
>Turn off system restore and rescan with AVG while the computer was connected.
>The computer has always had Norton antivirus installed. It found and removed 1 virus in setup_lib_srf[1].exe which contained "Downloader" in 2009.
>Disabled Backgound Intelligent Transfer service but netsvcs still downloads and the BITS service goes back to Automatic after a reboot.
>Ran svchost.exe fix from Microsoft which is for high cpu use but thought it might help.
> The remote ip address netsvcs is contacting belongs to Akamai Technologies when windows auto update is turned off. With auto updates on the other ip addresses belong to Microsoft.
I ran Hijackthis if you want the log.
Any help is greatly appreciated.
Tom
<button class="msaActionText">July 8, 2011</button>
<button class="msaActionText">Reply with quote</button>
<button class="msaActionText msgAbuseBtn">Report abuse</button>
Child exploitation or abuse
Harassment or threats
Inappropriate/Adult content
Nudity
Profanity
Software piracy
SPAM/Advertising
Virus/Spyware/Malware danger
Other Term of Use or Code of Conduct violation
<input type="button" value="Reply" />
<input type="button" value="Edit" />
1
Person had
this question <input type="button" value="Me Too" />
trg53Thanks for the reply and help. I haven't looked for specific dll's yet but process explorer found "Mutant" files in every instance of svchost including this: Mutant \BaseNamedObjects\SHIMLIB_LOG_MUTEX.... along with a few or several other
mutants. I hope it's ok to post the saved file from one of the svchost instances because it has obvious concerns.
I need to know if: 1.Deleting the Temp files and Temporary Internet files along with .dat files and cookies listed in the file could clean the system. 2.Is the system to compromised to try to save. It will be interesting to try though.
Thanks, Tom
Here is the file:
Process PID CPU Description Company Name
System Idle Process 0 98.48
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 744 Windows NT Session Manager Microsoft Corporation
csrss.exe 840 Client Server Runtime Process Microsoft Corporation
winlogon.exe 864 Windows NT Logon Application Microsoft Corporation
services.exe 912 Services and Controller app Microsoft Corporation
ati2evxx.exe 1080 ATI External Event Utility EXE Module ATI Technologies Inc.
svchost.exe 1104 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1244 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1288 Generic Host Process for Win32 Services Microsoft Corporation
wscntfy.exe 2716 Windows Security Center Notification App Microsoft Corporation
wuauclt.exe 2776 Windows Update Microsoft Corporation
svchost.exe 1396 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1464 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1584 Spooler SubSystem App Microsoft Corporation
svchost.exe 1660 Generic Host Process for Win32 Services Microsoft Corporation
ccsvchst.exe 1868 Symantec Service Framework Symantec Corporation
ccsvchst.exe 1128 Symantec Service Framework Symantec Corporation
SeriousBit.NetBalancer.Service.exe 1968 SeriousBit.NetBalancer.Service Microsoft
svchost.exe 308 Generic Host Process for Win32 Services Microsoft Corporation
alg.exe 2468 Application Layer Gateway Service Microsoft Corporation
lsass.exe 924 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 1932 Windows Explorer Microsoft Corporation
GoogleDesktop.exe 652 Google Desktop Google
E_FATI9HA.EXE 692 EPSON Status Monitor 3 SEIKO EPSON CORPORATION
NkMonitor.exe 844 Nikon Transfer Monitor Nikon Corporation
GoogleToolbarNotifier.exe 1036 GoogleToolbarNotifier Google Inc.
ctfmon.exe 980 CTF Loader Microsoft Corporation
DLG.exe 1204 Digital Line Detection BVRP Software
procexp.exe 3040 1.52 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
Process: svchost.exe Pid: 1660
Type Name
Desktop \Default
Directory \KnownDlls
Directory \Windows
Directory \BaseNamedObjects
File C:\WINDOWS\system32
File \Device\KsecDD
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202
File \Device\NamedPipe\net\NtControlPipe9
File \Device\WMIDataDevice
File \Device\WMIDataDevice
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202
File \Device\WebDavRedirector
File \Device\WebDavRedirector
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
File C:\Documents and Settings\LocalService\Cookies\index.dat
File C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat
File \Device\WebDavRedirector
File \Device\WebDavRedirector
File \Device\NamedPipe\DAV RPC SERVICE
File \Device\NamedPipe\DAV RPC SERVICE
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
Key HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Key HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9
Key HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5
Key HKLM\SOFTWARE\Policies
Key HKU\S-1-5-19\Software\Policies
Key HKU\S-1-5-19\Software
Key HKLM\SOFTWARE
KeyedEvent \KernelObjects\CritSecOutOfMemoryEvent
Mutant \BaseNamedObjects\SHIMLIB_LOG_MUTEX
Mutant \BaseNamedObjects\_!MSFTHISTORY!_
Mutant \BaseNamedObjects\c:!documents and settings!localservice!local settings!temporary internet files!content.ie5!
Mutant \BaseNamedObjects\c:!documents and settings!localservice!cookies!
Mutant \BaseNamedObjects\c:!documents and settings!localservice!local settings!history!history.ie5!
Mutant \BaseNamedObjects\WininetStartupMutex
Mutant \BaseNamedObjects\WininetProxyRegistryMutex
Process svchost.exe(1660)
Section \BaseNamedObjects\C:_Documents and Settings_LocalService_Local Settings_Temporary Internet Files_Content.IE5_index.dat_81920
Section \BaseNamedObjects\C:_Documents and Settings_LocalService_Cookies_index.dat_16384
Section \BaseNamedObjects\C:_Documents and Settings_LocalService_Local Settings_History_History.IE5_index.dat_16384
Semaphore \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
Semaphore \BaseNamedObjects\shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D}
Thread svchost.exe(1660): 1720
Thread svchost.exe(1660): 1664
Thread svchost.exe(1660): 1716
Thread svchost.exe(1660): 3052
Thread svchost.exe(1660): 1724
Token NT AUTHORITY\LOCAL SERVICE:3e5
WindowStation \Windows\WindowStations\Service-0x0-3e5$
WindowStation \Windows\WindowStations\Service-0x0-3e5$ -
How to stop svchost.exe to connect to internet?
I used a software known as TCPview. I used it to monitor what are the services that are connected to the internet. In this I found out that svchost.exe is always downloading something. It is not the automatic windows update since I changed the windows
update to manual. So please help me since my internet speed is very slow & in that svchost.exe is always downloading something....On a newly setup system svchost.exe is the process that runs a lot of services. This means that some service may be downloading something that is important to it. Or it may always be a different service.
The resmon.exe can tell you more about which service is downloading stuff. Under network you can look for the PID of the svchost.exe that is downloading and then go to the services tab in the task manager. There you look for the PID again and hopefully find
a useful description that let's you decide what to do.
On the other hand svchost.exe is a very loved name by some shady programmers looking for new bots for their networks or for some useful login or credit card data. Meaning is all of your software and especially your windows up to date and have you an always
watching and updated anti virus software installed? Even if so a virus might be something to consider -
I am having the same svchost type problem others have had. Within a minute of booting up an svchost.exe will start running, using up my whole CPU...so I can't do anything with my computer. The only way to proceed is to go into Task Manager and stop the process.
If I do that all is fine except that I can't get any sound on any video, etc (system sounds still work).
I've tried to use Process Explorer to figure it out...but I can't get far with it. The svchost.exe function (k netsvcs) that's causing the problem has a long list of at least a dozen functions. I'm not a software professional, just an old guy trying to use
his Win XP Svc Pack 3 computer that otherwise works great. That notwithstanding, I'm often able to figure out the solution to problems, but this one has me stumped!
I've done a full Norton scan, and also tried a couple of suggested malware products, non of which find any threats. My windows update service is set to notify me of updates...not to update automatically. I don't seem to be getting any notifications anymore.
:<((
I need help, please, to solve this problem.Bob,
A Christmas miracle. Today it worked. I checked the box for automatic installation of upgrades, rebooted, and what was soon awaiting on my desktop but some downloads waiting to be installed. Puzzling: for some reason the system isn't recognizing how the
boxes are checked. In any event, I don't know it it was that or the steps I went thru yesterday from Ehow, but it worked. I had earlier today confirmed thru Process Explorer that it was in fact the automatic update service that was causing the problem. Whatever...I'm
happy, and thanks for your help!
Cookie -
How to retain socket connection for multiple requests in java 1.3
Hi All,
My problem is to retain client socket connection without opening and closing socket connection for every request.I want to open the socket connection once and send multiple requests one after the other based upon the response over the same socket.Finally I want to close the socket only after completing all my requests and receiving respective responses.I don't want to open and close the socket for each request and response.While at the same time I expect the socket to send each request only after receiving the response for the previous request.
I am using java 1.3 and I am looking for the solution in same version.
Please help me .
Thanx in advance.Look at my response to "Telnet to Unix box from Java"
http://forum.java.sun.com/thread.jsp?forum=31&thread=437231
on "Java Programming" forum. It does exactly that to run the signon and a command. It would be easy to extend it to do multiple commands. -
Ability to open multiple SQL Worksheets for the same connection
Hi,
Please allow the ability to open multiple SQL Worksheets for the same connection, now only one can be opened.
ThanksLogged Bug 9000801 - ea1: otnforum: worksheet launcher does not remember the last/default connection
-Raghu -
Create one connection for multiple dynaset reads
I am using VC 6.0 with the OO40 class. I am processing a text file in a console batch mode. The file can contain 1 record or hundreds of records. I would like to open the db connection/session once and read the database multiple times - one for each record being processed. What is happening is that the first record is read, and processed. The subsequent records are not read and the dynaset still points to the first record. I have the dynaset read process in a function - so that the dynaset is destroyed and recreated everytime. What am I doing wrong.
As for your question: it is discussed in sAP online help:
http://help.sap.com/saphelp_erp60_sp/helpdata/en/c6/f841f24afa11d182b90000e829fbfe/frameset.htm
Sorry I misunderstood your question.
The above mentioned solution won't create one single TO from multiple TR.
Edited by: Csaba Szommer on Aug 11, 2010 9:46 AM -
Multiple vnc console connections for guest vm
Is there anyway to allow multiple computers to connect to the same guest VNC console?
I noticed in the vm.cfg there were multiple VNC options and I attempted to play with them to see if I could get multiple console connections to work. After editing the file and restarting the guest vm I couldn't get multiple connections. The VM Server users guide didn't provide any clarity on what the VNC commands in the vm.cfg do, just some examples of guest configs. Can anyone enlighten me on how to do this or possibly refer to a link if this question has been asked in the past.
Thanks,
nathanQ1:Is there anyway to allow multiple computers to connect to the same guest VNC console?
I suggest that you config/start vnc server on guest OS, and you may connect it from different computers. it make sense for you?
Q2:Can anyone enlighten me on how to do this or possibly refer to a link if this question has been asked in the past.
Pleaser refer to this link to know more about VNC options in vm.cfg.
http://download.oracle.com/docs/cd/E11081_01/doc/doc.21/e10898/troubleshoot.htm#CIHCFDGG -
My computer is almost a year old and it is a custom build gaming rig with the following specs
Intel Core i5-3570k CPU @ 3.40GHz
8.0GB of Ram
AMD Radeon HD 6870
running windows 8.1
The issue is that after a few hours my computer starts to drastically drop in performance. This is due to two reasons. Firstly explore.exe starts to use up my cpu. I can easily stop this by using process explorer to close the offending thread (only 1 thread
i causing the issue, the rest are using minimal cpu) killing this thread reduces the cpu and appears to have no concequence in terms of functionality of my pc.
After this on average ten minutes later what happen is that svchost.exe starts using from 40%-60% of my cpu at which point if I do not quit any game I am playing my computer will crash. using process explorer to find the offending threads lead me to a thread
with a TID of 1836. If I kill this process I lose internet connection. Yet before this happens there is no sign of this thread. It appears to not be present until the issue appears and when it does appear this process is essential to my internet connection.
Please can someone help mePlease provide us with your Event Viewer administrative logs by following these steps:
Click Start Menu
Type eventvwr into Search programs and files (do not hit enter)
Right click eventvwr.exe and click Run as administrator
Expand Custom Views
Click Administrative Events
Right click Administrative Events
Save all Events in Custom View As...
Save them in a folder where you will remember which folder and save as Errors.evtx
Go to where you saved Errors.evtx
Right click Errors.evtx -> send to -> compressed (zipped) folder
Upload the .zip file to skydrive or a file sharing service and put a link to it in your next post
If you have updated to win 8.1 and you get the error message "the system cannot find the file specified" it is a known problem. The
work around is to edit the registry. If you are not comfortable doing this DONT. If you are, backup the key before you do
Press Win+"R" and input regedit
Navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels. Delete "Microsoft-Windows-DxpTaskRingtone/Analytic"
Wanikiya and Dyami--Team Zigzag -
2008 R2 - Memory Leak from svchost.exe - Module "rpcrt4" is the culprit
Hi All
Over the past week or so (after a set of Windows updates and restart) svchost.exe has increasingly used more and more memory. It probably gobbles up an extra 1GB per day and doesn't relent.
After running various diagnostics, the debug diagnostic tool finally provided me this information after a memory leak test:
rpcrt4.dll is responsible for 1.76 GBytes worth of outstanding allocations. The following are the top 2 memory consuming functions:
rpcrt4!AllocWrapper+2b: 1.76 GBytes worth of outstanding allocations.
rpcrt4!Ndr64ClientInitialize+964: 1.36 MBytes worth of outstanding allocations.
Detailed module report(Memory)
Module details for rpcrt4
Module Name rpcrt4
Allocation Count 946941 allocation(s)
Allocation Size 1.76 GBytes
Module Information
Image Name: C:\Windows\System32\rpcrt4.dll Symbol Type: PDB
Base address: 0x00000003`00905a4d Time Stamp: Sat Nov 20 13:13:18 2010
Checksum: 0x00000000`00000000 Comments:
COM DLL: True Company Name: Microsoft Corporation
ISAPIExtension: False File Description: Remote Procedure Call Runtime
ISAPIFilter: False File Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Managed DLL: False Internal Name: rpcrt4.dll
VB DLL: False Legal Copyright: © Microsoft Corporation. All rights reserved.
Loaded Image Name: rpcrt4.dll Legal Trademarks:
Mapped Image Name: Original filename: rpcrt4.dll
Module name: rpcrt4 Private Build:
Single Threaded: False Product Name: Microsoft® Windows® Operating System
Module Size: 1.18 MBytes Product Version: 6.1.7601.17514
Symbol File Name: c:\symcache\rpcrt4.pdb\7D748DA6D7454C9EA38C8CEF1C9E75F22\rpcrt4.pdb Special Build: &
rpcrt4!AllocWrapper+2b has 944,468 allocations!
I'm running 2008 R2 64bit with anywhere up to 80/100 simultaneous RDP connections at any one time.
Can anyone help or advise as I cannot find any hotfixes for this issue.
Thanks
RyanHi Ryan,
Please narrow it down to the specific service that is having the issue. That way you will know where to focus on.
For the specific svchost.exe that is showing the large memory usage, use task manager/process explorer/etc. to determine which service(s) are running within it. If there are multiple services running within it, I recommend you isolate them and then
restart your server. For example, say you determined that the following services are running in the "problem" svchost.exe: AudioEndpointBuilder, Netman, TrkWks, UmRdpService, Uxsms. You would open an admin command prompt and enter the following
commands:
sc config AudioEndpointBuilder type= own
sc config Netman type= own
sc config TrkWks type= own
sc config UmRdpService type= own
sc config Uxsms type= own
After entering the above commands you would restart your server for the changes to take effect. Over time you would monitor memory usage of the suspect services, and eventually it will become apparent which one is using too much memory.
Thanks.
-TP -
Recently (within the past 2 weeks) I have noticed a few of our servers will have problems with the svchost.exe application causing the GPSVC (Group Policy Client) to crash. The only fix at that point is to reboot the server since the GPSVC service is tied
to svchost.exe and therefore is protected from being manually restarted.
I noticed the following errors when this occurs:
Log Name: Application
Source: Application Error
Date: 7/23/2013 4:35:26 AM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: Server1.xxx.xxx.net
Description:
Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000024
Fault offset: 0x00000000000cd7d8
Faulting process id: 0x46c
Faulting application start time: 0x01ce877f9476ac07
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: d252d26d-f372-11e2-8ad4-005056ac00e8
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-07-23T08:35:26.000000000Z" />
<EventRecordID>158950</EventRecordID>
<Channel>Application</Channel>
<Computer>AAW19XM2.agency.nwie.net</Computer>
<Security />
</System>
<EventData>
<Data>svchost.exe</Data>
<Data>6.1.7600.16385</Data>
<Data>4a5bc3c1</Data>
<Data>ntdll.dll</Data>
<Data>6.1.7601.17725</Data>
<Data>4ec4aa8e</Data>
<Data>c0000024</Data>
<Data>00000000000cd7d8</Data>
<Data>46c</Data>
<Data>01ce877f9476ac07</Data>
<Data>C:\Windows\system32\svchost.exe</Data>
<Data>C:\Windows\SYSTEM32\ntdll.dll</Data>
<Data>d252d26d-f372-11e2-8ad4-005056ac00e8</Data>
</EventData>
</Event>
All of our servers are running Server 2008 R2 Enterprise where we use Citrix to deliver desktop sessions to our users, but some are virtual and some are physical. This seemingly impacts our virtual machines more, and our VMs are hosted through VMWare, however,
about 5 months ago a similar error fired on a non-virtual machine:
Log Name: Application
Source: Application Error
Date: 2/27/2013 6:57:58 AM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: AAW29033
Description:
Faulting application name: svchost.exe_gpsvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000024
Fault offset: 0x00000000000cd7d8
Faulting process id: 0x6c0
Faulting application start time: 0x01ce14e1af313fd9
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: ed3d01c4-80d4-11e2-9128-b499baa9e5e8
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-02-27T11:57:58.000000000Z" />
<EventRecordID>286291</EventRecordID>
<Channel>Application</Channel>
<Computer>AAW29033</Computer>
<Security />
</System>
<EventData>
<Data>svchost.exe_gpsvc</Data>
<Data>6.1.7600.16385</Data>
<Data>4a5bc3c1</Data>
<Data>ntdll.dll</Data>
<Data>6.1.7601.17725</Data>
<Data>4ec4aa8e</Data>
<Data>c0000024</Data>
<Data>00000000000cd7d8</Data>
<Data>6c0</Data>
<Data>01ce14e1af313fd9</Data>
<Data>C:\Windows\system32\svchost.exe</Data>
<Data>C:\Windows\SYSTEM32\ntdll.dll</Data>
<Data>ed3d01c4-80d4-11e2-9128-b499baa9e5e8</Data>
</EventData>
</Event>
I've searched and cannot seem to find any information as to what may be causing this, or even really where to start. Would someone be able to help me identify what might be causing this event, specific with the Exception code: 0xc0000024, which causes
the Group Policy Client service to stop?You still out there looking at things? If so I have an update. The issue hasn't stopped, even though it did seemingly die down for awhile, however, it is now back with a vengeance.
I am able to force it to happen by killing the svchost process that is hosting GPSVC. If I run gpupdate /force, then logout/login it does get GPSVC running again. Furthermore, if I simply start svchost again via the Task Manager GPSVC starts running again.
When I access the server remotely with KVM it acts just like it does as if I'm logging into it via Citrix/RDP which for Admin IDs gives an error saying "Failed to connect to a windows service. Windows could not connect to the Group Policy Client service...",
however, normal user accounts just get a message when logging into the server "The Group Policy Client Service Failed the Logon. Access is denied."
I haven't opened a case with Microsoft yet, but we about ready to because of the increase in these errors.
If you have any further suggestions that would be great, otherwise I'll provide an update once I get word back from Microsoft.
**EDIT -- apparently I mistook the the server's SCM's actions as my own. I was able to successfully crash the GPSVC service by killing the hosting svchost process, however, after I crashed it and let it sit crashed for awhile when I attempted
to restart either by starting a svchost task, or running gpupdate /force it failed. Either that, or there is a timing issue where if we don't restart the svchost process, or run gpupdate /force quickly enough it won't be able to recover without a reboot. -
Windows Server 2008 R2 - When svchost.exe memory-leaks Outlook does not load properly
Hi all,
We have a server which runs Windows Server 2008 R2, fully updated, and acts as a Terminal Server (Citrix XenApp 6.5).
In the past couple months we have had problems with svchost.exe leaking memory, growing to 2-3GB of RAM usage. Sometimes is occurs with weeks between the incidents, sometimes days. To solve the issue we have to reboot the server.
When this occurs, Outlook (fully updated) doesn't start for any users at all. Outlook doesn't continue from the "Loading profile.."-stage. The users who already has Outlook started doesn't have any problems, unless they close Outlook ;) .
The svchost.exe is the one which runs the services:
NSI
WinHttpAutoProxySvc
W32Time
Netprofm
FontCache
EventSystem
We've patched the server with KB2847346 but with no result. Patch KB2950358 is not applicable..
Any ideas?svchost is hosting multiple services. when the issue occurs you can use sysinternals procmon (or enable the command line column in task manager process tab) to view to determine which service is using that much memory.
MCP/MCSA/MCTS/MCITP
Did you read my whole post, or did you just misunderstand the part were I wrote:
The svchost.exe is the one which runs the services:
NSI
WinHttpAutoProxySvc
W32Time
Netprofm
FontCache
EventSystem"
I know that svchost.exe runs ALOT of services, so when the problem occurred I checked which services the specific svchost.exe runs. Everytime it happens the svchost.exe (which leaks and has 2-3GB mem usage) runs this specific services.
Maybe you are looking for
-
I saved an iMovie into a desktop folder I had created. When I double-clicked on the folder, there were no contents. When I double-clicked on the hard drive, then clicked on the same folder in that window, the file appears. I can't seem to access the
-
I just transferred "all movies" to "My Passport" hard drive. Several images of the same clips appear. Is each image a valid clip? Why do I have so many?
-
How to get deleted table back in 9i? Does 9i has Recycle Bin like 10g?
-
ITunes 7.6 (or QuickTime stand alone) won't run on XP
Dear friends in iTunes Land. I thought Mac SW was supposed to be user friendly but this is the worst install I've ever faught on an XP machine. Would appreciate any insight. ... I've done all the clean uninstall/install... Install Quicktime stand alo
-
I am trying to get 4 signals from my bluetooth which is connected to a sensor. later on I need to analyze the signals for calculating heart beat and blood oxygen saturation. when the labview reads the data it has no errors but anyway the peak deteco