Multiple UDP connections for svchost.exe (netsvcs)

Similar Messages

• Multiple db connections for one report

  Hi all,
  I am using Oracle Reports 10g R2. Could someone tell me if Oracle Reports supports multiple database connections for one rdf file, like this (using servlet)
  http://your_web_server:port_num/reports/rwservlet?server=server_name&report=myreport.rdf& userid1=username/password@my_db1&userid2=username/password@my_db2 &desformat=pdf&destype=cache
  I am asking this question because my report needs data from two separate Oracle databases.
  Edited by: user12239004 on Apr 27, 2010 2:14 AM

  No, you can only have one login.
  However, this is simple to resolve by creating a database link in one database to the other database.

• Multiple IDLE connections

  Hi,
  I have two IDLE enabled IMAP accounts and I'm trying to work out if everything is working properly as it doesn't feel like it is.
  When I check netstat it shows multiple established connections for each account which seems to many for it to be right.
  Any thoughts on what to check? Server is showing two connections which would be right.
  Thanks,
  Adam

  If you must have a 1-1 app user/connection to database user/connection, then using a DatabaseSession would probably be the easiest solution. The means that each user would create and connect to their own DatabaseSession when they login to the app. You could still share the same TopLink project instance to reduce some of the connecting/initialization overhead, but there would be no way to pool connections. Using a DatabaseSession would not allow for any shared caching across users.
  Do you need to be connected as the user for reading, or just for writing to the database? If you can use a shared user/connection for reading, then you could use a ServerSession and have a shared cache. Define the shared user in the ServerSession, and when each user connects acquire a ClientSession through the acquireClientSession(DatabaseLogin) API, which allows you to specify the user/password to connect as for writing.
  In TopLink 10.1.3 you may also wish to investigate the VPD and exclusive client connection support. This allows for some of your data to be read through a user/VPD secure connection, and other shared data to still be cached. It also allows for the user/VPD to be switched on a pooled connection.

• CSA 4.5.1.639 - svchost.exe and UDP 1900 UPNP

  I have created a high priority deny for the following rule but I would for this rule to stop popping up on all the workstations, simply because the flag is always waving for all the users.
  4/18/2006 8:26:13 AM: The process 'C:\WINDOWS\system32\svchost.exe' (as user NT AUTHORITY\SYSTEM) attempted to communicate with x.x.x.x on UDP port 1900. The attempted access was to initiate a connection as a client (operation = CONNECT). The operation was denied.
  What other changes neeed to be made so that users do not see this process at all?

  You can silence the flag unless you have another network access control rule set to log for incoming connections:
  If you have one rule set to deny incoming connections and log them, users will see the flag waving for all of them. You must create another rule that is set to deny (not high priority deny) acting as a server for a specific port, set to not log and set to take precedence over other deny rules.
  I know this works because we do it here for the UPNP/SSDP services. The rule is set to deny svchost.exe from accepting connections on port 1900, not to log and to take precedence over other deny rules.
  The only time this doesn't work is when machines are in test mode and then the only place you see messages is on the MC.
  If this didn't work we would have hundreds of these flags waving every day.
  Tom S

• Svchost.exe -k netsvcs constantly downloading

  I was asked to move this here from Microsoft Answers.
  I am working on an XP Home SP3 computer that constantly downloads using system32\svchost.exe -k netsvcs. It will download as long as the computer is connected. Before I realized the problem, it downloaded 1.4GB. I am using Netbalancer to watch the process.
  Things I've tried:
  >Turn off windows auto updates. The computer was up to date last week.
  >Scan with Malwarebytes, Security Essentials, MFRT, AVG, TDDSkiller in windows and safe mode when possible. Avg found 6 corrupted google toolbar.exe in Temp files. Others found nothing.
  >Turn off system restore and rescan with AVG while the computer was connected.
  >The computer has always had Norton antivirus installed. It found and removed 1 virus in setup_lib_srf[1].exe which contained "Downloader" in 2009.
  >Disabled Backgound Intelligent Transfer service but netsvcs still downloads and the BITS service goes back to Automatic after a reboot.
  >Ran svchost.exe fix from Microsoft which is for high cpu use but thought it might help.
  > The remote ip address netsvcs is contacting belongs to Akamai Technologies when windows auto update is turned off. With auto updates on the other ip addresses belong to Microsoft.
  I ran Hijackthis if you want the log.
  Any help is greatly appreciated.
  Tom
  <button class="msaActionText">July 8, 2011</button>
  <button class="msaActionText">Reply with quote</button>
  <button class="msaActionText msgAbuseBtn">Report abuse</button>
  Child exploitation or abuse
  Harassment or threats
  Inappropriate/Adult content
  Nudity
  Profanity
  Software piracy
  SPAM/Advertising
  Virus/Spyware/Malware danger
  Other Term of Use or Code of Conduct violation
  <input type="button" value="Reply" />
  <input type="button" value="Edit" />
  1
  Person had
  this question <input type="button" value="Me Too" />
  trg53

  Thanks for the reply and help. I haven't looked for specific dll's yet but process explorer found "Mutant" files in every instance of svchost including this: Mutant    \BaseNamedObjects\SHIMLIB_LOG_MUTEX.... along with a few or several other
  mutants. I hope it's ok to post the saved file from one of the svchost instances because it has obvious concerns.
  I need to know if: 1.Deleting the Temp files and Temporary Internet files along with .dat files and cookies listed in the file could clean the system. 2.Is the system to compromised to try to save. It will be interesting to try though.
  Thanks, Tom
  Here is the file:
  Process    PID    CPU    Description    Company Name
  System Idle Process    0    98.48         
   Interrupts    n/a        Hardware Interrupts     
   DPCs    n/a        Deferred Procedure Calls     
   System    4             
    smss.exe    744        Windows NT Session Manager    Microsoft Corporation
     csrss.exe    840        Client Server Runtime Process    Microsoft Corporation
     winlogon.exe    864        Windows NT Logon Application    Microsoft Corporation
      services.exe    912        Services and Controller app    Microsoft Corporation
       ati2evxx.exe    1080        ATI External Event Utility EXE Module    ATI Technologies Inc.
       svchost.exe    1104        Generic Host Process for Win32 Services    Microsoft Corporation
       svchost.exe    1244        Generic Host Process for Win32 Services    Microsoft Corporation
       svchost.exe    1288        Generic Host Process for Win32 Services    Microsoft Corporation
        wscntfy.exe    2716        Windows Security Center Notification App    Microsoft Corporation
        wuauclt.exe    2776        Windows Update    Microsoft Corporation
       svchost.exe    1396        Generic Host Process for Win32 Services    Microsoft Corporation
       svchost.exe    1464        Generic Host Process for Win32 Services    Microsoft Corporation
       spoolsv.exe    1584        Spooler SubSystem App    Microsoft Corporation
       svchost.exe    1660        Generic Host Process for Win32 Services    Microsoft Corporation
       ccsvchst.exe    1868        Symantec Service Framework    Symantec Corporation
        ccsvchst.exe    1128        Symantec Service Framework    Symantec Corporation
       SeriousBit.NetBalancer.Service.exe    1968        SeriousBit.NetBalancer.Service    Microsoft
       svchost.exe    308        Generic Host Process for Win32 Services    Microsoft Corporation
       alg.exe    2468        Application Layer Gateway Service    Microsoft Corporation
      lsass.exe    924        LSA Shell (Export Version)    Microsoft Corporation
  explorer.exe    1932        Windows Explorer    Microsoft Corporation
   GoogleDesktop.exe    652        Google Desktop    Google
   E_FATI9HA.EXE    692        EPSON Status Monitor 3    SEIKO EPSON CORPORATION
   NkMonitor.exe    844        Nikon Transfer Monitor    Nikon Corporation
   GoogleToolbarNotifier.exe    1036        GoogleToolbarNotifier    Google Inc.
   ctfmon.exe    980        CTF Loader    Microsoft Corporation
   DLG.exe    1204        Digital Line Detection    BVRP Software
   procexp.exe    3040    1.52    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com
  Process: svchost.exe Pid: 1660
  Type    Name
  Desktop    \Default
  Directory    \KnownDlls
  Directory    \Windows
  Directory    \BaseNamedObjects
  File    C:\WINDOWS\system32
  File    \Device\KsecDD
  File    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202
  File    \Device\NamedPipe\net\NtControlPipe9
  File    \Device\WMIDataDevice
  File    \Device\WMIDataDevice
  File    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202
  File    \Device\WebDavRedirector
  File    \Device\WebDavRedirector
  File    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
  File    C:\Documents and Settings\LocalService\Cookies\index.dat
  File    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat
  File    \Device\WebDavRedirector
  File    \Device\WebDavRedirector
  File    \Device\NamedPipe\DAV RPC SERVICE
  File    \Device\NamedPipe\DAV RPC SERVICE
  Key    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
  Key    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
  Key    HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  Key    HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9
  Key    HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5
  Key    HKLM\SOFTWARE\Policies
  Key    HKU\S-1-5-19\Software\Policies
  Key    HKU\S-1-5-19\Software
  Key    HKLM\SOFTWARE
  KeyedEvent    \KernelObjects\CritSecOutOfMemoryEvent
  Mutant    \BaseNamedObjects\SHIMLIB_LOG_MUTEX
  Mutant    \BaseNamedObjects\_!MSFTHISTORY!_
  Mutant    \BaseNamedObjects\c:!documents and settings!localservice!local settings!temporary internet files!content.ie5!
  Mutant    \BaseNamedObjects\c:!documents and settings!localservice!cookies!
  Mutant    \BaseNamedObjects\c:!documents and settings!localservice!local settings!history!history.ie5!
  Mutant    \BaseNamedObjects\WininetStartupMutex
  Mutant    \BaseNamedObjects\WininetProxyRegistryMutex
  Process    svchost.exe(1660)
  Section    \BaseNamedObjects\C:_Documents and Settings_LocalService_Local Settings_Temporary Internet Files_Content.IE5_index.dat_81920
  Section    \BaseNamedObjects\C:_Documents and Settings_LocalService_Cookies_index.dat_16384
  Section    \BaseNamedObjects\C:_Documents and Settings_LocalService_Local Settings_History_History.IE5_index.dat_16384
  Semaphore    \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
  Semaphore    \BaseNamedObjects\shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D}
  Thread    svchost.exe(1660): 1720
  Thread    svchost.exe(1660): 1664
  Thread    svchost.exe(1660): 1716
  Thread    svchost.exe(1660): 3052
  Thread    svchost.exe(1660): 1724
  Token    NT AUTHORITY\LOCAL SERVICE:3e5
  WindowStation    \Windows\WindowStations\Service-0x0-3e5$
  WindowStation    \Windows\WindowStations\Service-0x0-3e5$

• How to stop svchost.exe to connect to internet?

  I used a software known as TCPview. I used it to monitor what are the services that are connected to the internet. In this I found out that svchost.exe is always downloading something. It is not the automatic windows update since I changed the windows
  update to manual. So please help me since my internet speed is very slow & in that svchost.exe is always downloading something....

  On a newly setup system svchost.exe is the process that runs a lot of services. This means that some service may be downloading something that is important to it. Or it may always be a different service.
  The resmon.exe can tell you more about which service is downloading stuff. Under network you can look for the PID of the svchost.exe that is downloading and then go to the services tab in the task manager. There you look for the PID again and hopefully find
  a useful description that let's you decide what to do.
  On the other hand svchost.exe is a very loved name by some shady programmers looking for new bots for their networks or for some useful login or credit card data. Meaning is all of your software and especially your windows up to date and have you an always
  watching and updated anti virus software installed? Even if so a virus might be something to consider

• Svchost.exe k netsvcs

  I am having the same svchost type problem others have had. Within a minute of booting up an svchost.exe will start running, using up my whole CPU...so I can't do anything with my computer. The only way to proceed is to go into Task Manager and stop the process.
  If I do that all is fine except that I can't get any sound on any video, etc (system sounds still work).
  I've tried to use Process Explorer to figure it out...but I can't get far with it. The svchost.exe function (k netsvcs) that's causing the problem has a long list of at least a dozen functions. I'm not a software professional, just an old guy trying to use
  his Win XP Svc Pack 3 computer that otherwise works great. That notwithstanding, I'm often able to figure out the solution to problems, but this one has me stumped!
  I've done a full Norton scan, and also tried a couple of suggested malware products, non of which find any threats. My windows update service is set to notify me of updates...not to update automatically. I don't seem to be getting any notifications anymore.
  :<((
  I need help, please, to solve this problem.

  Bob,
  A Christmas miracle. Today it worked. I checked the box for automatic installation of upgrades, rebooted, and what was soon awaiting on my desktop but some downloads waiting to be installed. Puzzling: for some reason the system isn't recognizing how the
  boxes are checked. In any event, I don't know it it was that or the steps I went thru yesterday from Ehow, but it worked. I had earlier today confirmed thru Process Explorer that it was in fact the automatic update service that was causing the problem. Whatever...I'm
  happy, and thanks for your help!
  Cookie

• How to retain socket connection for multiple requests in java 1.3

  Hi All,
  My problem is to retain client socket connection without opening and closing socket connection for every request.I want to open the socket connection once and send multiple requests one after the other based upon the response over the same socket.Finally I want to close the socket only after completing all my requests and receiving respective responses.I don't want to open and close the socket for each request and response.While at the same time I expect the socket to send each request only after receiving the response for the previous request.
  I am using java 1.3 and I am looking for the solution in same version.
  Please help me .
  Thanx in advance.

  Look at my response to "Telnet to Unix box from Java"
  http://forum.java.sun.com/thread.jsp?forum=31&thread=437231
  on "Java Programming" forum. It does exactly that to run the signon and a command. It would be easy to extend it to do multiple commands.

• Ability to open multiple SQL Worksheets for the same connection

  Hi,
  Please allow the ability to open multiple SQL Worksheets for the same connection, now only one can be opened.
  Thanks

  Logged Bug 9000801 - ea1: otnforum: worksheet launcher does not remember the last/default connection
  -Raghu

• Create one connection for multiple dynaset reads

  I am using VC 6.0 with the OO40 class. I am processing a text file in a console batch mode. The file can contain 1 record or hundreds of records. I would like to open the db connection/session once and read the database multiple times - one for each record being processed. What is happening is that the first record is read, and processed. The subsequent records are not read and the dynaset still points to the first record. I have the dynaset read process in a function - so that the dynaset is destroyed and recreated everytime. What am I doing wrong.

  As for your question: it is discussed in sAP online help:
  http://help.sap.com/saphelp_erp60_sp/helpdata/en/c6/f841f24afa11d182b90000e829fbfe/frameset.htm
  Sorry I misunderstood your question.
  The above mentioned solution won't create one single TO from multiple TR.
  Edited by: Csaba Szommer on Aug 11, 2010 9:46 AM

• Multiple vnc console connections for guest vm

  Is there anyway to allow multiple computers to connect to the same guest VNC console?
  I noticed in the vm.cfg there were multiple VNC options and I attempted to play with them to see if I could get multiple console connections to work. After editing the file and restarting the guest vm I couldn't get multiple connections. The VM Server users guide didn't provide any clarity on what the VNC commands in the vm.cfg do, just some examples of guest configs. Can anyone enlighten me on how to do this or possibly refer to a link if this question has been asked in the past.
  Thanks,
  nathan

  Q1:Is there anyway to allow multiple computers to connect to the same guest VNC console?
  I suggest that you config/start vnc server on guest OS, and you may connect it from different computers. it make sense for you?
  Q2:Can anyone enlighten me on how to do this or possibly refer to a link if this question has been asked in the past.
  Pleaser refer to this link to know more about VNC options in vm.cfg.
  http://download.oracle.com/docs/cd/E11081_01/doc/doc.21/e10898/troubleshoot.htm#CIHCFDGG

• Svchost.exe taking up almost all of my cpu after the computer has been running for a number of hours

  My computer is almost a year old and it is a custom build gaming rig with the following specs
  Intel Core i5-3570k CPU @ 3.40GHz
  8.0GB of Ram
  AMD Radeon HD 6870
  running windows 8.1
  The issue is that after a few hours my computer starts to drastically drop in performance. This is due to two reasons. Firstly explore.exe starts to use up my cpu. I can easily stop this by using process explorer to close the offending thread (only 1 thread
  i causing the issue, the rest are using minimal cpu) killing this thread reduces the cpu and appears to have no concequence in terms of functionality of my pc.
  After this on average ten minutes later what happen is that svchost.exe starts using from 40%-60% of my cpu at which point if I do not quit any game I am playing my computer will crash. using process explorer to find the offending threads lead me to a thread
  with a TID of 1836. If I kill this process I lose internet connection. Yet before this happens there is no sign of this thread. It appears to not be present until the issue appears and when it does appear this process is essential to my internet connection.
  Please can someone help me

  Please provide us with your Event Viewer administrative logs by following these steps:
  Click Start Menu
  Type eventvwr into Search programs and files (do not hit enter)
  Right click eventvwr.exe and click Run as administrator
  Expand Custom Views
  Click Administrative Events
  Right click Administrative Events
  Save all Events in Custom View As...
  Save them in a folder where you will remember which folder and save as Errors.evtx
  Go to where you saved Errors.evtx
  Right click Errors.evtx -> send to -> compressed (zipped) folder
  Upload the .zip file to skydrive or a file sharing service and put a link to it in your next post
  If you have updated to win 8.1 and you get the error message "the system cannot find the file specified" it is a known problem.  The
  work around is to edit the registry.  If you are not comfortable doing this DONT.  If you are, backup the key before you do
  Press Win+"R" and input regedit
  Navigate to:
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels. Delete "Microsoft-Windows-DxpTaskRingtone/Analytic"
  Wanikiya and Dyami--Team Zigzag

• 2008 R2 - Memory Leak from svchost.exe - Module "rpcrt4" is the culprit

  Hi All
  Over the past week or so (after a set of Windows updates and restart) svchost.exe has increasingly used more and more memory. It probably gobbles up an extra 1GB per day and doesn't relent. 
  After running various diagnostics, the debug diagnostic tool finally provided me this information after a memory leak test:
  rpcrt4.dll is responsible for 1.76 GBytes worth of outstanding allocations. The following are the top 2 memory consuming functions:
  rpcrt4!AllocWrapper+2b: 1.76 GBytes worth of outstanding allocations.
  rpcrt4!Ndr64ClientInitialize+964: 1.36 MBytes worth of outstanding allocations.
  Detailed module report(Memory)
  Module details for rpcrt4
  Module Name   rpcrt4 
  Allocation Count   946941 allocation(s) 
  Allocation Size   1.76 GBytes 
  Module Information 
  Image Name: C:\Windows\System32\rpcrt4.dll   Symbol Type:  PDB 
  Base address: 0x00000003`00905a4d   Time Stamp:  Sat Nov 20 13:13:18 2010  
  Checksum: 0x00000000`00000000   Comments:   
  COM DLL: True   Company Name:  Microsoft Corporation 
  ISAPIExtension: False   File Description:  Remote Procedure Call Runtime 
  ISAPIFilter: False   File Version:  6.1.7601.17514 (win7sp1_rtm.101119-1850) 
  Managed DLL: False   Internal Name:  rpcrt4.dll 
  VB DLL: False   Legal Copyright:  © Microsoft Corporation. All rights reserved. 
  Loaded Image Name:  rpcrt4.dll   Legal Trademarks:   
  Mapped Image Name:     Original filename:  rpcrt4.dll 
  Module name:  rpcrt4   Private Build:   
  Single Threaded:  False   Product Name:  Microsoft® Windows® Operating System 
  Module Size:  1.18 MBytes   Product Version:  6.1.7601.17514 
  Symbol File Name:  c:\symcache\rpcrt4.pdb\7D748DA6D7454C9EA38C8CEF1C9E75F22\rpcrt4.pdb   Special Build:  & 
  rpcrt4!AllocWrapper+2b  has 944,468 allocations! 
  I'm running 2008 R2 64bit with anywhere up to 80/100 simultaneous RDP connections at any one time.
  Can anyone help or advise as I cannot find any hotfixes for this issue.
  Thanks
  Ryan

  Hi Ryan,
  Please narrow it down to the specific service that is having the issue.  That way you will know where to focus on.
  For the specific svchost.exe that is showing the large memory usage, use task manager/process explorer/etc. to determine which service(s) are running within it.  If there are multiple services running within it, I recommend you isolate them and then
  restart your server.  For example, say you determined that the following services are running in the "problem" svchost.exe: AudioEndpointBuilder, Netman, TrkWks, UmRdpService, Uxsms.  You would open an admin command prompt and enter the following
  commands:
  sc config AudioEndpointBuilder type= own
  sc config Netman type= own
  sc config TrkWks type= own
  sc config UmRdpService type= own
  sc config Uxsms type= own
  After entering the above commands you would restart your server for the changes to take effect.  Over time you would monitor memory usage of the suspect services, and eventually it will become apparent which one is using too much memory.
  Thanks.
  -TP

• Having problem with svchost.exe/ntdll.dll errors causing GPSVC (Group Policy Client) to crash preventing users from logging into the server.

  Recently (within the past 2 weeks) I have noticed a few of our servers will have problems with the svchost.exe application causing the GPSVC (Group Policy Client) to crash. The only fix at that point is to reboot the server since the GPSVC service is tied
  to svchost.exe and therefore is protected from being manually restarted.
  I noticed the following errors when this occurs:
  Log Name:      Application
  Source:        Application Error
  Date:          7/23/2013 4:35:26 AM
  Event ID:      1000
  Task Category: (100)
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      Server1.xxx.xxx.net
  Description:
  Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
  Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
  Exception code: 0xc0000024
  Fault offset: 0x00000000000cd7d8
  Faulting process id: 0x46c
  Faulting application start time: 0x01ce877f9476ac07
  Faulting application path: C:\Windows\system32\svchost.exe
  Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
  Report Id: d252d26d-f372-11e2-8ad4-005056ac00e8
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Application Error" />
      <EventID Qualifiers="0">1000</EventID>
      <Level>2</Level>
      <Task>100</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2013-07-23T08:35:26.000000000Z" />
      <EventRecordID>158950</EventRecordID>
      <Channel>Application</Channel>
      <Computer>AAW19XM2.agency.nwie.net</Computer>
      <Security />
    </System>
    <EventData>
      <Data>svchost.exe</Data>
      <Data>6.1.7600.16385</Data>
      <Data>4a5bc3c1</Data>
      <Data>ntdll.dll</Data>
      <Data>6.1.7601.17725</Data>
      <Data>4ec4aa8e</Data>
      <Data>c0000024</Data>
      <Data>00000000000cd7d8</Data>
      <Data>46c</Data>
      <Data>01ce877f9476ac07</Data>
      <Data>C:\Windows\system32\svchost.exe</Data>
      <Data>C:\Windows\SYSTEM32\ntdll.dll</Data>
      <Data>d252d26d-f372-11e2-8ad4-005056ac00e8</Data>
    </EventData>
  </Event>
  All of our servers are running Server 2008 R2 Enterprise where we use Citrix to deliver desktop sessions to our users, but some are virtual and some are physical. This seemingly impacts our virtual machines more, and our VMs are hosted through VMWare, however,
  about 5 months ago a similar error fired on a non-virtual machine:
  Log Name:      Application
  Source:        Application Error
  Date:          2/27/2013 6:57:58 AM
  Event ID:      1000
  Task Category: (100)
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      AAW29033
  Description:
  Faulting application name: svchost.exe_gpsvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
  Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
  Exception code: 0xc0000024
  Fault offset: 0x00000000000cd7d8
  Faulting process id: 0x6c0
  Faulting application start time: 0x01ce14e1af313fd9
  Faulting application path: C:\Windows\system32\svchost.exe
  Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
  Report Id: ed3d01c4-80d4-11e2-9128-b499baa9e5e8
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Application Error" />
      <EventID Qualifiers="0">1000</EventID>
      <Level>2</Level>
      <Task>100</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2013-02-27T11:57:58.000000000Z" />
      <EventRecordID>286291</EventRecordID>
      <Channel>Application</Channel>
      <Computer>AAW29033</Computer>
      <Security />
    </System>
    <EventData>
      <Data>svchost.exe_gpsvc</Data>
      <Data>6.1.7600.16385</Data>
      <Data>4a5bc3c1</Data>
      <Data>ntdll.dll</Data>
      <Data>6.1.7601.17725</Data>
      <Data>4ec4aa8e</Data>
      <Data>c0000024</Data>
      <Data>00000000000cd7d8</Data>
      <Data>6c0</Data>
      <Data>01ce14e1af313fd9</Data>
      <Data>C:\Windows\system32\svchost.exe</Data>
      <Data>C:\Windows\SYSTEM32\ntdll.dll</Data>
      <Data>ed3d01c4-80d4-11e2-9128-b499baa9e5e8</Data>
    </EventData>
  </Event>
  I've searched and cannot seem to find any information as to what may be causing this, or even really where to start. Would someone be able to help me identify what might be causing this event, specific with the Exception code: 0xc0000024, which causes
  the Group Policy Client service to stop?

  You still out there looking at things? If so I have an update. The issue hasn't stopped, even though it did seemingly die down for awhile, however, it is now back with a vengeance.
  I am able to force it to happen by killing the svchost process that is hosting GPSVC. If I run gpupdate /force, then logout/login it does get GPSVC running again. Furthermore, if I simply start svchost again via the Task Manager GPSVC starts running again.
  When I access the server remotely with KVM it acts just like it does as if I'm logging into it via Citrix/RDP which for Admin IDs gives an error saying "Failed to connect to a windows service. Windows could not connect to the Group Policy Client service...",
  however, normal user accounts just get a message when logging into the server "The Group Policy Client Service Failed the Logon. Access is denied."
  I haven't opened a case with Microsoft yet, but we about ready to because of the increase in these errors.
  If you have any further suggestions that would be great, otherwise I'll provide an update once I get word back from Microsoft.
  **EDIT -- apparently I mistook the the server's SCM's actions as my own. I was able to successfully crash the GPSVC service by killing the hosting svchost process, however, after I crashed it and let it sit crashed for awhile when I attempted
  to restart either by starting a svchost task, or running gpupdate /force it failed. Either that, or there is a timing issue where if we don't restart the svchost process, or run gpupdate /force quickly enough it won't be able to recover without a reboot.

• Windows Server 2008 R2 - When svchost.exe memory-leaks Outlook does not load properly

  Hi all,
  We have a server which runs Windows Server 2008 R2, fully updated, and acts as a Terminal Server (Citrix XenApp 6.5).
  In the past couple months we have had problems with svchost.exe leaking memory, growing to 2-3GB of RAM usage. Sometimes is occurs with weeks between the incidents, sometimes days. To solve the issue we have to reboot the server.
  When this occurs, Outlook (fully updated) doesn't start for any users at all. Outlook doesn't continue from the "Loading profile.."-stage. The users who already has Outlook started doesn't have any problems, unless they close Outlook ;) . 
  The svchost.exe is the one which runs the services:
  NSI
  WinHttpAutoProxySvc
  W32Time
  Netprofm
  FontCache
  EventSystem
  We've patched the server with KB2847346 but with no result. Patch KB2950358 is not applicable..
  Any ideas?

  svchost is hosting multiple services. when the issue occurs you can use sysinternals procmon (or enable the command line column in task manager process tab) to view to determine which service is using that much memory.
  MCP/MCSA/MCTS/MCITP
  Did you read my whole post, or did you just misunderstand the part were I wrote:
  The svchost.exe is the one which runs the services:
  NSI
  WinHttpAutoProxySvc
  W32Time
  Netprofm
  FontCache
  EventSystem"
  I know that svchost.exe runs ALOT of services, so when the problem occurred I checked which services the specific svchost.exe runs. Everytime it happens the svchost.exe (which leaks and has 2-3GB mem usage) runs this specific services.