SQL Server Performance Forum – Threads Archive

svchost.exe application error

Windows Server 2003, no SP, MSCS 2 nodes cluster.
The cluster hosts theses applications: SQL Server 2K SP3a
Oracel 9i Patch Set 04
File System (Users Shares)
Lotus Domino 6.5.3 Once in a while we receive the following errror on the Application event log:
Faulting application svchost.exe, version 5.2.3790.0, faulting module
ntdll.dll, version 5.2.3790.0, fault address 0x000070fe. This error cause other errors on the System event log: Cluster File Share resource ‘FS_Dati_Share’ has failed a status check. The
error code is 2114.
Cluster file share resource FS_Dati_Share failed to start with error 2114.
…and so on until the "File System Group" do a failover on the other node.
Any idea?
Please advise
—
Franco
Franco

hope this will help you
http://www.microsoft.com/resources/…s/2000/server/reskit/en-us/w2000Msgs/4894.asp says Error Message:
Cluster File Share resource ‘name’ has failed a status check. The error code is code. Explanation:
If the status check of an online file share fails for any other reason than the file share having been deleted, this error occurs. The error outputs a data value, which provides the exact cause. The cause indicates the recovery action. User Action:
This error returns a data value. To find the meaning of the data value: In Event Viewer, double-click the event message. In Event Detail, select the Words option above the Data box. On the command line, type "net helpmsg data number", where data number is the number you see in the Data box. Recommended action depends on the specific data value.

Your main issue here is ntdll.dll/svchost.exe . When it fails then the other services you have like file shares will also fail. Sounds unlikely that a program would overwrite this file since it’s related to the operating system. I would do a virus scan and check for viruses and other malicious software. There are known trojans/viruses targeting this service if you run without service pack or hotfix for windows 2003. See the so called LSASS vulnerability:
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

We are getting same message.
Any body has solution/advise. Thanks
SMS

Hi, its because of svchost.exe holds services run on an OS and if it found violation / restrict (dont restrict it in firewall / microsoft anti spyware , its a necessary service), more over see if netlogon service fails and patch your system with all necessary patches and sp see if this help …. <a href=’http://support.microsoft.com/default.aspx?scid=kb;en-us;284850′ target=’_blank’ title=’http://support.microsoft.com/default.aspx?scid=kb;en-us;284850′<a target="_blank" href=http://support.microsoft.com/default.aspx?scid=kb;en-us;284850>http://support.microsoft.com/default.aspx?scid=kb;en-us;284850</a></a> <a href=’http://support.microsoft.com/default.aspx?scid=kb;en-us;269375′ target=’_blank’ title=’http://support.microsoft.com/default.aspx?scid=kb;en-us;269375′<a target="_blank" href=http://support.microsoft.com/default.aspx?scid=kb;en-us;269375>http://support.microsoft.com/default.aspx?scid=kb;en-us;269375</a></a> <a href=’http://support.microsoft.com/default.aspx?scid=kb;en-us;843554′ target=’_blank’ title=’http://support.microsoft.com/default.aspx?scid=kb;en-us;843554′<a target="_blank" href=http://support.microsoft.com/default.aspx?scid=kb;en-us;843554>http://support.microsoft.com/default.aspx?scid=kb;en-us;843554</a></a> <a href=’http://support.microsoft.com/default.aspx?scid=kb;en-us;309615′ target=’_blank’ title=’http://support.microsoft.com/default.aspx?scid=kb;en-us;309615′<a target="_blank" href=http://support.microsoft.com/default.aspx?scid=kb;en-us;309615>http://support.microsoft.com/default.aspx?scid=kb;en-us;309615</a></a> [<img src=’/community/emoticons/emotion-2.gif’ alt=’

‘ />] HTH Regards. hsGoswami [email protected] "Humans don’t have Caliber to PASS TIME , Time it self Pass or Fail Humans" – by Hemant Goswami

]]>