"Workstation" and "Server" Services Keep Stopping

Question

On one (or more) of our Windows Server 2003 R2 servers the "Server" and "Workstation" services keep stopping. There's nothing in the event viewer that would indicate why (no errors). I recall seeing it once on one server but after I started the services it hasn't had any problems since. However, on one of the other servers they stop all the time.

They are in a remote data center (with a 2008 DC on-site) that is a replication site (the primary DCs are over here). The server has quad NIC's with 2 disabled, one plugged into the switch (static IP, Windows Networking enabled) and one plugged into another server (static IP, windows networking enabled, no DNS, etc.).

What sort of troubleshooting can I do to diagnose this? Any other ideas why these services would keep stopping?

Edit: All the servers are completely patched (Autoupdate is turned ON) and two separate on-demand virus scanners reported no issues. They are servers and firewalled off from the general internet so generally not much is run on them.

With out knowing what service or genera of service it is hard to tell where to start. Can you give more specifics? — Thomas Denton, May 14 '09 at 18:59
I've seen the same problem in two different machines. Haven't found enything as well. Weird problems are the worse problems. So far I've just set the services to autorestart when they die... — Vinko Vrsalovic, Jul 18 '09 at 09:53

score 3 · Accepted Answer · answered May 14 '09 at 22:42

3

What does 'all the time' mean? If it happens once a day or so I would write I small script to test the services for their running state to find out whether they stop at a specific time. Then try to find out what else is happening at the same time.

If it happens every few minutes, I would monitor the processes with SysInternal's 'Process Monitor' to find out which files/threads are accessed last before they crashed.

answered May 14 '09 at 22:42

Peter Hahndorf

14,058
3
41
58

"once a day or so". What kind of script? Can I use .bat files and some combination of net stop/start – Matt Rogish May 14 '09 at 23:09
You should be able to find out the failure time without a script. On the 'recovery' tab of the service select 'restart the service' I would expect this would create an entry in the event log which you can check once a day. If it doesn't you can use 'run a program' and start a batch file that creates a directory 'mkdir c:\servicefailure', you can then check the creation date of that directory. – Peter Hahndorf May 15 '09 at 02:22

score 2 · Answer 2 · answered May 14 '09 at 20:04

2

Wow, I would scan the system right away. There are some attacks to windows servers/clients that cause this kind of behavior. Of course, this would be less of a problem if:

You have AV running on the box
The server/client is well patched (windows updates)

Might want to specifically look for good'ol conflicker!

Good Luck!

answered May 14 '09 at 20:04

l0c0b0x

11,867
7
47
76

It's completely patched and firewalled off, but I'll run a conflicker checker – Matt Rogish May 14 '09 at 20:06

"Workstation" and "Server" Services Keep Stopping

2 Answers2