ProLiant Servers (ML,DL,SL)
cancel
Showing results for 
Search instead for 
Did you mean: 

Proliant Buffer Overflow Problem

Jeremy_43
Occasional Advisor

Proliant Buffer Overflow Problem

I am running Windows 2000 Server on a Compaq Proliant ML370 G3 and up until 2 months ago, all had been a dream. All the sudden, I get a few errors from Windows:

Source: Userenv
Event ID: 1000
Message: Windows cannot query for the list of Group Policy objects . A
message that describes the reason for this was previously logged by this
policy engine.
Number Of Time Before Crash: 4

Source: Userenv
Event ID: 1000
Message: Windows cannot connect to starprecision.com with (0x2747).
Number Of Time Before Crash: 3

Source: Userenv
Event ID: 1000
Message: Windows cannot determine the user or computer name. Return value
(14).

These errors, along with application related errors point to a "Buffer Overflow" that is happening causing my Active Directory to be inaccessible and then the server has to be rebooted. The server never stays up more than 4 days without this happening. Just as a precaution, I've uninstalled all Compaq/HP related tools as the first errors pointed toward a Performance Counter for the NIC and still, I get the same problem. I have uninstalled all applications that would run on the server but still...I get the problem. Anyone experience this? I can get any logs for your that you'd need to help me diagnose this. Thanks in advance, Jeremy
12 REPLIES
Ken Henault
Honored Contributor

Re: Proliant Buffer Overflow Problem

Did anything change two months ago? Did you start adding Windows Server 2003 or Windows XP systems in you environment?

Check to make sure you have given the "Domain Computers" object Read & Apply Group Policy permissions in the GP, also if there XP machines also make sure you give Domain Computers or the computer account read access to the OU
Ken Henault
Infrastructure Architect
HP
Jeremy_43
Occasional Advisor

Re: Proliant Buffer Overflow Problem

I have no XP machines on this network. I did have a problem with a domain controller that had a hard drive go out and there was no way to get the system back up so this new Compaq server had to seize roles and when that happened, the Directory was jacked up. I fixed the directory and all directory related issues and also updated all drivers and such from Microsoft and Compaq. Not sure if any of those drivers messed things up but at first, I'd get driver related errors that mentioned a buffer overflow regarding the NIC's Performance Counters installed by Compaq. I don't know where to go next. I have added an additional DC to the network to see if it has the same results and if so, I know there is something wrong with the directory but I'm sure that won't happen. If my new DC works for a week without having the same problems, I'll probably have to reinstall windows on this Compaq machine and I would hate to do that. Please give me any ideas or anything I can give you to help me out. Thanks, Jeremy
Neal Bowman
Respected Contributor

Re: Proliant Buffer Overflow Problem

It sounds as if the object for this computer has been corrupted in some manner. I would suggest removing the computer from your AD, providing the username and password of a domain administrator, and letting a replication cycle go by. You can force a replication if you do not want to wait the 5-15 minutes. Reboot your computer into the workgroup environment and make sure all comes up clean. If you have any services that are starting as a domain user or service account, you may see errors about services failed to start. Check your event logs to see which services are affected.

Once the computer account is no longer seen in AD, go back and add the computer back into the AD, again providing username and password of an authorized domain administrator. Once you receive the Welcome to domain X message, reboot your computer and again, check the event logs for clean startups. Good luck!
Jeremy_43
Occasional Advisor

Re: Proliant Buffer Overflow Problem

I have clean startups everytime I boot up but after a few days, 4 max, I get these errors. Like I said, I all the errors lead to a Buffer Overflow. Would Service Pack 4 cause this? Thanks, Jeremy
Jeremy Whitlock
Occasional Visitor

Re: Proliant Buffer Overflow Problem

I am back, under a new name, and now I came to give more information. Here are the apps installed:

Apache
IMail
MySQL
Office XP

Those are the only apps installed. For some reason, I keep getting a buffer overflow that causes all network related items hosted by this server to go down. Can someone help me diagnose this Buffer Overflow? Thanks, Jeremy
Neal Bowman
Respected Contributor

Re: Proliant Buffer Overflow Problem

Confirm your DNS settings for this server are correct.

Event ID 1000 Is Logged in the Application Event Log (261007)
SYMPTOMS
The following event may be logged in the Application event log:

Event ID: 1000
Event Source: Userenv
Description:
Windows cannot determine the user or computer name. Return value (1722).
The client computer may also experience an extremely slow logon.
CAUSE
This behavior can occur if the address for the configured preferred DNS server on the client is invalid or unreachable.
RESOLUTION
To resolve this behavior, correct the DNS address in the Internet Protocol (IP) properties:
Right-click My Network Places, and then click Properties.
Right-click Local Area Connection, and then click Properties.
Click Internet Protocol (TCP/IP), and then click Properties.
Type the correct DNS address in the Preferred DNS server box.
The information in this article applies to:
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Professional

Are you using DHCP for IP addresses or is this server using static IP config? Look closely at the settings. Can you ping from the server by IP address? By remote hostname?
Jeremy Whitlock
Occasional Visitor

Re: Proliant Buffer Overflow Problem

I've checked DNS and DHCP but I'll do it again. I can successfully ping by IP or hostname until this event starts happening, which is usually 3-4 days after a reboot. When I reboot, all services start with no errors and all replication happens with no problems either. Then, aroun day 3-4, all network traffic to and from the server is rejected due to a buffer overflow but with no error related to why it happens or what is causing it. If you think of anything, let me know otherwise, assume that I've already checked DNS and DHCP and they are correct. If they aren't, I'll update. Thanks, Jeremy
Jeremy_43
Occasional Advisor

Re: Proliant Buffer Overflow Problem

I've replaced my password so I can now reassign points. :) Anyways, I use static IP addresses for all servers and system. I have a lot of 25 DHCP IP addresses that are used for laptops, wireless and visitor computers. I have checked my DNS setup for the problematic server and it points to itself as the preferred DNS since it is the main DNS Server for our network. Got anymore ideas? Thanks in advance, Jeremy
Jeremy_43
Occasional Advisor

Re: Proliant Buffer Overflow Problem

Oh yeah, I can run dcdiag and netdiag with no errors. I have other log files that might interest you. If you feel that you need logs or more information, just ask. Thanks, Jeremy
Neal Bowman
Respected Contributor

Re: Proliant Buffer Overflow Problem

My next suggestion would be to remove the server from AD into a workgroup environment. I would then change the name of the server and then rejoin the domain with the new name. Watch for a few days. If all works out, then you will know it is a corrupted object in the domain. I don't know what applications are running on this server, but you may have to adjust other settings as well, besides repointing the clients to the new server name. Maybe you can setup a CNAME in DNS to point clients back to the new server name.

You mentioned in a later message that a HD crashed, and crapped your AD. Was this server already a DC when you attempted to seize the role of the server with the failed HD?

What events are in the logs of the other DCs when this machine drops off the network? Is the hardware time set correctly? Is DNS configured to only send updates to certain DNS servers? If functioning as DHCP server, is it authorized in AD?

It may be easier to reload the OS and applications, join the domain, then restore application data from a backup device.
Jeremy_43
Occasional Advisor

Re: Proliant Buffer Overflow Problem

I tried your suggestions but that didn't fix it. I reinstalled the operating system, named the computer a different name, joined the domain, installed all apps and got back to the original state but I got the errors a few days later, on vacation no less. Now, I'm on vacation and trying to diagnose this problem remotely. Can someone give me more information on a Buffer Overflow and what could cause them? I need to get this fixed and I'm worried it might be an issue with the on board NIC. Please help as I'm in desparate need. Thanks, Jeremy
Johan Johansson
Occasional Visitor

Re: Proliant Buffer Overflow Problem

Hi!

I have the same server as Jeremy, and I have the same problem. after 4-6days i got the same problem.

Starts with:
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 2005-05-08
Time: 08:06:52
User: NT AUTHORITY\SYSTEM
Computer: ID-NT1
Description:
Windows cannot connect to idata.se with (0x2747).

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 2005-05-08
Time: 08:06:52
User: NT AUTHORITY\SYSTEM
Computer: ID-NT1
Description:
Windows cannot query for the list of Group Policy objects . A message that describes the reason for this was previously logged by this policy engine.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 2005-05-08
Time: 08:11:54
User: NT AUTHORITY\SYSTEM
Computer: ID-NT1
Description:
Windows cannot determine the user or computer name. Return value (1130).

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 2005-05-09
Time: 08:09:47
User: NT AUTHORITY\SYSTEM
Computer: ID-NT1
Description:
Windows cannot obtain the domain controller name for your computer network. Return value (59).