EBS Console crashes every 5-7 days

[Today's post comes to us courtesy of Wayne McIntyre, Damian Leibaschoff, Chris Puckett, and Justin Crosby]

Microsoft recently published a hotfix for resource exhaustion in the TDI interface of Windows 2008 in KB 961775. This resource exhaustion may occur when a third-party legacy Transport Driver Interface (TDI) filter driver is installed on the computer. TDI filter drivers may be used by some antivirus software.

961775 A Windows Server 2008 or Windows Vista SP1 system encounters user authentication failure and a large number of leaked handle for the system process when it is installed on a machine with multiple processors and TDI filter drivers are installed  

You can obtain the hotfix here.

If you are encountering this issue with EBS 2008, here’s a rundown of the symptoms you may experience.


1. The EBS Console fails to open on the Management server every 5-7 days with the following message.

Windows Essential Business Server Administration Consol has stopped working

A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.


2. If it was left open, it may display an error all of a sudden: The server is not operational.


3. The Active Directory Tools open with an error:

Naming information cannot be located for the following reason: The server is not operational.


4. You may not be able to browse the internet from the EBS Management server.

5. The following events will appear in the referenced event logs on the EBS Management server.


System Event Log:

Log Name:      System

Source:        Microsoft-Windows-GroupPolicy

Event ID:      1054

Level:         Error

User:          SYSTEM


The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.

DNS Server Event log:

Log Name:      DNS Server

Source:        Microsoft-Windows-DNS-Server-Service

Event ID:      408

Level:         Error


The DNS server could not open socket for address

Verify that this is a valid IP address for the server computer.  If it is NOT valid use the Interfaces dialog under Server Properties in the DNS Manager to remove it from the list of IP interfaces.  Then stop and restart the DNS server. (If this was the only IP interface on this machine and the DNS server may not have started as a result of this error.  In that case remove the DNS\Parameters\ ListenAddress value in the services section of the registry and restart.)


If this is a valid IP address for this machine, make sure that no other application (e.g. another DNS server) is running that would attempt to use the DNS port.


For more information, see "DNS server log reference" in the online Help.

Log Name:      DNS Server

Source:        Microsoft-Windows-DNS-Server-Service

Event ID:      404

Level:         Error


The DNS server could not bind a Transmission Control Protocol (TCP) socket to address  The event data is the error code.  An IP address of can indicate a valid "any address" configuration in which all configured IP addresses on the computer are available for use.

Restart the DNS server or reboot the computer.

Operations Manager Event Log:

Log Name:      Operations Manager

Source:        System Center Essentials

Event ID:      30102

Level:         Warning


The SCE Group identified by


could not synchronize to its associated WSUS Group identified by


because a connection to the WSUS server could not be made.  

The synchronization will be retried.

Management Group: EBSMGMTSRV_MG

Rule: System.SCE.MP.GroupSynchronizationRule

Instance: ‘<GUID>’. ‘<GUID>’

Instance Id:{GUID}

The following error occurred.

System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full ::1:8530

   at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)

   at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP)

   at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)

   --- End of inner exception stack trace ---

   at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)

   at Microsoft.UpdateServices.Administration.AdminProxy.GetUpdateServer()

   at Microsoft.EnterpriseManagement.SCE.Modules.DeploymentGroupWriteActionModule.UpdateWsusGroupTargets(ReadOnlyCollection`1 computerNames)

   at Microsoft.EnterpriseManagement.SCE.Modules.DeploymentGroupWriteActionModule.UpdateWsusGroup(ReadOnlyCollection`1 computerNames)

Comments (3)

  1. Anonymous says:

    214 Microsoft Team blogs searched, 101 blogs have new articles in the past 7 days. 237 new articles found

  2. Anonymous says:

    2008 Has introduced one of the most interesting AD problems I have come across….Unfortunately for me

  3. James (J Blog) says:

    Unreal work – I dont use EBS at all, but the article solved a huge mystery for me with Standard 2008 Also which has been annoying me for months – thank you 🙂

Skip to main content