[Today's post comes to us courtesy of Wayne McIntyre, Damian Leibaschoff, Chris Puckett, and Justin Crosby]
Microsoft recently published a hotfix for resource exhaustion in the TDI interface of Windows 2008 in KB 961775. This resource exhaustion may occur when a third-party legacy Transport Driver Interface (TDI) filter driver is installed on the computer. TDI filter drivers may be used by some antivirus software.
961775 A Windows Server 2008 or Windows Vista SP1 system encounters user authentication failure and a large number of leaked handle for the system process when it is installed on a machine with multiple processors and TDI filter drivers are installed
You can obtain the hotfix here.
If you are encountering this issue with EBS 2008, here’s a rundown of the symptoms you may experience.
1. The EBS Console fails to open on the Management server every 5-7 days with the following message.
Windows Essential Business Server Administration Consol has stopped working
A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.
2. If it was left open, it may display an error all of a sudden: The server is not operational.
3. The Active Directory Tools open with an error:
Naming information cannot be located for the following reason: The server is not operational.
4. You may not be able to browse the internet from the EBS Management server.
5. The following events will appear in the referenced event logs on the EBS Management server.
System Event Log:
Log Name: System
Event ID: 1054
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name Sysytem (DNS) is configured and working correctly.
DNS Server Event log:
Log Name: DNS Server
Event ID: 408
The DNS server could not open socket for address 0.0.0.0.
Verify that this is a valid IP address for the server computer. If it is NOT valid use the Interfaces dialog under Server Properties in the DNS Manager to remove it from the list of IP interfaces. Then stop and restart the DNS server. (If this was the only IP interface on this machine and the DNS server may not have started as a result of this error. In that case remove the DNS\Parameters\ ListenAddress value in the services section of the registry and restart.)
If this is a valid IP address for this machine, make sure that no other application (e.g. another DNS server) is running that would attempt to use the DNS port.
For more information, see "DNS server log reference" in the online Help.
Log Name: DNS Server
Event ID: 404
The DNS server could not bind a Transmission Control Protocol (TCP) socket to address 0.0.0.0. The event data is the error code. An IP address of 0.0.0.0 can indicate a valid "any address" configuration in which all configured IP addresses on the computer are available for use.
Restart the DNS server or reboot the computer.
Operations Manager Event Log:
Log Name: Operations Manager
Source: System Center Essentials
Event ID: 30102
The SCE Group identified by
could not synchronize to its associated WSUS Group identified by
because a connection to the WSUS server could not be made.
The synchronization will be retried.
Management Group: EBSMGMTSRV_MG
Instance: ‘<GUID>’. ‘<GUID>’
The following error occurred.
System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full ::1:8530
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
--- End of inner exception stack trace ---
at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object args)
at Microsoft.EnterpriseManagement.SCE.Modules.DeploymentGroupWriteActionModule.UpdateWsusGroupTargets(ReadOnlyCollection`1 computerNames)
at Microsoft.EnterpriseManagement.SCE.Modules.DeploymentGroupWriteActionModule.UpdateWsusGroup(ReadOnlyCollection`1 computerNames)