MMC.exe stops responding for up to 5 minutes during AD GPO browse / edit

Discussion in 'Active Directory' started by Lehman's Old-time Hardware - System Administrator, Jun 16, 2004.

  1. [Symptoms]
    Editing GPOs on our Windows 2000 SP4 Server (Active Directory) takes up to
    15 minutes, for example:

    - Click on the "plus" sign to expand the "Windows Settings" folder
    - Wait 5 minutes for the folder to expand
    - Open "Folder Redirection", right click on "My Documents" and click
    "Properties"
    - Wait 5 minutes for the properties window to appear
    - Make a change and save/close the window
    - Wait 5 minutes for the settings to be saved and the window to close

    When attempting to logon to the server from a Windows 98 PC while the GPO is
    not responding the logon script often freezes as well.

    I have seen KiXtart crash when the server is too slow to respond during
    logon script processing.

    Also have seen this cause problems for people using Outlook where the .pst
    file is on the server

    There have also been occasional reports where the file server performance is
    less than adequate, though there are only about 6-7 computers using this
    server for file storage at this point. Not able to pin-point if this
    relates or not.

    -------------------------------
    [Other notes that could relate]
    - The server CPU utilization does not go to 100%, but acts perfectly normal
    (that being around 1% most of the time.)
    - I am able to browse the Local Computer Policy without trouble.
    - If I open a new MMC from my local machine (runas
    /user:domain\administrator), I am able to add the GPO object that I need to
    edit and browse it without any freezes.
    - In other words, this problem ONLY happens when I edit a GPO while working
    on the server (either at the console or via Terminal Services).
    - I have been unable to find anything about this "issue" anywhere, though I
    remember reading something about Service Pack 4 causing problems for some
    people, but no one has mentioned this specific issue.
    - Had MS Client and Gateway Services for Novell installed for a while, but
    it has since been un-installed. (Problem existed when it was installed as
    well.)

    -------------------
    [Things I've tried]
    Tried contacting Dell via e-mail, but they responded that this is an
    "advanced" Windows problem, which would apparently require payment to help
    solve.

    Posted over 5 times to the Dell Forums with no response so far.

    Tested Windows 2000 with Service Pack 2, then Service Pack 3, and then
    Service Pack 4 using Microsoft Virtual PC Trial and discovered that none of
    those versions have this problem. (The Virtual PC trial was run on my local
    Windows XP Pro machine.)

    ------------------
    [Hardware Details]
    Make/Model: Dell PowerEdge 600SC
    Processor: Pentium 4 2.4 GHz
    Memory: 2 GB
    Hard Drive: 2 73 GB disks, mirrored
    Partitions: c:\ = 12 GB; D:\ = 56 GB
    NIC: Intel(R) PRO/1000 MT Network Connection

    ----------------------------------
    [Software / Configuration Details]
    .... See Below ...

    *******************
    [*** Questions ***]
    Has anyone else experienced this?
    Any suggestions on how to correct the problem?
    Is it a specific problem with Windows 2000 on Dell PowerEdge 600SC?
    Is it an issue with Service Pack 4?
    Could it be related to file serving performance issues with the same server?

    If any additional information would be helpful please post a reply.

    ---------------
    [To Test / Try]
    - Update test Windows 2000 SP4 setup in MS VPC Trial with the same updates
    applied from Windows Update.

    ----------------------------------
    [Software / Configuration Details]
    Windows 2000 SP4 came pre-installed from Dell

    Network Components:
    Client for Microsoft Networks
    File and Printer Sharing for Microsft Networks
    Network Monitor Driver
    Internet Protocol (TCP/IP) (NOTE: DNS server property in TCP/IP
    settings points to itself using its IP address, not 127.0.0.1)

    The server is the first and only domain controller in the Active Directory
    forest.

    Services loaded/running:
    Alert Notification Server
    Alerter
    APC PBE Agent
    APC PBE Server
    Automatic Updates
    Backup Exec Agent Browser
    Backup Exec Device & Media Service
    Backup Exec Job Engine
    Backup Exec Naming Service
    Backup Exec Remote Agent for Windows Servers
    Backup Exec Server
    COM+ Event System
    Computer Browser
    Dell OpenManage Server Agent
    Dell OpenManage Server Agent Event Monitor
    DHCP Client
    DHCP Server
    Disk Management Service
    Distributed File System
    Distributed Link Tracking Client
    Distributed Link Tracking Server
    Distributed Transaction Coordinator
    DNS Client
    DNS Server
    eTrust Antivirus Admin Server
    eTrust Antivirus Job Server
    eTrust Antivirus Realtime Server
    eTrust Antivirus RPC Server
    Event Log
    Event Log Watch
    File Replication Service
    IIS Admin Service
    Intersite Messaging
    IPSEC Policy Agent
    Kerberos Key Distribution Center
    KiXtart RPC Service
    License Logging Service
    mr2kserv
    MSSQL$BKUPEXEC
    MSSQLSERVER
    Net Logon
    Network Connections
    NT LM Security Support Provider
    Plug and Play
    Print Spooler
    Protected Storage
    Remote Procedure Call (RPC)
    Remote Procedure Call (RPC) Locator
    Remote Registry Service
    Removable Storage
    RunAs Service
    Secure Port Server
    Security Accounts Manager
    Server
    Simple Mail Transport Protocol (SMTP)
    SNMP Service
    Software Update Services Synchronization Service
    System Event Notification
    Task Scheduler
    TCP/IP NetBIOS Helper Service
    Terminal Services
    VNC Server
    Windows Management Instrumentation Driver Extensions
    Windows Time
    Wireless Configuration
    Workstation
    World Wide Web Publishing Service
     
    Lehman's Old-time Hardware - System Administrator, Jun 16, 2004
    #1
    1. Advertisements

  2. Ensure you have the latest security fixes installed you may also want to get
    841382. If it still occurs and if you would like do the following:

    1) download the OEM tools from
    http://www.microsoft.com/downloads/...58-890c-405f-b532-b751d9217ca4&DisplayLang=en

    Extract them and from the command line go to the userdump folder

    2) reproduce the problem for example in mmc.exe.
    2a) from the command line while the delay/hang occurs dump mmc.exe with
    userdump


    To dump it obtain the PID for mmc.exe and type

    userdump <the PID>

    Then send a pointer to the dump file

    This posting is provided "AS IS" with no warranties, and confers no rights.


    "Lehman's Old-time Hardware - System Administrator"
     
    Greg Lirette [MSFT], Jun 16, 2004
    #2
    1. Advertisements

  3. Thanks for the reply.

    I'm working on finding a place to upload the file.

    I assume it is OK to zip it before uploading? It is about 40 MB before
    compression, 14 MB after.

    -djz

     
    Lehman's Old-time Hardware - System Administrator, Jun 16, 2004
    #3
  4. You bet

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Greg Lirette [MSFT], Jun 16, 2004
    #4
  5. Dear Mr. Lirette,

    We have uploaded the zip file of the dump to:
    http://ads.lehmans.com/ms/mmc.zip

    If there is anything else I can do to help get to the bottom of this, please
    let me know.

    Thanks,

    -djz

     
    Lehman's Old-time Hardware - System Administrator, Jun 17, 2004
    #5
  6. Thanks, the dump was helpful in getting us further!


    The dump is a snap shot in time so a different dump may show a slightly
    different thing. Also this wasn't a complete memory dump but rather only
    mmc.exe so I only have the data available in that processes address space.

    Gptext.dll is loaded in the mmc.exe process, it spawned a new thread in the
    process, and the purpose of that thread is to load the ADM template. That
    thread is supposed to signal an event that it has done its work and we can
    proceed.

    We wait for 250 ms and if it is not signaled we then load the wait cursor
    and wait forever for it to be signaled. That is the state of what you see
    in the interface, you are in wait mode.

    In the other thread we spawned we are trying to copy a file. It could be
    different depending on what you clicked on but in this particular dump the
    file name is

    ( I have removed your company name and replaced with MyCompany)

    The operation we are performing is a copy with the following parameters

    Source file
    \\MyCompany.lan\SysVol\MyCompany.lan\Policies\{DD8110D3-28F1-4DCE-A19C-7BA9B
    5FE601C}\Adm\conf.adm

    Destination file
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1\adm2.tmp

    If the file exists override it

    I suspect if you performed the following command you would see a hang as
    well

    Copy
    \\MyCompany.lan\SysVol\MyCompany.lan\Policies\{DD8110D3-28F1-4DCE-A19C-7BA9B
    5FE601C}\Adm\conf.adm C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1\adm2.tmp


    From this dump I cannot tell you anything beyond this because we are only
    looking at user mode space and we now transition into kernel mode to do the
    copy. I am not sure from the dump if we are trying to access a server that
    is our self or if it is remote. It could be a network issue, but I suspect
    it may be our self and that it may be a filter driver in the kernel.
    Either way it would be interesting to see if you can eliminate the mmc.exe
    process by using a simply copy at the command line to reproduce the hang.

    The call stack and info about the kernel transition follows:

    ChildEBP RetAddr Args to Child
    02b9efb4 7c578328 02b9f058 80100080 02b9eff4 ntdll!NtCreateFile+0xb
    02b9f050 7c58e2b9 00000000 80000000 00000001 KERNEL32!CreateFileW+0x343
    02b9f650 7c58e65e 02b9fd9c 02b9f8f4 00000000 KERNEL32!BasepCopyFileExW+0x10c
    02b9f6ac 7c59f18c 02b9fd9c 02b9f8f4 00000000 KERNEL32!CopyFileExW+0x52
    02b9f6c8 6fa479b2 02b9fd9c 02b9f8f4 00000000 KERNEL32!CopyFileW+0x1c
    02b9fb34 6fa47870 02b9fd9c 6becbeb8 6fa40000
    gptext!CPolicyComponentData::parseTemplate+0xeb
    02b9ffa8 6fa47282 6becbeb8 0001003f 7c57438b
    gptext!CPolicyComponentData::LoadTemplates+0x214
    02b9ffb4 7c57438b 00c374d8 6becbeb8 0001003f
    gptext!CPolicyComponentData::LoadTemplatesThread+0x20
    02b9ffec 00000000 6fa47262 00c374d8 00000000 KERNEL32!BaseThreadStart+0x52
    0:003> u ntdll!NtCreateFile ntdll!NtCreateFile+0xb
    ntdll!ZwCreateFile:
    77f87cac b820000000 mov eax,0x20
    77f87cb1 8d542404 lea edx,[esp+0x4]
    77f87cb5 cd2e int 2e

    Thanks,

    Greg Lirette

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Greg Lirette [MSFT], Jun 17, 2004
    #6
  7. Thanks for the reply.

    I tried the copy command you suggested and it took about 3 minutes. Kinda
    long for a file that is less than 1 MB.

    Does this mean that the problem with the GPO MMC is simply the manifestation
    of a problem that could be related to other issues with this server, such as
    random performance "issues?"

    What should I do next? Is there anything that I can do or check to help fix
    resolve this problem?

    Thanks,

    -djz

     
    Lehman's Old-time Hardware - System Administrator, Jun 17, 2004
    #7
  8. No problem!

    I do suspect that mmc.exe is only a victim and the real issue is whatever
    the root cause is of the copy operation being so slow. It would not
    surprise me if this is caused by a filter driver. Actually with a full
    kernel dump it should show up. I would first see if your filter drivers and
    such are all up to date and perhaps disable them and see if it has an
    impact. You may want to get a case opened with us. If you wanted to I
    would look at a full dump of the issue.

    Info on getting a full dump is at
    http://support.microsoft.com/?id=244139


    Thanks,
    Greg Lirette

    "Lehman's Old-time Hardware - System Administrator"
    Thanks for the reply.

    I tried the copy command you suggested and it took about 3 minutes. Kinda
    long for a file that is less than 1 MB.

    Does this mean that the problem with the GPO MMC is simply the manifestation
    of a problem that could be related to other issues with this server, such as
    random performance "issues?"

    What should I do next? Is there anything that I can do or check to help fix
    resolve this problem?

    Thanks,

    -djz

     
    Greg Lirette [MS], Jun 17, 2004
    #8
  9. Thanks for all the help you have been giving!

    How do I go about checking if the filter drivers are up-to-date?

    Would I be charged for opening a case with Microsoft?

    Thanks,

    -djz

     
    Lehman's Old-time Hardware - System Administrator, Jun 17, 2004
    #9
  10. No problem I am happy to assist. I can't really comment on the price but I
    would assume you would be charged for a server incident. I don't really
    know how we charge, folks here may know better than me.

    you can use winmsd as a start to checkout the file dates. MPS reports
    (downloadable from our web site) is helpful as well.

    If you get a case opened please reference this thread and I can assist the
    case owner as well. If you wanted to try to get a memory.dmp file I would
    take a peek if you like. If you want to ping me offline with the path to
    the dump that would be fine.



    "Lehman's Old-time Hardware - System Administrator"
    Thanks for all the help you have been giving!

    How do I go about checking if the filter drivers are up-to-date?

    Would I be charged for opening a case with Microsoft?

    Thanks,

    -djz

     
    Greg Lirette [MS], Jun 17, 2004
    #10
  11. Dear Greg,

    Approximately big would a kernel dump be? The "Kernel Memory" value in the
    Task Manager is showing 182,872 KB.

    Is there a way to dump the kernel memory without using the STOP error method
    mentioned in the KB article you reference?

    Thanks,
    -djz

     
    Lehman's Old-time Hardware - System Administrator, Jun 21, 2004
    #11
  12. Greg,

    Thanks for looking at the MPS report.

    I updated the eTrust AV 7 INO_FLTR.SYS and INO_FLPY.SYS using the driver
    update package you referenced.

    Unfortunately, it didn't seem to make a difference to the GPO MMC. Running
    the copy command on the .adm file that you mentioned earlier now takes less
    than a second, but opening the "Administrative Templates" in the "User
    Configuration" section of a GPO still takes 4 minutes. The same thing still
    happens opening the "Security Settings" node in the "Windows Settings" under
    "Computer Configuration," though that only took about 60 seconds this time.

    Any other suggestions on what I should look for? Any other information that
    might be helpful?

    Thanks again for all your help.

    - djz

     
    Lehman's Old-time Hardware - System Administrator, Jun 22, 2004
    #12
  13. Also wanted to let you know that I installed the same AV software on my
    Virtual PC test server and it still does not experience the problem, even
    with the older ino_fltr.sys driver.

    I'll try comparing the loaded filter drivers between the problem server and
    the virtual server to see if there are any clues there.

    -djz

     
    Lehman's Old-time Hardware - System Administrator, Jun 22, 2004
    #13
  14. Found a difference in the ntfs.sys file:

    The version on the problem server is 5.0.2195.6710 dated 12/31/1979 8:00 PM
    The version on the test VPC server is 5.0.2195.6753 dated 5/8/2001 8:00 AM

    Note a couple other things:

    -Both servers report that they are at Service Pack 4 (in winver)
    -The problem server lists 111 files in the C:\WINNT\system32\drivers folder
    as being created on 12/31/1979 8:00 PM
    -The oldest file in the same folder on the test VPC server is 9/25/1999 6:35
    AM, of which there are 12 with that date.

    - The problem server came with Windows 2000 Server (OEM) SP4 pre-installed.
    - The test VPC server was setup using a Windows 2000 Server (OEM) SP2 disc,
    with SP3 and SP4 applied later.

    Today I will create a new VPC server with the Windows 2000 Server (OEM) SP4
    disc that came with the problem server and see if that setup has the same
    file dates and problems. I hope it does, because then I have something to
    test possible solutions (such as re-applying SP4 or something).

    Let me know if you can think of anything else to try.

    Thanks,

    -djz


     
    Lehman's Old-time Hardware - System Administrator, Jun 22, 2004
    #14
  15. I compared all of the running filter drivers on the problem server with both
    VPC test servers (one SP2 upgraded to SP4 and one installed from the
    original OEM SP4 CD).

    The only difference that I could find is the ntfs.sys file version.

    Problem server: 5.0.2195.6710 dated 12/31/79 8:00 PM
    Test VPC Server 1 (SP2 -> SP4): 5.0.2195.6753 dated 5/8/01 8:00 AM
    Test VPC Server 2 (SP4): 5.0.2195.6710 dated 7/14/03 8:00 AM

    Both test servers do not experience the problem.

    I don't know what else to do at this point, except keep trying to recreate
    the problem by making a test server a similar as possible to the problem
    server (except for the hardware).

    -djz

     
    Lehman's Old-time Hardware - System Administrator, Jun 22, 2004
    #15
  16. The only other difference as far as the filter drivers are concerned is that
    the VPC test servers do not have the cdudf.sys and udfreadr.sys files.

    Could either of those be causing a problem? How would I remove or disable
    them?

    -djz

     
    Lehman's Old-time Hardware - System Administrator, Jun 22, 2004
    #16
  17. Greg,

    I tried opening a case on the MS web site "Online Assisted Support," but it
    won't accept the Product ID, which is 51876-OEM-0001501-00000

    Thanks,

    -djz

     
    Lehman's Old-time Hardware - System Administrator, Jun 22, 2004
    #17
  18. Greg,

    If you are still with me on this, I'm planning on attempting a kernel dump
    (note: just the kernel) using the KB article you reference.

    Probably will attempt this Wednesday after hours and upload it Thursday
    (6/23) morning.

    Thanks for your help.

    -djz

     
    Lehman's Old-time Hardware - System Administrator, Jun 22, 2004
    #18
  19. I would suggest another user dump of mmc.exe now that the copy issue is
    resolved

    --
    This posting is provided "AS IS" with no warranties, and confers no rights.
    "Lehman's Old-time Hardware - System Administrator"
     
    Greg Lirette [MSFT], Jun 23, 2004
    #19
  20. If we think a newer ntfs.sys will help we can get you that, perhaps the
    memory.dmp would should this

    --
    This posting is provided "AS IS" with no warranties, and confers no rights.
    "Lehman's Old-time Hardware - System Administrator"
     
    Greg Lirette [MSFT], Jun 23, 2004
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.