|
|
|||||||
Tried troubleshooting by running \\domain controller\netlogon\kix32.exe on my other 4 domain controllers which works but it crashes on the 5th one. Opened a ticket with Microsoft with no help but they did provide me with the following data analysis PROCESS_NAME: KIX32.EXE ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_PARAMETER1: 00000001 EXCEPTION_PARAMETER2: 00000000 WRITE_ADDRESS: 00000000 FOLLOWUP_IP: KIX32+2281f 0042281f 0000 add byte ptr [eax],al NTGLOBALFLAG: 0 APPLICATION_VERIFIER_FLAGS: 0 USER_LCID_STR: ENU APP: kix32.exe FAULTING_THREAD: 00001590 PRIMARY_PROBLEM_CLASS: NULL_POINTER_WRITE BUGCHECK_STR: APPLICATION_FAULT_NULL_POINTER_WRITE LAST_CONTROL_TRANSFER: from 00000000 to 0042281f STACK_TEXT: 0085fff0 00000000 0042281f 00000000 000000c8 KIX32+0x2281f STACK_COMMAND: ~0s; .ecxr ; kb SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: kix32+2281f FOLLOWUP_NAME: wintriag MODULE_NAME: KIX32 IMAGE_NAME: KIX32.EXE DEBUG_FLR_IMAGE_TIMESTAMP: 44f84a1d FAILURE_BUCKET_ID: NULL_POINTER_WRITE_c0000005_KIX32.EXE!Unknown BUCKET_ID: APPLICATION_FAULT_NULL_POINTER_WRITE_kix32+2281f WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/KIX....htm?Retriage=1 WATSON_IBUCKET: 350125032 WATSON_IBUCKETTABLE: 1 Followup: wintriag --------- 0:000> lmvm KIX32 start end module name 00400000 0045c000 KIX32 C (no symbols) Loaded symbol image file: KIX32.EXE Image path: \\VORTEX\NETLOGON\KIX32.EXE Image name: KIX32.EXE Timestamp: Fri Sep 01 22:56:29 2006 (44F84A1D) CheckSum: 00000000 ImageSize: 0005C000 File version: 0.0.0.0 Product version: 0.0.0.0 File flags: 0 (Mask 0) File OS: 0 Unknown Base File type: 0.0 Unknown File date: 00000000.00000000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 0:000> .exr 0xffffffffffffffff ExceptionAddress: 0042281f (KIX32+0x0002281f) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000001 Parameter[1]: 00000000 Attempt to write to address 00000000 |
||||||||
|
|
|||||||
My first inclination would be to maybe switch out memory with one of the working domain controllers, to easily rule out the possibility of bad ram. |
||||||||
|
|
|||||||
Welcome to KORG! By "crashes", do you mean "blue screen" with a Stop-50? These are generally related to page faults in unpaged areas, or attempts to access memory not allocated to the application. This can be the result of bad drivers, applications, or other software (such as AV) components. In less common situations, it could be caused by defective L2 cache, RAM, or even CPU. Hardware issues, however, are rarely specific to a particular application such as Kix - the problem would be more widespread. Was this DC built or upgraded recently compared to the others? Are all drivers on this DC the SAME as on the others? (Higher doesn't always mean better!) Are there any hardware differences between these DCs? Software differences? (apps not on the others, or different versions or windows components.) Windows patches/hotfixes? Buffer overrun issues can cause this type of error, and many hotfixes have been issued to correct these. Make sure all systems are at the same patch level. Also - to rule out a corrupted version of Kix - open a command prompt and run Code: \\OtherDC\Netlogon\kix32.exe \\OtherDC\Netlogon\loginscript.kix Glenn |
||||||||
|
|
|||||||
When I say crash I am referring to a popup message that states KIX32.exe has stopped working and has the following error in the event log: Event Type: Error Event Source: Application Error Event Category: (100) Event ID: 1000 Date: 3/1/2012 Time: 9:51:42 AM User: N/A Computer: VORTEX Description: Faulting application KIX32.EXE, version 0.0.0.0, faulting module KIX32.EXE, version 0.0.0.0, fault address 0x0002281f. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 41 70 70 6c 69 63 61 74 Applicat 0008: 69 6f 6e 20 46 61 69 6c ion Fail 0010: 75 72 65 20 20 4b 49 58 ure KIX 0018: 33 32 2e 45 58 45 20 30 32.EXE 0 0020: 2e 30 2e 30 2e 30 20 69 .0.0.0 i 0028: 6e 20 4b 49 58 33 32 2e n KIX32. 0030: 45 58 45 20 30 2e 30 2e EXE 0.0. 0038: 30 2e 30 20 61 74 20 6f 0.0 at o 0040: 66 66 73 65 74 20 30 30 ffset 00 0048: 30 32 32 38 31 66 02281f When run in a command prompt Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Users\eappelstein>\\2003 Domain Controller with issue\netlogon\kix32.exe C:\Users\eappelstein>\\2008 Domain Controller that works\netlogon\kix32.exe KiXtart 2010 4.53 / Copyright Ruud van Velsen 2006 Microsoft Windows (logon) script processor. Note: KiXtart is CareWare, please consult the manual for full details on distribution and licensing. Usage : KIX32 [script1] [...] [$var=123] [/f[:yyyy/mm/dd]] [/r:irel] [/u:password] [/d] [/t] Options: /d = enable debug mode /f = flush token cache (optionally only if older than date specified) /r = KXRPC search order (see manual for details) /u = password to lock or unlock a pre-tokenized script /t = tokenize scripts (see manual for details) C:\Users\eappelstein>\\2003 Domain Controller that works\netlogon\kix32.exe KiXtart 2010 4.53 / Copyright Ruud van Velsen 2006 Microsoft Windows (logon) script processor. Note: KiXtart is CareWare, please consult the manual for full details on distribution and licensing. Usage : KIX32 [script1] [...] [$var=123] [/f[:yyyy/mm/dd]] [/r:irel] [/u:password] [/d] [/t] Options: /d = enable debug mode /f = flush token cache (optionally only if older than date specified) /r = KXRPC search order (see manual for details) /u = password to lock or unlock a pre-tokenized script /t = tokenize scripts (see manual for details) This server is in a branch office so swapping out ther RAM would be very difficult and there are no other issues with this servers. The other domain controllers that work some are older and some newer. My concern is if the file is corrupt what is the best way to replace since these folders replicate to each other and I do not want to make things worse. The current work around is people in that office are running their logon script from a different domain controller in a different office. |
||||||||
|
|
|||||||
We are also very behind on windows or any updates on this server. The only major change was I added a 2008 DC to the forrest and moved the FSMO roles to it. We did not have a 2008 DC before this one. The server with the issue was working before and well after the upgrade. |
||||||||
|
|
|||||||
Originally Posted By: eappelstein The current work around is people in that office are running their logon script from a different domain controller in a different office. Something smells fishy. |
||||||||
|
|
|||||||
The errors are on the laptops going to \\domain controller\netlogon\LOGON.bat or from their initial login into windows 7. I also tested by logging with with a domain admin account on the actual server LOGON.bat file contents: net use F: /del net use G: /del net use Y: /del net use X: /del @Echo off %0\..\Kix32.exe %0\..\EBILOGON.kix ebilogon.kix file contents: ; EBI SYSTEM LOGIN SCRIPT ; Modified ID Notes ; ========== ==== ===== ; 11/14/2006 SH Created Login Script settitle ("EBI Consulting Login Script") cls Color y+/n ? "Hello @fullname." ? "" ? "The current date and time is @DATE @TIME." ? "" ? "========================" ? " Mapping Network Drives " ? "========================" ? "" ;;;;;;;;;;;;;;;;;;;;;;;; User specific shares ;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;IF @userid = 'test' ; use P: "\\server\share" ; ? "Mapping P:" ;endif IF @userid = 'eappelstein' use R: "\\cinder\data" ? "Mapping R:" endif IF @userid = 'dhowell' use J: "\\cinder\sir" ? "Mapping J:" endif IF @userid = 'aamena' use I: "\\cinder\EHS" ? "Mapping I:" endif IF @userid = 'spenta' use Q: "\\blizzard2\ArcIMS" ? "Mapping Q:" endif IF @userid = 'cjohnston' use Q: "\\blizzard2\ArcIMS" use S: "\\rjsserverma\data" use T: "\\giswebapp\arcims" use U: "\\viper\udrive" use V: "\\Viper\gis_raster_temp" use W: "\\Viper\ArcSDE" ? "Mapping Q:" ? "Mapping S:" ? "Mapping T:" ? "Mapping U:" ? "Mapping V:" ? "Mapping W:" endif ;;;;;;;;;;;;;;; Location specific network login scripts ;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; SELECT CASE ingroup("burlington office") use y: /DEL use f: "\\cinder\data" use y: "\\cinder\users" ? "Mapping F:" ? "Mapping Y:" CASE ingroup("remote employees") use f: "\\cinder\data" use y: "\\cinder\users" ? "Mapping F:" ? "Mapping Y:" CASE 1 ENDSELECT SELECT CASE ingroup("pa office") use K: "\\vortex\data" use U: "\\vortex\users" ? "Mapping K:" ? "Mapping U:" ENDSELECT SELECT CASE ingroup("NJ Office") use K: /DEL use U: /DEL use O: "\\rockslide\NJ-USERS" ? "Mapping O:" CASE 1 ENDSELECT ;;;;;;;;;;;;;;;; Group specific network login scripts ;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; SELECT CASE ingroup("Telecom") use G: "\\cinder\telecom" ? "Mapping G:" CASE 1 ENDSELECT SELECT CASE ingroup("S&T Group") use T: "\\cinder\ISys" ? "Mapping T:" CASE 1 ENDSELECT SELECT CASE ingroup("Human Resources") use R: /DEL use R: "\\Cinder\HR" ? "Mapping R:" CASE 1 ENDSELECT SELECT CASE ingroup("SIR") use J: "\\cinder\sir" ? "Mapping J:" CASE 1 ENDSELECT SELECT CASE ingroup("A & E") use Y: /DEL use Y: "\\rjsserverma\Users" ? "Mapping Y:" CASE 1 ENDSELECT SELECT CASE ingroup("EHS") use I: /DEL use H: /DEL use I: "\\cinder\EHS" use H: "\\cinder\ehs\clients" ? "Mapping I:" ? "Mapping H:" CASE 1 ENDSELECT SELECT CASE ingroup("sema4 users") use M: /DEL use M: "\\cinder\sema4$" ? "Mapping M:" CASE 1 ENDSELECT SELECT CASE ingroup("accounting") use H: /DEL use M: /DEL use H: "\\cinder\acctg" use M: "\\cinder\sema4$" ? "Mapping H:" ? "Mapping M:" CASE 1 ENDSELECT SELECT CASE ingroup("AE-MA Data") use S: "\\rjsserverma\data" ? "Mapping S:" CASE 1 ENDSELECT SELECT CASE ingroup("AE-NJ Data") use K: /DEL use U: /DEL use N: "\\rockslide\NJ-Data" ? "Mapping N:" CASE 1 ENDSELECT SELECT CASE ingroup("AE-PA Data") use K: /DEL use K: "\\vortex\DATA" ? "Mapping K:" CASE 1 ENDSELECT ;;;;;;;;;;;;;;;;;;;;;; User specific shares to run at end ;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; IF @userid = 'ideb' use Y: /DEL use Y: "\\cinder\users"" ? "Mapping Y:" endif Sleep 1 at (22,1) "Login script processing complete." exit These results were from my windows 7 laptop. When run in a command prompt Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Users\eappelstein>\\2003 Domain Controller with issue\netlogon\kix32.exe C:\Users\eappelstein>\\2008 Domain Controller that works\netlogon\kix32.exe KiXtart 2010 4.53 / Copyright Ruud van Velsen 2006 Microsoft Windows (logon) script processor. Note: KiXtart is CareWare, please consult the manual for full details on distribution and licensing. Usage : KIX32 [script1] [...] [$var=123] [/f[:yyyy/mm/dd]] [/r:irel] [/u:password] [/d] [/t] Options: /d = enable debug mode /f = flush token cache (optionally only if older than date specified) /r = KXRPC search order (see manual for details) /u = password to lock or unlock a pre-tokenized script /t = tokenize scripts (see manual for details) C:\Users\eappelstein>\\2003 Domain Controller that works\netlogon\kix32.exe KiXtart 2010 4.53 / Copyright Ruud van Velsen 2006 Microsoft Windows (logon) script processor. Note: KiXtart is CareWare, please consult the manual for full details on distribution and licensing. Usage : KIX32 [script1] [...] [$var=123] [/f[:yyyy/mm/dd]] [/r:irel] [/u:password] [/d] [/t] Options: /d = enable debug mode /f = flush token cache (optionally only if older than date specified) /r = KXRPC search order (see manual for details) /u = password to lock or unlock a pre-tokenized script /t = tokenize scripts (see manual for details) |
||||||||
|
|
|||||||
I seem to remember that %0\..\Kix32.exe %0\..\EBILOGON.kix in a batch file was nice for Windows 9x But for Windows NT and newer, I think it is better to use WKix32.exe EBILOGON.kix |
||||||||
|
|
|||||||
Your Login script could look like: Code: @echo off Setlocal REM ***************************************************** REM Find OS on workstation REM Run login script REM Depending on OS REM ***************************************************** REM "Microsoft Windows [Version 6.1.7600]" = Windows 7 REM "Microsoft Windows [Version 6.1.7601]" = Windows 7 SP1 Ver | Find "6.1" > nul If NOT errorlevel 1 Goto win_7 REM "Microsoft Windows [Version 6.0.6000]" = Vista REM "Microsoft Windows [Version 6.0.6001]" = Vista SP1 Ver | Find "6.0" > nul If NOT errorlevel 1 Goto win_Vista REM "Microsoft Windows [Version 5.2.3790]" = Windows 2003 SP2 Ver | Find "5.2.3790" > nul If NOT errorlevel 1 Goto win_2003 Ver | Find "NT" > nul If NOT errorlevel 1 Goto Win_NT Ver | Find "2000" > nul If NOT errorlevel 1 Goto Win_2000 Ver | Find "XP" > nul If NOT errorlevel 1 Goto Win_XP Ver | Find "98" > nul If NOT errorlevel 1 Goto Win_98 Ver | Find "95" > nul If NOT errorlevel 1 Goto Win_95 Goto unknown_os :win_7 wkix32 EBILOGON.kix Goto end :win_Vista wkix32 EBILOGON.kix Goto end :win_2003 wkix32 EBILOGON.kix Goto end :win_NT wkix32 EBILOGON.kix Goto end :win_2000 wkix32 EBILOGON.kix Goto end :win_XP wkix32 EBILOGON.kix Goto end :win_98 %0\..\WKix32.exe %0\..\EBILOGON.kix Goto end :win_95 %0\..\WKix32.exe %0\..\EBILOGON.kix Goto end :unknown_os :end The part with Code: net use F: /del net use G: /del net use Y: /del net use X: /del can be put in your kixtart script |
||||||||
|
|
|||||||
I created an ericlogon.bat file to test with using both logon script examples above and got the following errors when trying to run in a cmd prompt since it did not work with just double clicking \\vortex\NETLOGON\ericlogon.bat file: C:\Users\eappelstein>\\vortex\netlogon\ericlogon.bat 'wkix32' is not recognized as an internal or external command, operable program or batch file. C:\Users\eappelstein>\\vortex\netlogon\ericlogon.bat 'wkix32.exe' is not recognized as an internal or external command, operable program or batch file. |
||||||||
|
|
|||||||
I tried just running \\vortex\netlogon\wkix32.exe ebilogon.kix and get a KiXtart popup ERROR: failed to find/open script [ebilogon.kix] |
||||||||
|
|
|||||||
Does the .kix file need to be different for wkix32.exe vs kix32.exe? Thank you the help. I appreciate it. |
||||||||
|
|
|||||||
I just made a copy of the kix32.exe and wkix32 into the same directories and now some other domain controllers are not working even though I never touched the original files |
||||||||
|
|
|||||||
I am now getting that error on the 2008 domain controller. |
||||||||
|
|
|||||||
I think I am all set. I took the kix32.exe file from one of the DCs that worked and copied it on all the ones that it didn't which seemed to correct the issue. Thank you for your help. |
||||||||
|
|
|||||||
how did the kix get to the DC's before? you copied it to one and let it replicate or did you manually copy them all? clearly the file got corrupted at some point, but was it on the server side or when someone was copying it to the server is the question. if all on the server side, you might looking at raid-corruption on one of them or just a virus. |
||||||||
|
|
|||||||
Originally Posted By: eappelstein I created an ericlogon.bat file to test with using both logon script examples above and got the following errors when trying to run in a cmd prompt since it did not work with just double clicking \\vortex\NETLOGON\ericlogon.bat file: C:\Users\eappelstein>\\vortex\netlogon\ericlogon.bat 'wkix32' is not recognized as an internal or external command, operable program or batch file. C:\Users\eappelstein>\\vortex\netlogon\ericlogon.bat 'wkix32.exe' is not recognized as an internal or external command, operable program or batch file. Glenn |
||||||||
|
|
|||||||
Originally Posted By: eappelstein I think I am all set. I took the kix32.exe file from one of the DCs that worked and copied it on all the ones that it didn't which seemed to correct the issue. Thank you for your help. Code: Del \\DC1\netlogon\kix32.exe You should not need to copy files manually to each netlogon folder. Glenn |