Mutiple Virtual Server 2008's with BSOD's - Windows Server 2008 x64

A

athlete4life

Member
Joined
Aug 10, 2015
Posts
6
Hello...first time poster here let's see if I get this right.

First off, I have 6 clients that are having BSOD issues. They can range from infrequent (once every couple of months) to what's just happened at one client by having 3 in 72 hours. I and my team have done extensive troubleshooting and are really just coming down to the following:
  • Ensuring BIOS and Firmware updates are done
  • Ensuring drivers are up to date
  • Ensuring Windows Patches are up to date
  • Ensuring no faulty drives or memory
  • Ensuring older drivers have been removed
We haven't completed all these steps yet across all sites but are in progress of doing so. I'm hoping you may be able to help us find the exact cause through your analysis though.

The commonalities that exist between clients that are experiencing these BSOD's are the following:

  • ESX is installed (versions vary from 5.0.0 to 5.5.0)
  • The OS of the VM is Server 2008 or SBS 2008
  • Labtech Monitoring Agent is installed (LTSVC.EXE) (deeper analysis of the minidumps identify this as the faulty service)
  • ESET Nod 32 is the Anti-Virus Solution
  • Each Servers hardware is a Lenovo

Below as per your BSOD posting instructions is specific to a single one of these clients.

OS = Microsoft® Windows Server® 2008 Standard x64
Original installation was a physical installation of Microsoft® Windows Server® 2008 Standard as 32-bit (it is now installed as VM within an ESXi environment - version 5.0.0, 623860)
The OS is a Virtual Server
The hardware was purchased and installed sometime between January and March 2010
The OS was re-installed (virtualized) in November 2012

CPU = Intel(R) Xeon(R) CPU E5506 @ 2.13GHz

Video Card = OnBoard (within the OS it states VMware SVGA II)
MotherBoard = Unable to tell (Our monitoring agent reports it as VMware Virtual Platform and System Information doesn't appear to identify it)
Power Supply = IBM 920W Server Power Supply (Product ID: 69Y5863)
System Manufacturer = Lenovo
Lenovo Machine Type = M3817-3GU (Lenovo ThinkServer TD200)

It is unlikely I will be able to run any of the "while waiting for a reply" steps in the next 24 hours.

Thanks,
 

Attachments

Hello,

*bump*

Coming up on 48 hours without response. Just want to make sure that either somebody is looking at this, or if there is something I need to do, somebody let's me know. It appears on a little look around you deal primarily with workstations, so if this is out of your scope/area of expertise, please let me know as well.

Also, this Server has blue screened once more since I opened the initial thread. If you'd like the memdump from this one, please advise.

Thanks,
 
Hi ^_^,


Really sorry for the late reply :( . Do you still need help with this? In case you still need help, please reply to this thread and I will try my best to reply within 48 hours. I would be notified via email once you reply :)




-Pranav
 
Hello,

I would appreciate any assistance you'd be able to offer. We've been diligently getting our servers up to date, running checkdisks etc... until clean, but if you see something in particular in the logs or anything, I'd like to know. I will await your response.

Thanks,
 
Hi Athlete4Life ^_^,

Like you said, the dump files say that the Labtech Monitoring Service is at fault. On searching around a bit, I found that you have installed the AVG Remote Administration installed.

Check out the below link -
Labtech and AVG Partner On Remote Monitoring, Anti-Virus | Managed Security Services content from MSPmentor

Theoretically, there is a very high chance that the AVG Drivers are conflicting with ESET (Which is generally seen as a very reliable product). Right now, I would suggest you to uninstall both (AVG RA & ESET) and then perform a clean installation of ESET and then check for BSODs.

Use the below tools to remove the products -
AVG - AVG | Download tools and utilities
ESET - How do I uninstall or reinstall ESET Smart Security/ESET NOD32 Antivirus?—ESET Knowledgebase

Let me know how it goes ^_^


-Pranav
 
Thank you for the response. I will follow your suggestion to run both removal utilities and then reinstall ESET. Can you advise how you were able to tell AVG Remote Administration Tool is installed? Neither Windows nor our Labtech Monitoring Service can see it as an installed piece of software. I will operate under the assumption that for whatever reason remnants of the AVG Remote Administration Tool still exists and follow your suggestion and let you know once completed.

Thanks,
 
athlete4life said:
Thank you for the response. I will follow your suggestion to run both removal utilities and then reinstall ESET. Can you advise how you were able to tell AVG Remote Administration Tool is installed? Neither Windows nor our Labtech Monitoring Service can see it as an installed piece of software. I will operate under the assumption that for whatever reason remnants of the AVG Remote Administration Tool still exists and follow your suggestion and let you know once completed.

Thanks,
Click to expand...
Hi ^_^,

I saw the traces of the AVG Administration Tool in both the MSINFO32 and the Uninstall List which is there in your Sysnative File Collection Zip. As per the MSINFO32, under the Software Environment -> Services -
Code: 
[B]AVG Admin Server[/B]	AvgAdminServer	Stopped	Disabled	Own Process	[B]"c:\program files\avg\avg2012 admin\server\avgadmsva.exe"[/B]	Normal	LocalSystem	0

Even though it is disabled, it is there.

Another log file (The Registry Key List which describes the list of products installed) -
Code: 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{229168C7-EF7E-468E-AE2E-640BD9AF8FCD}
    AuthorizedCDFPrefix    REG_SZ    
    Comments    REG_SZ    
[B]    Contact    REG_SZ    http://www.avg.com[/B]
[B]    DisplayVersion    REG_SZ    12.0.2114[/B]
[B]    HelpLink    REG_EXPAND_SZ    http://www.avg.com[/B]
    HelpTelephone    REG_SZ    
    InstallDate    REG_SZ    20121023
    InstallLocation    REG_SZ    
    InstallSource    REG_SZ    C:\ProgramData\MFAData\pack\
    ModifyPath    REG_EXPAND_SZ    MsiExec.exe /I{229168C7-EF7E-468E-AE2E-640BD9AF8FCD}
    Publisher    REG_SZ    AVG Technologies
    Readme    REG_SZ    
    Size    REG_SZ    
    EstimatedSize    REG_DWORD    0x3c79
    SystemComponent    REG_DWORD    0x1
[B]    UninstallString    REG_EXPAND_SZ    MsiExec.exe /I{229168C7-EF7E-468E-AE2E-640BD9AF8FCD}[/B]
    URLInfoAbout    REG_SZ    http://www.avg.com
    URLUpdateInfo    REG_SZ    
    VersionMajor    REG_DWORD    0xc
    VersionMinor    REG_DWORD    0x0
    WindowsInstaller    REG_DWORD    0x1
    Version    REG_DWORD    0xc000842
    Language    REG_DWORD    0x409
[B]    DisplayName    REG_SZ    AVG Remote Administration[/B]

Hopefully, this explains how I came to the conclusion :) . Let me know how it goes ^_^

Regards,
Pranav
 
Thank you! I've run the suggested AVG Removal Tool a couple of times, rebooting as necessary each time, and reviewed the identified areas, and found the AVG Remote Admin Tool still there. I found an older version of the tool and attempted that to no avail. So I have manually removed any found files/folders (hidden or not) that had AVG in them off the C Drive. I have also run CCleaner and cleaned the registry out, so hopefully it's no longer there. I have since performed a clean uninstall of ESET and reinstalled, rebooting as necessary.

Would you like me to run your information gathering tools again? Or am I now in a wait and see mode?

Thanks!
 
athlete4life said:
Thank you! I've run the suggested AVG Removal Tool a couple of times, rebooting as necessary each time, and reviewed the identified areas, and found the AVG Remote Admin Tool still there. I found an older version of the tool and attempted that to no avail. So I have manually removed any found files/folders (hidden or not) that had AVG in them off the C Drive. I have also run CCleaner and cleaned the registry out, so hopefully it's no longer there. I have since performed a clean uninstall of ESET and reinstalled, rebooting as necessary.

Would you like me to run your information gathering tools again? Or am I now in a wait and see mode?

Thanks!
Click to expand...
Hmm. Thanks for the information. Seems like the AVG Uninstaller Tool does not remove the AVG side-product on your system.

Yep. You are now in the wait and see mode.


Let me know how it goes :)


-Pranav
 
:eek:
Unfortunately we had more BSOD's on this server on Friday. I have the driver verification running currently...needs about another 12 hours. I've checked up on the status and honestly don't understand if there are any problems. What should I do with any results? I've also attached the most recent dump files.

Let me know.

Thanks,
 

Attachments

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top