Windows 2008 Server Access Problems with Antivirus Installed
I came across a bizarre problem a few months back that I thought I would share with all of you. It involved a multi-processor IBM rack mount server with dual Xeons, 4GB RAM and a ton of raided disk space.
This server was running Windows 2008 Server, and was replacing an aging Dell Windows 2000 Server. The old server was basically responsible for everything like DNS, DHCP, WINS, AD, File Serving, Print Serving and VPN termination via Routing and Remote Access.
Needless to say it was a very busy box.
So when time came to upgrade it, the customer went all out on hardware and power etc.
I ran up the new IBM box with the Windows 2008 server software and installed it. It was at this point that I installed McAfee Antivirus v8.7. Everything went fine during the install and the server happily sat for about a week while we waited for the migration window to arrive.
We first started to migrate basic things like making this new box an AD participant. I then migrated over the DHCP, DNS and WINS details and switched off the services on the old box. So far so good.
It sat again for around a week before the next part of the migration was to take place. Remaining was file and printer migration as well as VPN and some basic Terminal Services, and then finally demoting the old server and reverting it to basically a member server in the domain.
The rest of the migration went fine, and the old box was demoted and relegated to other duties.
About 2-3 weeks went by and I got a frantic call from the customer saying the they could not access the server and no new DHCP addresses were being issued.
When I arrived onsite, I tried to bounce the DHCP service, however once it tried to start it, an error message reported that there was not enough server memory space. Now I have seen this error before however I am still baffled by what it actually means.
Anyway, I restarted the server and everything came up fine?. Chalking it up to some bizarre isolated incident, I didn’t give it much thought and got the hell out of there.
Then 2-3 weeks later again I got another call to say the server was unavailable. Again we rebooted and it was resolved once again. Now I was starting to get a little concerned. Was the hardware flakey?. Was the Windows 2008 build OK?. Did I screw up or install anything that might be causing this?.
I did some searching on google however came up blank. We decided to have a meeting with the customer to assess what our next course of action was going to be. It was during this meeting that we decided we would either possibly rebuild the server or do a repair on the server just in case some files were out of whack or whatnot.
However I wasn’t convinced that there was a problem with the build though. I again went searching on google and found a strange Microsoft knowledge base article that pretty much just had a number, a brief description and a hotfix link.
We decided to wait a week or so before applying the hotfix (as we knew it died every 2-3 weeks) because I wanted more information before applying a untested hotfix.
After a few days, Microsoft fleshed out the KB article and detailed under what conditions this problem appeared under.
It appears there is a bug in a file called tdx.sys. It only affects machines running Windows 2008 Server and Windows Vista service pack 1. It also only affects machines with dual CPU’s and running software such as antivirus, firewalls etc.
As of writing, there are two solutions. One is to install the hotfix or edit your boot.ini file to force the system to only use 1 CPU. Why you would want to do the latter is beyond me!. Hopefully this will be fixed in service pack 2 for Windows 2008 and Vista.
I uninstalled McAfee, rebooted, installed the hotfix, rebooted again and then finally installed McAfee again.
It’s now 2.5 months on, and I have not heard a peep from the customer!. Another bizarre problem solved.
Technorati Tags:
Windows Server 2008, Windows Vista, Hotfix, McAfee Antivirus
If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Thanks to get a terrific put up and interesting comments. I identified this publish even though surfing the net for Thanks for sharing this article.