[THIN] Re: NTVDM - illegal instruction

• From: "Tim Mangan" <tmangan@xxxxxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Wed, 6 Aug 2003 09:43:52 -0400

There are a variety of free process list viewers that will show the parent
process id's (windows task manager not included).  Grab one of these to see
what is starting the NTVDM.  This might tell you where it is coming from.

Second idea is filemon/regmon (sysinternals) with ntvdm.exe filter to see
what it is touching on the system.

tim
Timothy R. Mangan
Founder TMurgent Technologies
tmangan@xxxxxxxxxxxx
www.tmurgent.com
+1 781-492-0403
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]
Sent: Wednesday, August 06, 2003 8:01 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] NTVDM - illegal instruction


Any suggestions as to how to debug this ?.

W2K Advanced Server,SP3 + T/S.
Users have roaming profiles (if this helps)

Only seems to affect newly created users.. or previously created users from
some OU's
Not all users are affected
This happens about 20/30 seconds after they login. Also doesn't seem to
affect anything for the user

I've disabled the kix script (which gets pulled from the usrlogin.cmd) -
still no joy.
Usrlogin.cmd is now vanilla
Tried reapplying the SP.. no joy
Rebooted the server.
Looked for "rogue" versions of command.com .. couldn't find any
Nothing in the GP under logon/logoff scripts

To my knowledge there are no 16  bit apps on the box that I call but maybe
something else calls something as part of the login process


Event Type:     Information
Event Source:   Application Popup
Event Category: None
Event ID:       26
Date:           06/08/2003
Time:           12:03:17
User:           N/A
Computer:       XXX
Description:
Application popup: 16 bit MS-DOS Subsystem : C:\WINNT\System32\cmd.exe
The NTVDM CPU has encountered an illegal instruction.
CS:ec00 IP:8cd2 OP:ff ff ff ff ff Choose 'Close' to terminate the
application.

Thanks for any pointers

Dave Boatman


CONFIDENTIALITY NOTICE
This communication and the information it contains is intended for the
person or organisation to whom it is addressed.  Its contents are
confidential and may be protected in law.  Unauthorised use, copying or
disclosure of any of it may be unlawful.  If you are not the intended
recipient, please contact us immediately.

The contents of any attachments in this e-mail may contain software viruses,
which could damage your own computer system.  While Marlborough Stirling has
taken every reasonable precaution to minimise this risk, we cannot accept
liability for any damage which you sustain as a result of software viruses.
You should carry out your own virus checking procedure before opening any
attachment.

Marlborough Stirling plc, Registered No. 3008820,
Allen Jones House, Jessop Avenue, Cheltenham, Gloucestershire, GL50 3SH
Tel: 01242 547000     Fax: 01242 547100
<http://www.marlborough-stirling.com>
<http://www.exchange.co.uk>

The following companies are subsidiaries of Marlborough Stirling plc and are
registered in England and Wales at the above address:
The Marlborough Stirling Group PLC, Registered No. 1855353
Marlborough Stirling Administration Limited, Registered No. 2341195
Exchange FS Group plc, Registered No. 3760381
Exchange FS Limited, Registered No. 2596452
Crisp Computing Limited, Registered No. 1547979


________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs Email
Security System. For more information on a proactive email security
service working around the clock, around the globe, visit
http://www.messagelabs.com
________________________________________________________________________
********************************************************
This weeks sponsor - RTOSoft TScale
Complaints about applications response time - DO SOMETHING ABOUT IT!
TScale 2.0 improves applications response time and increases terminal
server capacity. Really get MORE from your existing servers! Free eval:
http://www.rtosoft.com/enter.asp?id=130
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm

For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm



********************************************************
This weeks sponsor - RTOSoft TScale 
Complaints about applications response time - DO SOMETHING ABOUT IT!
TScale 2.0 improves applications response time and increases terminal
server capacity. Really get MORE from your existing servers! Free eval:
http://www.rtosoft.com/enter.asp?id=130
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

• References:
  • [THIN] NTVDM - illegal instruction
    • From: thin

Other related posts:

• » [THIN] NTVDM - illegal instruction
• » [THIN] Re: NTVDM - illegal instruction
• » [THIN] Re: NTVDM - illegal instruction
• » [THIN] Re: NTVDM - illegal instruction

1. Home
2. thin
3. Archive
4. 08-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---