[THIN] Re: NTVDM - illegal instruction
- From: "Lilley, Brian" <Brian.Lilley@xxxxxxxxxxxxx>
- To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
- Date: Thu, 7 Aug 2003 11:46:19 +0100
Are you able to remote control the box via DUO without problems?
If so, what could be happening is that the RDP session is running through
the usual terminal services logon scripts and for whatever reason that logon
process for the session is 'blue screening' and causing the box itself to
'blue screen'. Generally a session blue screening should not bring the
kernel down, but it is possible in some circumstances.. a well known case
is where two sessions are blue screening and both attempting to write to a
dump file at the same time.. this will cause the entire box to blue screen.
as the box is rebooting, I assume it has been configured to write to dump
file and reboot... if so, check out the dump file and you will see what is
causing the reboot, or alternatively, disable auto reboot and read the 'blue
screen of death' Non maskable Interrupt dump screen to see what is throwing
the fatal interruption.
going back to your original note Dave, the NTVDM error seemed to be user
specific. I would look at this area instead, something in the profile
wanting something it shouldnt??
also, you say that running up an RDP session to the ts box causes it to
crash? Isn't that what you were doing when getting the ntvdm errors?? are
you doing something different?
-----Original Message-----
From: Dave.Boatman@xxxxxxxxxxxxxx [mailto:Dave.Boatman@xxxxxxxxxxxxxx]
Sent: 07 August 2003 11:24
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: NTVDM - illegal instruction
Hmm.. don't think it's my day today..
Thanks to Tim and Brian for their suggestions
Anyone seen this before .. or is it my setup ?
I'm trying to run Filemon (sysinternals) to see the logon process to try to
debug my original error. Everytime I open up a RDP session to the T/S box it
reboots the T/S box. The box is remote so I use PC-DUO to administer it.
Compaq DL380/G2, dual cpu,1.5Gb RAM. W2K SP3 with all the critical security
patches.
Anyone had this working correctly ?.. If so I'll go down another route.
Thanks
Dave Boatman
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]
Sent: 06 August 2003 13:01
To: thin@xxxxxxxxxxxxx
Subject: [THIN] NTVDM - illegal instruction
Any suggestions as to how to debug this ?.
W2K Advanced Server,SP3 + T/S.
Users have roaming profiles (if this helps)
Only seems to affect newly created users.. or previously created users from
some OU's
Not all users are affected
This happens about 20/30 seconds after they login. Also doesn't seem to
affect anything for the user
I've disabled the kix script (which gets pulled from the usrlogin.cmd) -
still no joy.
Usrlogin.cmd is now vanilla
Tried reapplying the SP.. no joy
Rebooted the server.
Looked for "rogue" versions of command.com .. couldn't find any
Nothing in the GP under logon/logoff scripts
To my knowledge there are no 16 bit apps on the box that I call but maybe
something else calls something as part of the login process
Event Type: Information
Event Source: Application Popup
Event Category: None
Event ID: 26
Date: 06/08/2003
Time: 12:03:17
User: N/A
Computer: XXX
Description:
Application popup: 16 bit MS-DOS Subsystem : C:\WINNT\System32\cmd.exe
The NTVDM CPU has encountered an illegal instruction.
CS:ec00 IP:8cd2 OP:ff ff ff ff ff Choose 'Close' to terminate the
application.
Thanks for any pointers
Dave Boatman
CONFIDENTIALITY NOTICE
This communication and the information it contains is intended for the
person or organisation to whom it is addressed. Its contents are
confidential and may be protected in law. Unauthorised use, copying or
disclosure of any of it may be unlawful. If you are not the intended
recipient, please contact us immediately.
The contents of any attachments in this e-mail may contain software viruses,
which could damage your own computer system. While Marlborough Stirling has
taken every reasonable precaution to minimise this risk, we cannot accept
liability for any damage which you sustain as a result of software viruses.
You should carry out your own virus checking procedure before opening any
attachment.
Marlborough Stirling plc, Registered No. 3008820,
Allen Jones House, Jessop Avenue, Cheltenham, Gloucestershire, GL50 3SH
Tel: 01242 547000 Fax: 01242 547100
<http://www.marlborough-stirling.com>
<http://www.exchange.co.uk>
The following companies are subsidiaries of Marlborough Stirling plc and are
registered in England and Wales at the above address:
The Marlborough Stirling Group PLC, Registered No. 1855353
Marlborough Stirling Administration Limited, Registered No. 2341195
Exchange FS Group plc, Registered No. 3760381
Exchange FS Limited, Registered No. 2596452
Crisp Computing Limited, Registered No. 1547979
________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs Email
Security System. For more information on a proactive email security
service working around the clock, around the globe, visit
http://www.messagelabs.com
________________________________________________________________________
********************************************************
This Week's Sponsor - RTO Software / TScale
What's keeping you from getting more from your terminal servers? Did you
know, in most cases, CPU Utilization IS NOT the single biggest constraint to
scaling up?! Get this free white paper to understand the real constraints &
how to overcome them. SAVE MONEY by scaling-up rather than buying more
servers.
http://www.rtosoft.com/Enter.asp?ID=147
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
***********************************************************************************
EDF Energy plc internet e-mail disclaimer
This e-mail and any files transmitted with it are confidential and may be
protected by legal privilege. If you are not the intended recipient, please
notify the sender and delete the e-mail from your system. This e-mail has been
scanned for malicious content but the internet is inherently insecure and EDF
Energy plc cannot accept any liability for the integrity of this message or its
attachments. No employee or agent of EDF Energy plc or any related company is
authorised to conclude any binding agreement on behalf of EDF Energy plc or any
related company by e-mail. All e-mails sent and received by EDF Energy plc are
monitored to ensure compliance with the company's information security policy.
***********************************************************************************
********************************************************
This Week's Sponsor - RTO Software / TScale
What's keeping you from getting more from your terminal servers? Did you know,
in most cases, CPU Utilization IS NOT the single biggest constraint to scaling
up?! Get this free white paper to understand the real constraints & how to
overcome them. SAVE MONEY by scaling-up rather than buying more servers.
http://www.rtosoft.com/Enter.asp?ID=147
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
Other related posts:
