Are you able to remote control the box via DUO without problems? If so, what could be happening is that the RDP session is running through the usual terminal services logon scripts and for whatever reason that logon process for the session is 'blue screening' and causing the box itself to 'blue screen'. Generally a session blue screening should not bring the kernel down, but it is possible in some circumstances.. a well known case is where two sessions are blue screening and both attempting to write to a dump file at the same time.. this will cause the entire box to blue screen. as the box is rebooting, I assume it has been configured to write to dump file and reboot... if so, check out the dump file and you will see what is causing the reboot, or alternatively, disable auto reboot and read the 'blue screen of death' Non maskable Interrupt dump screen to see what is throwing the fatal interruption. going back to your original note Dave, the NTVDM error seemed to be user specific. I would look at this area instead, something in the profile wanting something it shouldnt?? also, you say that running up an RDP session to the ts box causes it to crash? Isn't that what you were doing when getting the ntvdm errors?? are you doing something different? -----Original Message----- From: Dave.Boatman@xxxxxxxxxxxxxx [mailto:Dave.Boatman@xxxxxxxxxxxxxx] Sent: 07 August 2003 11:24 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: NTVDM - illegal instruction Hmm.. don't think it's my day today.. Thanks to Tim and Brian for their suggestions Anyone seen this before .. or is it my setup ? I'm trying to run Filemon (sysinternals) to see the logon process to try to debug my original error. Everytime I open up a RDP session to the T/S box it reboots the T/S box. The box is remote so I use PC-DUO to administer it. Compaq DL380/G2, dual cpu,1.5Gb RAM. W2K SP3 with all the critical security patches. Anyone had this working correctly ?.. If so I'll go down another route. Thanks Dave Boatman -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] Sent: 06 August 2003 13:01 To: thin@xxxxxxxxxxxxx Subject: [THIN] NTVDM - illegal instruction Any suggestions as to how to debug this ?. W2K Advanced Server,SP3 + T/S. Users have roaming profiles (if this helps) Only seems to affect newly created users.. or previously created users from some OU's Not all users are affected This happens about 20/30 seconds after they login. Also doesn't seem to affect anything for the user I've disabled the kix script (which gets pulled from the usrlogin.cmd) - still no joy. Usrlogin.cmd is now vanilla Tried reapplying the SP.. no joy Rebooted the server. Looked for "rogue" versions of command.com .. couldn't find any Nothing in the GP under logon/logoff scripts To my knowledge there are no 16 bit apps on the box that I call but maybe something else calls something as part of the login process Event Type: Information Event Source: Application Popup Event Category: None Event ID: 26 Date: 06/08/2003 Time: 12:03:17 User: N/A Computer: XXX Description: Application popup: 16 bit MS-DOS Subsystem : C:\WINNT\System32\cmd.exe The NTVDM CPU has encountered an illegal instruction. CS:ec00 IP:8cd2 OP:ff ff ff ff ff Choose 'Close' to terminate the application. Thanks for any pointers Dave Boatman CONFIDENTIALITY NOTICE This communication and the information it contains is intended for the person or organisation to whom it is addressed. Its contents are confidential and may be protected in law. Unauthorised use, copying or disclosure of any of it may be unlawful. If you are not the intended recipient, please contact us immediately. The contents of any attachments in this e-mail may contain software viruses, which could damage your own computer system. While Marlborough Stirling has taken every reasonable precaution to minimise this risk, we cannot accept liability for any damage which you sustain as a result of software viruses. You should carry out your own virus checking procedure before opening any attachment. Marlborough Stirling plc, Registered No. 3008820, Allen Jones House, Jessop Avenue, Cheltenham, Gloucestershire, GL50 3SH Tel: 01242 547000 Fax: 01242 547100 <http://www.marlborough-stirling.com> <http://www.exchange.co.uk> The following companies are subsidiaries of Marlborough Stirling plc and are registered in England and Wales at the above address: The Marlborough Stirling Group PLC, Registered No. 1855353 Marlborough Stirling Administration Limited, Registered No. 2341195 Exchange FS Group plc, Registered No. 3760381 Exchange FS Limited, Registered No. 2596452 Crisp Computing Limited, Registered No. 1547979 ________________________________________________________________________ This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com ________________________________________________________________________ ******************************************************** This Week's Sponsor - RTO Software / TScale What's keeping you from getting more from your terminal servers? Did you know, in most cases, CPU Utilization IS NOT the single biggest constraint to scaling up?! Get this free white paper to understand the real constraints & how to overcome them. SAVE MONEY by scaling-up rather than buying more servers. http://www.rtosoft.com/Enter.asp?ID=147 ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm *********************************************************************************** EDF Energy plc internet e-mail disclaimer This e-mail and any files transmitted with it are confidential and may be protected by legal privilege. If you are not the intended recipient, please notify the sender and delete the e-mail from your system. This e-mail has been scanned for malicious content but the internet is inherently insecure and EDF Energy plc cannot accept any liability for the integrity of this message or its attachments. No employee or agent of EDF Energy plc or any related company is authorised to conclude any binding agreement on behalf of EDF Energy plc or any related company by e-mail. All e-mails sent and received by EDF Energy plc are monitored to ensure compliance with the company's information security policy. *********************************************************************************** ******************************************************** This Week's Sponsor - RTO Software / TScale What's keeping you from getting more from your terminal servers? Did you know, in most cases, CPU Utilization IS NOT the single biggest constraint to scaling up?! Get this free white paper to understand the real constraints & how to overcome them. SAVE MONEY by scaling-up rather than buying more servers. http://www.rtosoft.com/Enter.asp?ID=147 ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm