Monday, June 11, 2007

Domain Controller Issue

Recently two of our Windows Server 2003 Domain Controllers were behaving abnormally. The two Domain Controllers will just refuse to perform authentication and we cannot logon to the Domain Controllers when this happens. The only way was to restart the Domain Controllers and it will be back to normal. At first I thought that the two Domain Controllers just needed a reboot. But well, it turned out that I was wrong.

Going throught the System Event Log, I noticed that the following event was logged multiple times.

Event ID 2020
Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2020
Description:
The server was unable to allocate from the system paged pool because the pool was empty.

After doing some research, I found an article (Understanding Pool Consumption and Event ID: 2020 or 2019) by Tate to be very useful. Following his troubleshooting steps, I discovered that the snmp.exe process is the culprit. But why is this legitimate process causing problem?

Well, my colleague told me that by checking the registry key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ExtensionAgents”, I can find out agents that are using SNMP. In the end, it was the Intel Network Card’s SNMP agent that was causing the problem. We had actually uninstall the SNMP agent via the Add/Remove Program long time ago but it seems like the uninstallation did not remove the registry entry and the DLL file. I deleted the registry entry and the snmp.exe process was back to normal.

No comments: