Hi,

I have had this same problem twice in 2 weeks, previously very stable.

Users complain that they can't log on in morning.

On inspection, server short of virtual memory, two processes (mad.exe and
wmiprose.exe) are consuming all precessor power and DHCP won't work.

Killing mad.exe retunrs processor back to mormal and releases memory, but
DHCP Server won't re-start.

The system log shows the following error 'The server was unable to allocate
from the system nonpaged pool because the pool was empty.' repeatedly since
the previous night. Earlier entries are typical.

I have NOT installed any new applications recently (for ages) but I did
apply latest Windows updates prior to this happening.

Any help is greatly appreciated,

cheers,

NEIL

Hi Niel,

Can you tell us a bit more about this server? What services are running on
the server and what the hardware is (e.g. amount of RAM)?

--
Mike
Microsoft MVP - Windows Security

"Neil Jarman" <neil@tNOiSPAMvPLEASEy.co.uk> wrote in message
news:dm6por$kgg$1$8300dec7@news.demon.co.uk...

Mad.exe is a virus...

http://www.trendmicro.com/vinfo/viru...%2EBJW&VSect=T

-Frank

"Neil Jarman" <neil@tNOiSPAMvPLEASEy.co.uk> wrote in message
news:dm6por$kgg$1$8300dec7@news.demon.co.uk...

Hi,

mad.exe is also a valid Microsoft Exchange Service (Microsoft Exchange
System Attendant).

--
Mike
Microsoft MVP - Windows Security

"Frankster" <Frank@SPAM2TRASH.com> wrote in message
news:guKdnc1uxeNprxreRVn-oQ@giganews.com...

Ah.... gotcha. Hopefully the OP does not have the virus.

-Frank

Sorry. Setup is a follows:

W2003 Std Server, Domain Controller, Exchange Server, File Server.

1 Gb RAM. SCSI drives. Ultrium tape drive.

Spam software - GFI Mail Essentials.

Virus software - Symantec Enterprise Server v10 & Mail Server (or whatever
it's called)

I have the same setup in several companies, this is th eonly one having
problems.

NEIL


"Miha Pihler [MVP]" <mihap-news@atlantis.si> wrote in message
news:%23fPuTbd8FHA.444@TK2MSFTNGP11.phx.gbl...

Hi,

do you have /3GB switch in boot.in file for exchange?

Exchange memory use and the /3GB switch
http://support.microsoft.com/default...Product=exch2k

Also check AV configuration (make sure that folder mentioned in KB are
excluded from AV scanning)!

Overview of Exchange Server 2003 and antivirus software
http://support.microsoft.com/kb/823166

Virus scanning recommendations on a Windows 2000 or on a Windows Server 2003
domain controller
http://support.microsoft.com/default...b;en-us;822158

--
Mike
Microsoft MVP - Windows Security

"Neil Jarman" <neil@tNOiSPAMvPLEASEy.co.uk> wrote in message
news:dm85ub$9g2$1$8300dec7@news.demon.co.uk...

I have up to date virus protection running.

Pun apart, any other ideas why thi file should go mad?

NEIL

Did you check your configuration and what I posted as reply?

How about event logs (Application and System logs)? Any errors?

--
Mike
Microsoft MVP - Windows Security


"Neil Jarman" <neil@tNOiSPAMvPLEASEy.co.uk> wrote in message
news:dmff4g$kmj$1$8300dec7@news.demon.co.uk...

Hi Mike,

Thanks for your continued input.

I can confirm that the /3Gb switch is not in use - I assume this is
correct - Microsoft says don't use this on a AD / ES combination.

Virus protection was excluding some exchange folders, but not (my fault) the
actual DB, which I moved fom the C drive to the D drive. Also wasn;t
excluding the inetsrv folder. Both these are now excluded.


Regarding the System logs:

After the backup finished at 21:14, there was nothing until 22:18 when 'The
WinHTTP Web Proxy Auto Discoery Service was successfully sent a start
control' followed by several related entries and finally a stop at 22:34.

There was nothing until 23:23 when I got this error: 'The server was unable
to allocate from the system nonpaged pool because the pool was empty.'

After that the DHCP 'failed to see a directiry server for authentication' at
23:36.

At 01:30 the system issued a virtual memory warning.

I have no info for the Application log as it file dup and deleted the
earlier entries!!


NEIL



"Miha Pihler [MVP]" <mihap-news@atlantis.si> wrote in message
news:OOoBXdE9FHA.4076@tk2msftngp13.phx.gbl...

Sorry, what does AD/ES stand for?

--
Mike
Microsoft MVP - Windows Security

"Neil Jarman" <neil@tNOiSPAMvPLEASEy.co.uk> wrote in message
news:dmhe3l$4v9$1$830fa79d@news.demon.co.uk...

Another question; what is the Antivirus software that you use on this
server?

--
Mike
Microsoft MVP - Windows Security

"Neil Jarman" <neil@tNOiSPAMvPLEASEy.co.uk> wrote in message
news:dmhe3l$4v9$1$830fa79d@news.demon.co.uk...

OK. I re-read your answers and found this out ...

Can you change your AV configuration as sugested by the article (exclude the
DB) and see if you still have the problem?

--
Mike
Microsoft MVP - Windows Security

"Miha Pihler [MVP]" <mihap-news@atlantis.si> wrote in message
news:uFaDmaQ9FHA.1844@TK2MSFTNGP11.phx.gbl...

Hi Mike,

By AD/ES I meant Active Domain and Exchange Server - get confused with
terminology sometimes.

Virus software is Symantec AntiVirus Corporate Edition v10.

I have now excluded all files as per article on Virus Software.

There has not been a recurrence since I started posting = 1 week.

Thanks for your perseverence on this.

NEIL




"Miha Pihler [MVP]" <mihap-news@atlantis.si> wrote in message
news:eW9MYeQ9FHA.1248@TK2MSFTNGP14.phx.gbl...

Well, if things are normal for now lets leave it at that. Check back if the
problem reappears.

--
Mike
Microsoft MVP - Windows Security

"Neil Jarman" <neil@tNOiSPAMvPLEASEy.co.uk> wrote in message
news:dmj7tc$4ts$1$8300dec7@news.demon.co.uk...

Mike,

Once again, many thanks for your input.

NEIL

create batch files to restart servives durring off hours

that's my solution now a days for everything MS related

saves a lot of time and needless frustration