Windows 7 Explorer Crash

Finally, got the annoying "Windows Explorer stopped working" problem resolved!

Prior to that, I saw the following message box appearing from time to time:



Checking the Event Viewer doesn't shed much light in the dark:

Log Name:      Application

Source:        Application Error

Date:          4/8/2012 9:32:57 AM

Event ID:      1000

Task Category: (100)

Level:         Error

Keywords:      Classic

User:          N/A

Computer:      PC

Description:

Faulting application name: explorer.exe, version: 6.1.7601.17514, time stamp: 0x4ce796f3

Faulting module name: unknown, Version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x0413fc5c

Faulting process id: 0x1324

Faulting application start time: 0x01cd38a8fc8fbf3a

Faulting application path: C:\Windows\explorer.exe

Faulting module path: unknown

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="Application Error" />

    <EventID Qualifiers="0">1000</EventID>

    <Level>2</Level>

    <Task>100</Task>

    <Keywords>0x80000000000000</Keywords>

    <TimeCreated SystemTime="2012-05-23T06:00:09.000000000Z" />

    <EventRecordID>2169</EventRecordID>

    <Channel>Application</Channel>

    <Computer>PC</Computer>

    <Security />

  </System>

  <EventData>

    <Data>explorer.exe</Data>

    <Data>6.1.7601.17514</Data>

    <Data>4ce796f3</Data>

    <Data>unknown</Data>

    <Data>0.0.0.0</Data>

    <Data>00000000</Data>

    <Data>c0000005</Data>

    <Data>0413fc5c</Data>

    <Data>1324</Data>

    <Data>01cd38a8fc8fbf3a</Data>

    <Data>C:\Windows\explorer.exe</Data>

    <Data>unknown</Data>

  </EventData>

</Event>

So I decided to enable "Windows Error Reporting", for generating a dump file during the next crash.
This was done by setting the following registry keys:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\Explorer.exe]
"DumpFolder"=hex(2):43,00,3a,00,5c,00,54,00,65,00,6d,00,70,00,00,00
"DumpType"=dword:00000002

By using "WinDbg" from the "Debugging Tools for Windows", I've started analysing the dump file:

0:011> !analyze -v *****************************************************
*                                                   *
*                 Exception Analysis                *
*                                                   *
*****************************************************
FAULTING_IP:
+21
0413fc5c 0cfe            or      al,0FEh
EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 0413fc5c
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000008
   Parameter[1]: 0413fc5c
Attempt to execute non-executable address 0413fc5c
DEFAULT_BUCKET_ID:  SOFTWARE_NX_FAULT
PROCESS_NAME:  explorer.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.
EXCEPTION_PARAMETER1:  00000008
EXCEPTION_PARAMETER2:  0413fc5c
WRITE_ADDRESS:  0413fc5c
FOLLOWUP_IP:
ole32!COIDTable::ThreadCleanup+0
76c89103 8bff            mov     edi,edi
FAILED_INSTRUCTION_ADDRESS:
+677f2faf03c8dbec
0413fc5c 0cfe            or      al,0FEh
MOD_LIST: <ANALYSIS/>
NTGLOBALFLAG:  0
APPLICATION_VERIFIER_FLAGS:  0
LAST_CONTROL_TRANSFER:  from 76c55d3f to 0413fc5c
ADDITIONAL_DEBUG_TEXT:  Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]
FAULTING_THREAD:  ffffffff
PRIMARY_PROBLEM_CLASS:  SOFTWARE_NX_FAULT
BUGCHECK_STR:  APPLICATION_FAULT_SOFTWARE_NX_FAULT
IP_ON_STACK:
+677f2faf03c8dbec
0413fc5c 0cfe            or      al,0FEh
STACK_TEXT: 
0413fc4c 0413fc5c unknown!unknown+0x0
0413fc64 76c55d3f ole32!COIDTable::ThreadCleanup+0xcb
0413fe14 76c88f82 ole32!FinishShutdown+0x9d
0413fe58 76c88ec3 ole32!ApartmentUninitialize+0x96
0413fe78 76c7bac3 ole32!wCoUninitialize+0x153
0413fe90 76c888e8 ole32!CoUninitialize+0x72
0413feac 73b3314a networkitemfactory!FDBackgroundThreadHandler+0x21
0413feb4 771f43c0 shlwapi!WrapperThreadProc+0x1b5
0413ff3c 7702ed6c kernel32!BaseThreadInitThunk+0xe
0413ff48 773e377b ntdll!__RtlUserThreadStart+0x70
0413ff88 773e374e ntdll!_RtlUserThreadStart+0x1b

STACK_COMMAND:  .cxr 0413F968 ; kb ; dds 413fc4c ; kb
SYMBOL_NAME:  ole32!COIDTable::ThreadCleanup+0
FOLLOWUP_NAME:  MachineOwner
MODULE_NAME: ole32
IMAGE_NAME:  ole32.dll
DEBUG_FLR_IMAGE_TIMESTAMP:  4ce7b96f
FAILURE_BUCKET_ID:  SOFTWARE_NX_FAULT_c0000005_ole32.dll!COIDTable::ThreadCleanup
BUCKET_ID:  APPLICATION_FAULT_SOFTWARE_NX_FAULT_BAD_IP_ole32!COIDTable::ThreadCleanup+0
WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/explorer_exe/6_1_7601_17514/4ce796f3/unknown/0_0_0_0/bbbbbbb4/c0000005/0413fc5c.htm?Retriage=1
Followup: MachineOwner
---------

"Networkitemfactory"? Sounds strange..
A quick search on the web was forwarding me directly to the Microsoft Knowledgebase Article ID: 2494427

Windows Explorer may crash randomly when the network discovery state is set to On in Windows 7

Installed the hotfix, and the problem was solved!

Exchange 2010 with NLB on HP ProCurve

Assuming you plan to implement Microsoft Exchange 2010 and have some budget left, what do you do?
We decided to support the project with an external Exchange-specialized consultant. So far so good.

After going through the design-phase we worked out the following Exchange installation plan:
- 2 mailbox stores, with database availability group (DAG)
- 2 combined clientaccess (CAS) and hub/transport (HT) servers, with network load balancing (NLB)

The installation went more or less quick and smoothly. But afterwards..

I'm picking out one (hopefully interesting) issue, we sorted out a few days later.

During an internal network scan, we were surprised about the following finding:
The broadcast got an intermittent strong increase.

Futher analyzing showed up: multicast traffic from NLB was flooding all ports within the same vlan, instead only the designated ports.

How can this happen?
Cause #1: The Exchange-specialist knows how to click through the NLB setup, but had no in-depth knowledge of it.
Cause #2: The network switch, on which Exchange NLB was attached to, was an HP ProCurve.

Solution: A static MAC entry needs to be configured on the switch.

So we thought this could be fixed quite easy, but were brought down to earth very quickly..
After trying to set the required static entry, the following error appeared:

 PROCURVE(config)# static 03bf0a-c8027e interface A2
 Value static is invalid.

It turned out, that the used HP ProCurve switches were not accepting Microsoft NLB MAC addresses...


How to succeed?
Buy other switches, VLAN it off or check the NLB multicast IGMP option.



There is a sample configuration for Cisco switches available at vmware.com:
http://kb.vmware.com/kb/1006525

VMware VCB backup problem (with iSCSI LUN)

So you're using VMware Consolidated Backup (VCB) with iSCSI disks and the backup is no longer working?
First, check the output of a failed vcbMounter backup job:

[2011-06-30 10:17:24.315 'App' 5664 error] No path to device LVID:2bedb412-a987b654-1234-012a345b6cde/2bedb412-9bc87d6e-abcd-012a345b6cde/1 found.
[2011-06-30 10:17:24.315 'BlockList' 5664 error]
[2011-06-30 10:17:24.529 'vcbMounter' 5664 error] Error: Failed to open the disk: Cannot access a SAN/iSCSI LUN backing this virtual disk. (Hint: If you are using vcbMounter you can use the option "-m nbd" to switch to network based disk access if this is what you want.) If you were attempting file-level access, stop the vmount Service by typing "net stop vmount2" on a command prompt to force vmount to re-scan for SAN LUNs and re-try the command.
[2011-06-30 10:17:24.529 'vcbMounter' 5664 error] An error occurred, cleaning up

Executing the VCB SAN debug tool is another good idea to get more information:

C:\Program Files\VMware\VMware Consolidated Backup Framework>vcbsandbg
[2011-06-30 10:20:40.300 'App' 848 info] Current working directory: C:\Program Files\VMware\VMware Consolidated Backup Framework
[2011-06-30 10:20:40.316 'BaseLibs' 848 info] HOSTINFO: Seeing Intel CPU, numCoresPerCPU 1 numThreadsPerCore 2.
[2011-06-30 10:20:40.316 'BaseLibs' 848 info] HOSTINFO: This machine has 1 physical CPUS, 1 total cores, and 2 logical CPUs.
[2011-06-30 10:20:40.316 'App' 848 verbose] Building SCSI Device List...
[2011-06-30 10:20:40.378 'App' 848 trivia] Evaluating 1 paths.
[2011-06-30 10:20:40.378 'App' 848 trivia] Trying to open path \\?\scsi#disk&ven_netapp__&prod_lun_____________&rev_7654#1&2abc3d45&6&000001#{23e45678-f9ab-12c3-45d6-01a2b34cde5f}.
[2011-06-30 10:20:40.378 'App' 848 info] Now using Path \\?\scsi#disk&ven_netapp__&prod_lun_____________&rev_7654#1&2abc3d45&6&000001#{23e45678-f9ab-12c3-45d6-01a2b34cde5f}.
[2011-06-30 10:20:40.378 'App' 848 trivia] Reading 32256 bytes from offset 0.
[2011-06-30 10:20:40.394 'App' 848 trivia] Found 1 partition(s) on this device.
[2011-06-30 10:20:40.394 'App' 848 trivia] Evaluating 1 paths.
[2011-06-30 10:20:40.394 'App' 848 trivia] Trying to open path \\?\scsi#disk&ven_netapp__&prod_lun_____________&rev_7654#1&2abc3d45&6&000001#{23e45678-f9ab-12c3-45d6-01a2b34cde5f}.
[2011-06-30 10:20:40.394 'App' 848 info] Now using Path \\?\scsi#disk&ven_netapp__&prod_lun_____________&rev_7654#1&2abc3d45&6&000001#{23e45678-f9ab-12c3-45d6-01a2b34cde5f}.
[2011-06-30 10:20:40.394 'App' 848 trivia] Reading 32256 bytes from offset 0.
[2011-06-30 10:20:40.394 'App' 848 trivia] Found 1 partition(s) on this device.
[2011-06-30 10:20:40.394 'App' 848 error] Dumping SCSI Device/LUN List.
[2011-06-30 10:20:40.394 'App' 848 info] **** Begin SCSI Device LIst ****
[2011-06-30 10:20:40.394 'App' 848 info] Found SCSI Device: NAA:70a9800070654321098765432109876b5c432d102030
[2011-06-30 10:20:40.394 'App' 848 info] Visible on 1 paths:
[2011-06-30 10:20:40.394 'App' 848 info] Device Name: \\?\scsi#disk&ven_netapp__&prod_lun_____________&rev_7654#1&2abc3d45&6&000001#{23e45678-f9ab-12c3-45d6-01a2b34cde5f}, Bus: 0 Target: 0 Lun: 2
[2011-06-30 10:20:40.409 'App' 848 info] Lun does not contain any VMFS/LVM signatures.
[2011-06-30 10:20:40.409 'App' 848 info] Found SCSI Device: NAA:70a9800070654321098765432109876b5c432d102030
[2011-06-30 10:20:40.409 'App' 848 info] Visible on 1 paths:
[2011-06-30 10:20:40.409 'App' 848 info] Device Name: \\?\scsi#disk&ven_netapp__&prod_lun_____________&rev_7654#1&2abc3d45&6&000001#{23e45678-f9ab-12c3-45d6-01a2b34cde5f}, Bus: 0 Target: 0 Lun: 3
[2011-06-30 10:20:40.409 'App' 848 info] Lun does not contain any VMFS/LVM signatures.
[2011-06-30 10:20:40.409 'App' 848 info] **** End SCSI Device LIst ****

So, the VCB is no langer able to find the VMFS disk.
Checking the Windows disk management: you will find the VMware disk in an Unallocated state

Or in the vSphere Client: (selecting a host, choose "Configuration", "Storage" and change the view to "Devices") - No VMFS partition shows up here..

What happened?
Most probably, the Windows diskpart automount feature (which is enabled by default) has written its own signature to the VMware disks.
http://technet.microsoft.com/en-us/library/cc753703(WS.10).aspx
Btw, it's generally a good idea to disable this feature on a server which is connected to iSCSI LUNs.

Solution: To change the disk signature back to VMFS, connect to the console of a vSphere host server.
Login as 'root' and execute the following command:
(to search for a disk which has no detailed informations listed)
[root@host /]# fdisk -l
...
Disk /dev/sdd: 408.0 GB, 408063836160 bytes
255 heads, 63 sectors/track, 49610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
 Device Boot      Start         End      Blocks   Id  System
                                                                                               <= missing information
[root@host /]#
[root@host /]# fdisk -u /dev/sdd
The number of cylinders for this disk is set to 49610.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
   (e.g., DOS FDISK, OS/2 FDISK):

Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)

p

Partition number (1-4): 1

First sector (63-614465535, default 63): 128
Last sector or +size or +sizeM or +sizeK (128-614465535, default 614465535):
Using default value 614465535

Command (m for help): t
Selected partition 1
Hex code (type L to list codes): fb
Changed system type of partition 1 to fb (VMware VMFS)

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.
[root@host /]# vmkfstools -V
[root@host /]# 

For more information, visit the following site:
http://kb.vmware.com/kb/1002281

Attention: If you have several disks with missing VMFS signatures, change all disk signatures at the same time.
As long as you re-signature only one disk (e.g. for testing), you could have problems connecting to this 'repaired' disk.

Slow RDC / SQL performance using Windows 7 / 2008 R2

Are you experiencing slow remote desktop connections (RDC)?
Or is the database-connect to your SQL server not working properly?

Then have a look at the following Windows feature: Receive Window Auto-Tuning
http://support.microsoft.com/kb/934430/en-us

Right-click Command Prompt, and then click Run as Administrator.
To display the current setting, type the following command, and then press ENTER:

 netsh interface tcp show global

You will find the "Receive Window Auto-Tuning" set to normal.

To disable this feature, type the following command, and then press ENTER:

 netsh interface tcp set global autotuninglevel=disabled


Generally, it seems to be a good idea to disable this feature in a business-related environment.
I've seen this autotuning feature too often screwing up network traffic..



For more information, visit the following site:
http://technet.microsoft.com/en-us/magazine/cc162519.aspx