I have some servers run Win2003 /w sp2 on them.
And I noticed last year that when using MS remote desktop connection tool to connect some of them, and then the target system crash.
the event log would be :
event ID: 1003
Description Error code 1000007f,parameter1 00000008,parameter2 f7737fe0,parameter3 00000000,parameter4 00000000.
Last year I ran antivirus 10.0 on them, and I found that antivirus 10/11 would cause system crash when using remote desktop connection.
This year I upgraded the antivirus platform to Sep12.1.
Yesterday, A new fileserver with win2003 std R2 sp2 and Sep12.1 just installed a few days, got the similar problem when using remote desktop connection.
event ID: 1003
Description Error code 1000007f,parameter1 00000008,parameter2 f77affe0,parameter3 00000000,parameter4 00000000.
I tried to used debugging tool for windows to analyse the .dmp files that generated last year.
I can see debugging tool reports:
Probably caused by : SYMEVENT.SYS ( SYMEVENT+78e1 )
but, unluckly, maybe the .dmp file generated yesterday is not completely finished before system auto reboot, debugging tool reports:
Probably caused by : Unknown_Image.
through GOOGLE search engine, I found that some people met the same problem.
they said if they used remote desktop connection first time in a day, the target system would crash, after reboot, they could use remote desktop and target system would not crash. but next day or next few days, same problem occurred.
in my environment, if I want to change some setting, I would choose to go to server side rather than use remote desktop connection to avoid system crash.
but this is not a solution, I have to find out what cause system crash since the antivirus software upgraded but the same system error event id still exists.
if this problem still exists with SEP12.1 on Win2003?
attachments: old_crash_dmp.rar (installed antivirus 10.0)
new_crach_dmp.rar(installed SEP12.1, only one file, generated yesterday)