Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

MS remote desktop connection causes target system crash

Created: 10 Oct 2012 | 5 comments

I have some servers run Win2003 /w sp2 on them.

And I noticed last year that when using MS remote desktop connection tool to connect some of them, and then the target system crash.

the event log would be :

event ID: 1003
Description Error code 1000007f,parameter1 00000008,parameter2 f7737fe0,parameter3 00000000,parameter4 00000000.

Last year I ran antivirus 10.0 on them, and I found that antivirus 10/11 would cause system crash when using remote desktop connection.

This year I upgraded the antivirus platform to Sep12.1.

Yesterday, A new fileserver with win2003 std R2 sp2 and Sep12.1 just installed a few days, got the similar problem when using remote desktop connection.

event ID: 1003
Description Error code 1000007f,parameter1 00000008,parameter2 f77affe0,parameter3 00000000,parameter4 00000000.

I tried to used debugging tool for windows to analyse the .dmp files that generated last year.

I can see debugging tool reports:

Probably caused by : SYMEVENT.SYS ( SYMEVENT+78e1 )

but, unluckly, maybe the .dmp file generated yesterday is not completely finished before system auto reboot,  debugging tool reports:

Probably caused by : Unknown_Image.

through GOOGLE search engine, I found that some people met the same problem.

they said if they used remote desktop connection first time in a day, the target system would crash, after reboot, they could use remote desktop and target system would not crash. but next day or next few days, same problem occurred.

in my environment, if I want to change some setting, I would choose to go to server side rather than use remote desktop connection to avoid system crash. 

but this is not a solution, I have to find out what cause system crash since the antivirus software upgraded but the same system error event id still exists.

if this problem still exists with SEP12.1 on Win2003?

 

attachments: old_crash_dmp.rar (installed antivirus 10.0)

                     new_crach_dmp.rar(installed SEP12.1, only one file, generated yesterday)

 

Comments 5 CommentsJump to latest comment

Ashish-Sharma's picture

HI,

What components do you have installed?

have you try to reinstall Sep client package ?

 

Thanks In Advance

Ashish Sharma

 

 

Leo Young's picture

Just antivirus component, no sonar, no IPS, no firewall. (Server basic)

it is a new server for file sharing, win2003 r2 sp2 and SEP12.1 are fresh installed.

Leo Young's picture

It is 0x8e, but mine is 0x7f. but i notice from the website you give that 0x7f on win7 sp1 also said it was caused by win32k.

I will check the details to see if the solution is suit for my case.

thanks a lot.

Leo Young's picture

I think i can not find out more details from .dmp file generated yesetday. it seems that i have to try to use remote desktop connection and let system crash to get more .dmp files.