IIS Worker W3WP errors - randomly occuring

[Skipdog77]

I am experiencing random IIS Worker thread errors. Not sure how to determine what is causing. The install is clean using the latest Windows installer version of Cacti.

I'm going to attempt to attach picture of error messages.

Brian

[BSOD2600]

1) do you run any other websites on this server?
2) have you installed cacti 0.8.6j? If not, its possible the server was compromised with the security holes in 0.8.6i. Run a virus scan and chkdsk c: /f.
3) What versions of everything are you running?

[Skipdog77]

1) No, this is the only site on the machine. It hasn't been compromised as once installed it had Symantec loaded.

2) yes installed 0.8.6j as soon as I finished your windows installer. Server is very clean, nothing else loaded on the box.

3) Windows Server 2003 SP1, fully patched. IIS6 of course that is included with server 2003. Have you seen antivirus cause problems with Cacti? Symantec Corporate 10.1 is running on the server and is running on our production cacti server. Our curent production Cacti server is running Apache, not IIS.

Brian

[BSOD2600]

Alright, well I'm betting its php related. Try upgrading to 5.2.0 (not 5.2.1) and see if that fixes the problem. If not, then its time to troubleshoot exactly whats causing it to crash. Google has several answers to finding this out. Here is one: http://www.issociate.de/board/post/2695 ... close.html

[Neal4IU]

I am also experiencing this problem. Random w3wp.exe faults. They didn't seem to begin until I installed the Thold plugin and started configuring some threshold monitoring. I have included my cacti host information below. I hope to troubleshoot this some in the coming days. It is not a crippling but is a problem for a production server.

Cacti Version - 0.8.6i
Plugin Architecture - 1.1
Poller Type - Cactid v0.8.6i
Server Info - Windows NT 5.2
Web Server - Microsoft-IIS/6.0
PHP - 5.1.6
PHP Extensions - bcmath, calendar, com_dotnet, ctype, date, ftp, hash, iconv, odbc, pcre, Reflection, session, libxml, standard, tokenizer, zlib, SimpleXML, dom, SPL, wddx, xml, xmlreader, xmlwriter, ISAPI, mysql, snmp, sockets, gd
MySQL - 5.0.27-community-nt
RRDTool - 1.2.15
SNMP - snmpwalk [OPTIONS] AGENT [OID]

Version: 5.3.1
Web: http://www.net-snmp.org/
Email: net-snmp-coders@lists.sourceforge.net

OPTIONS:
-h, --help display this help message
-H display configuration file directives understood
-v 1|2c|3 specifies SNMP version to use
-V, --version display package version number
SNMP Version 1 or 2c specific
-c COMMUNITY set the community string
SNMP Version 3 specific
-a PROTOCOL set authentication protocol (MD5|SHA)
-A PASSPHRASE set authentication protocol pass phrase
-e ENGINE-ID set security engine ID (e.g. 800000020109840301)
-E ENGINE-ID set context engine ID (e.g. 800000020109840301)
-l LEVEL set security level (noAuthNoPriv|authNoPriv|authPriv)
-n CONTEXT set context name (e.g. bridge1)
-u USER-NAME set security name (e.g. bert)
-x PROTOCOL set privacy protocol (DES)
-X PASSPHRASE set privacy protocol pass phrase
-Z BOOTS,TIME set destination engine boots/time
General communication options
-r RETRIES set the number of retries
-t TIMEOUT set the request timeout (in seconds)
Debugging
-d dump input/output packets in hexadecimal
-D TOKEN[,...] turn on debugging output for the specified TOKENs
(ALL gives extremely verbose debugging output)
General options
-m MIB[:...] load given list of MIBs (ALL loads everything)
-M DIR[:...] look in given list of directories for MIBs
-P MIBOPTS Toggle various defaults controlling MIB parsing:
u: allow the use of underlines in MIB symbols
c: disallow the use of "--" to terminate comments
d: save the DESCRIPTIONs of the MIB objects
e: disable errors when MIB symbols conflict
w: enable warnings when MIB symbols conflict
W: enable detailed warnings when MIB symbols conflict
R: replace MIB symbols from latest module
-O OUTOPTS Toggle various defaults controlling output display:
0: print leading 0 for single-digit hex characters
a: print all strings in ascii format
b: do not break OID indexes down
e: print enums numerically
E: escape quotes in string indices
f: print full OIDs on output
n: print OIDs numerically
q: quick print for easier parsing
Q: quick print with equal-signs
s: print only last symbolic element of OID
S: print MIB module-id plus last element
t: print timeticks unparsed as numeric integers
T: print human-readable text along with hex strings
u: print OIDs using UCD-style prefix suppression
U: don't print units
v: print values only (not OID = value)
x: print all strings in hex format
X: extended index format
-I INOPTS Toggle various defaults controlling input parsing:
b: do best/regex matching to find a MIB node
h: don't apply DISPLAY-HINTs
r: do not check values for range/type legality
R: do random access to OID labels
u: top-level OIDs must have '.' prefix (UCD-style)
s SUFFIX: Append all textual OIDs with SUFFIX before parsing
S PREFIX: Prepend all textual OIDs with PREFIX before parsing
-L LOGOPTS Toggle various defaults controlling logging:
e: log to standard error
o: log to standard output
n: don't log at all
f file: log to the specified file
s facility: log to syslog (via the specified facility)

(variants)
[EON] pri: log to standard error, output or /dev/null for level 'pri' and above
[EON] p1-p2: log to standard error, output or /dev/null for levels 'p1' to 'p2'
[FS] pri token: log to file/syslog for level 'pri' and above
[FS] p1-p2 token: log to file/syslog for levels 'p1' to 'p2'
-C APPOPTS Set various application specific behaviours:
p: print the number of variables found
i: include given OID in the search range
I: don't include the given OID, even if no results are returned
c: do not check returned OIDs are increasing
t: Display wall-clock time to complete the request
Plugins

• Create Aggregate Graphs (aggregate - v0.3)
  Network Tools (tools - v0.2)
  PHP Network Weathermap (weathermap - v0.82)
  Read-only Devices Tab (devices - v0.4)
  Host Info (hostinfo - v0.1)
  Thresholds (thold - v0.3.2)

[BSOD2600]

Well the sure fire way to find out of thold is the culprit, is to disable/remove it and see if the problem goes away. If it does, then you need to hit up the thold author about this problem.

[bmarofsky]

1) No, this is the only site on the machine. It hasn't been compromised as once installed it had Symantec loaded.

2) yes installed 0.8.6j as soon as I finished your windows installer. Server is very clean, nothing else loaded on the box.

3) Windows Server 2003 SP1, fully patched. IIS6 of course that is included with server 2003. Have you seen antivirus cause problems with Cacti? Symantec Corporate 10.1 is running on the server and is running on our production cacti server. Our curent production Cacti server is running Apache, not IIS.

Brian

Any more on this? I am see the same thing.

[BSOD2600]

1) is the faulting module listed?
2) using anything else but cacti on your server?
3) browsed through your IIS logs to see if someone is trying to exploit IIS?

[TheWitness]

Please insure all the Cacti patches are installed. There was a problem with RRDtool causing the web site to lock up that was addressed via a patch some time ago.

TheWitness