IIS Worker W3WP errors - randomly occuring
Moderators: Developers, Moderators
IIS Worker W3WP errors - randomly occuring
I am experiencing random IIS Worker thread errors. Not sure how to determine what is causing. The install is clean using the latest Windows installer version of Cacti.
I'm going to attempt to attach picture of error messages.
Brian
I'm going to attempt to attach picture of error messages.
Brian
- Attachments
-
- IISWorker.JPG (65.55 KiB) Viewed 4614 times
1) do you run any other websites on this server?
2) have you installed cacti 0.8.6j? If not, its possible the server was compromised with the security holes in 0.8.6i. Run a virus scan and chkdsk c: /f.
3) What versions of everything are you running?
2) have you installed cacti 0.8.6j? If not, its possible the server was compromised with the security holes in 0.8.6i. Run a virus scan and chkdsk c: /f.
3) What versions of everything are you running?
| Scripts: Monitor processes | RFC1213 MIB | DOCSIS Stats | Dell PowerEdge | Speedfan | APC UPS | DOCSIS CMTS | 3ware | Motorola Canopy |
| Guides: Windows Install | [HOWTO] Debug Windows NTFS permission problems |
| Tools: Windows All-in-one Installer |
IIS worker thread issue
1) No, this is the only site on the machine. It hasn't been compromised as once installed it had Symantec loaded.
2) yes installed 0.8.6j as soon as I finished your windows installer. Server is very clean, nothing else loaded on the box.
3) Windows Server 2003 SP1, fully patched. IIS6 of course that is included with server 2003. Have you seen antivirus cause problems with Cacti? Symantec Corporate 10.1 is running on the server and is running on our production cacti server. Our curent production Cacti server is running Apache, not IIS.
Brian
2) yes installed 0.8.6j as soon as I finished your windows installer. Server is very clean, nothing else loaded on the box.
3) Windows Server 2003 SP1, fully patched. IIS6 of course that is included with server 2003. Have you seen antivirus cause problems with Cacti? Symantec Corporate 10.1 is running on the server and is running on our production cacti server. Our curent production Cacti server is running Apache, not IIS.
Brian
Alright, well I'm betting its php related. Try upgrading to 5.2.0 (not 5.2.1) and see if that fixes the problem. If not, then its time to troubleshoot exactly whats causing it to crash. Google has several answers to finding this out. Here is one: http://www.issociate.de/board/post/2695 ... close.html
| Scripts: Monitor processes | RFC1213 MIB | DOCSIS Stats | Dell PowerEdge | Speedfan | APC UPS | DOCSIS CMTS | 3ware | Motorola Canopy |
| Guides: Windows Install | [HOWTO] Debug Windows NTFS permission problems |
| Tools: Windows All-in-one Installer |
I am also experiencing this issue...random w3wp.exe faults
I am also experiencing this problem. Random w3wp.exe faults. They didn't seem to begin until I installed the Thold plugin and started configuring some threshold monitoring. I have included my cacti host information below. I hope to troubleshoot this some in the coming days. It is not a crippling but is a problem for a production server.
Cacti Version - 0.8.6i
Plugin Architecture - 1.1
Poller Type - Cactid v0.8.6i
Server Info - Windows NT 5.2
Web Server - Microsoft-IIS/6.0
PHP - 5.1.6
PHP Extensions - bcmath, calendar, com_dotnet, ctype, date, ftp, hash, iconv, odbc, pcre, Reflection, session, libxml, standard, tokenizer, zlib, SimpleXML, dom, SPL, wddx, xml, xmlreader, xmlwriter, ISAPI, mysql, snmp, sockets, gd
MySQL - 5.0.27-community-nt
RRDTool - 1.2.15
SNMP - snmpwalk [OPTIONS] AGENT [OID]
Version: 5.3.1
Web: http://www.net-snmp.org/
Email: net-snmp-coders@lists.sourceforge.net
OPTIONS:
-h, --help display this help message
-H display configuration file directives understood
-v 1|2c|3 specifies SNMP version to use
-V, --version display package version number
SNMP Version 1 or 2c specific
-c COMMUNITY set the community string
SNMP Version 3 specific
-a PROTOCOL set authentication protocol (MD5|SHA)
-A PASSPHRASE set authentication protocol pass phrase
-e ENGINE-ID set security engine ID (e.g. 800000020109840301)
-E ENGINE-ID set context engine ID (e.g. 800000020109840301)
-l LEVEL set security level (noAuthNoPriv|authNoPriv|authPriv)
-n CONTEXT set context name (e.g. bridge1)
-u USER-NAME set security name (e.g. bert)
-x PROTOCOL set privacy protocol (DES)
-X PASSPHRASE set privacy protocol pass phrase
-Z BOOTS,TIME set destination engine boots/time
General communication options
-r RETRIES set the number of retries
-t TIMEOUT set the request timeout (in seconds)
Debugging
-d dump input/output packets in hexadecimal
-D TOKEN[,...] turn on debugging output for the specified TOKENs
(ALL gives extremely verbose debugging output)
General options
-m MIB[:...] load given list of MIBs (ALL loads everything)
-M DIR[:...] look in given list of directories for MIBs
-P MIBOPTS Toggle various defaults controlling MIB parsing:
u: allow the use of underlines in MIB symbols
c: disallow the use of "--" to terminate comments
d: save the DESCRIPTIONs of the MIB objects
e: disable errors when MIB symbols conflict
w: enable warnings when MIB symbols conflict
W: enable detailed warnings when MIB symbols conflict
R: replace MIB symbols from latest module
-O OUTOPTS Toggle various defaults controlling output display:
0: print leading 0 for single-digit hex characters
a: print all strings in ascii format
b: do not break OID indexes down
e: print enums numerically
E: escape quotes in string indices
f: print full OIDs on output
n: print OIDs numerically
q: quick print for easier parsing
Q: quick print with equal-signs
s: print only last symbolic element of OID
S: print MIB module-id plus last element
t: print timeticks unparsed as numeric integers
T: print human-readable text along with hex strings
u: print OIDs using UCD-style prefix suppression
U: don't print units
v: print values only (not OID = value)
x: print all strings in hex format
X: extended index format
-I INOPTS Toggle various defaults controlling input parsing:
b: do best/regex matching to find a MIB node
h: don't apply DISPLAY-HINTs
r: do not check values for range/type legality
R: do random access to OID labels
u: top-level OIDs must have '.' prefix (UCD-style)
s SUFFIX: Append all textual OIDs with SUFFIX before parsing
S PREFIX: Prepend all textual OIDs with PREFIX before parsing
-L LOGOPTS Toggle various defaults controlling logging:
e: log to standard error
o: log to standard output
n: don't log at all
f file: log to the specified file
s facility: log to syslog (via the specified facility)
(variants)
[EON] pri: log to standard error, output or /dev/null for level 'pri' and above
[EON] p1-p2: log to standard error, output or /dev/null for levels 'p1' to 'p2'
[FS] pri token: log to file/syslog for level 'pri' and above
[FS] p1-p2 token: log to file/syslog for levels 'p1' to 'p2'
-C APPOPTS Set various application specific behaviours:
p: print the number of variables found
i: include given OID in the search range
I: don't include the given OID, even if no results are returned
c: do not check returned OIDs are increasing
t: Display wall-clock time to complete the request
Plugins
- Create Aggregate Graphs (aggregate - v0.3)
Network Tools (tools - v0.2)
PHP Network Weathermap (weathermap - v0.82)
Read-only Devices Tab (devices - v0.4)
Host Info (hostinfo - v0.1)
Thresholds (thold - v0.3.2)
Well the sure fire way to find out of thold is the culprit, is to disable/remove it and see if the problem goes away. If it does, then you need to hit up the thold author about this problem.
| Scripts: Monitor processes | RFC1213 MIB | DOCSIS Stats | Dell PowerEdge | Speedfan | APC UPS | DOCSIS CMTS | 3ware | Motorola Canopy |
| Guides: Windows Install | [HOWTO] Debug Windows NTFS permission problems |
| Tools: Windows All-in-one Installer |
Re: IIS worker thread issue
Any more on this? I am see the same thing.Skipdog77 wrote:1) No, this is the only site on the machine. It hasn't been compromised as once installed it had Symantec loaded.
2) yes installed 0.8.6j as soon as I finished your windows installer. Server is very clean, nothing else loaded on the box.
3) Windows Server 2003 SP1, fully patched. IIS6 of course that is included with server 2003. Have you seen antivirus cause problems with Cacti? Symantec Corporate 10.1 is running on the server and is running on our production cacti server. Our curent production Cacti server is running Apache, not IIS.
Brian
Brian
Cacti Version 0.8.7g
Plugin Architecture 2.8
Poller Type Cactid v
Server Info Linux 2.6.9-89.29.1.plus.c4
Web Server Apache/2.0.63 (CentOS)
PHP Version 5.1.6
MySQL Version 5.0.82sp1
RRDTool Version 1.2.23
SNMP Version 5.1.2
Plugins:
Global Plugin Settings (settings - v0.7)
Cycle Graphs (Cycle Graphs - v0.7+)
Thresholds (thold - v0.4.2)
Create Aggregate Graphs (aggregate - v0.75)
Device Monitoring (monitor - v1.2)
Network Tools (tools - v0.3)
Update Checker (update - v0.4)
Host Info (hostinfo - v0.2)
Error Images (errorimage - v0.1)
Cacti-ReportIt (reportit - v0.7.2)
WMI Query (wmi - v0.1)
Realtime Graph Viewer (realtime - v0.42)
Watermark (watermark - v0.1)
Cacti Version 0.8.7g
Plugin Architecture 2.8
Poller Type Cactid v
Server Info Linux 2.6.9-89.29.1.plus.c4
Web Server Apache/2.0.63 (CentOS)
PHP Version 5.1.6
MySQL Version 5.0.82sp1
RRDTool Version 1.2.23
SNMP Version 5.1.2
Plugins:
Global Plugin Settings (settings - v0.7)
Cycle Graphs (Cycle Graphs - v0.7+)
Thresholds (thold - v0.4.2)
Create Aggregate Graphs (aggregate - v0.75)
Device Monitoring (monitor - v1.2)
Network Tools (tools - v0.3)
Update Checker (update - v0.4)
Host Info (hostinfo - v0.2)
Error Images (errorimage - v0.1)
Cacti-ReportIt (reportit - v0.7.2)
WMI Query (wmi - v0.1)
Realtime Graph Viewer (realtime - v0.42)
Watermark (watermark - v0.1)
1) is the faulting module listed?
2) using anything else but cacti on your server?
3) browsed through your IIS logs to see if someone is trying to exploit IIS?
2) using anything else but cacti on your server?
3) browsed through your IIS logs to see if someone is trying to exploit IIS?
| Scripts: Monitor processes | RFC1213 MIB | DOCSIS Stats | Dell PowerEdge | Speedfan | APC UPS | DOCSIS CMTS | 3ware | Motorola Canopy |
| Guides: Windows Install | [HOWTO] Debug Windows NTFS permission problems |
| Tools: Windows All-in-one Installer |
- TheWitness
- Developer
- Posts: 17007
- Joined: Tue May 14, 2002 5:08 pm
- Location: MI, USA
- Contact:
Please insure all the Cacti patches are installed. There was a problem with RRDtool causing the web site to lock up that was addressed via a patch some time ago.
TheWitness
TheWitness
True understanding begins only when we realize how little we truly understand...
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Who is online
Users browsing this forum: No registered users and 5 guests