ekrn.exe memory issue - RPC crashes

I am having an issue with my Terminal Servers (Win 2003 R2 ENT SP2) I will get event ID 1219 for Winlogon and no one can log on to the server.. Right before that happens I will get the follow error messages

EKRN.EXE the instruction 0x77e61689 reference memory 0x003c2bb0. the memory cannot be written. I have to reboot the server to clear out everytthing but it will hang again.

Anyone else having this issue

NOD32 version 3.0.650.0
Def version 5756

 

Please generate a procdump file of the EKRN process by disabling Anti Stealth and self defense in the ESET Software. Reboot and do the following:


Creating Procdump:

1. Deactivate self-defense and anti-stealth
2. Create the dump by the Procdump utility: http://technet.microsoft.com/en-us/sysinternals/dd996900 , it the correct commad is as follows:

procdump.exe -e -ma ekrn.exe

Send this to ESET support.

 

We are seeing similar behavior on our Win2k3 terminal servers.

NOD32 v 4.2.64.12
Definitions 5756

I will create a procdump and send it to support as well.

 

I uninstalled NOD on one of the servers and disabled it on the other 2 with issues and we are "fine" so far. This needs to be fixed ASAP.

 

We have three terminal servers:
On two we have disabled the email protection (because end users complained of dificulty there first) and they seem to be running fine right now.
On the third we have followed dmaasland's suggestion and are adding users back onto it now. Unfortunately, we will have to reproduce the symptom to provide the dump.

I'll post any results.

 

Same problem here. Two terminal servers down with the same problem. This is the second time in 6 months an update has caused this, and my boss is quite ready to fire ESET altogether.

 

If it helps any, I have other servers (not terminal servers) that are stuck on update 5735 from 12/27

 

+5 downed TS2003 boxen here. 3 x 32bit, 2 x 64bit.

 

Problem persists with update 5757...I'll try and get the dump info

 

Can't get the report. It's locking up the machine similar to what was happening back in September....can't even get a command window open.

2003 r2 with all win updates.

 

Adieu ESET. I'm uninstalling and won't be re-installing or renewing. Can't let this tool kill any more productivity here.

Good luck all, and good bye.

 

I too have the same issue (or similar) on a windows server 2003 terminal server.

ESET NOD32 antivirus v. 3.0.695.0
Virus signature database: 5757 (20110103)
Update module: 1031 (20091029)
Antivirus and antispyware scanner module: 1293 (20101110)
Advanced heuristics module: 1115 (20101116)
Archive support module: 1123 (2010110
Cleaner module: 1050 (20101207)
Anti-Stealth support module: 1023 (20101125)

Repeated errors in event viewer: Faulting Application ekrn.exe version 3.0.695.0, faulting module ntdll.dll, version 5.2.3790.4455, fault address 0x0001bd02

I assume the issue is with the latest updates, similar to the thread: https://www.wilderssecurity.com/showthread.php?t=290050

As this is a terminal server I don't have the ability to restart the machine several times during the day to collect dump reports and such. I can do it over the evening once users log out.

I currently have ESET disabled in order to have a working environment for my users, which is not an ideal situation.

I look forward to hearing about possible fixes!

 

Note that we were able to function consistently after disabling email protection. We were happy not to have to disable the file and web modules.

 

To avoid confusion please continue in this thread: https://www.wilderssecurity.com/showthread.php?t=290050 .