Windows hangs

Prev: Software Restriction Policies and logging
Next: Error connecting to existing session for <username> (Id 0)

From: TP on 7 Dec 2006 18:55

---

I agree with Vera.

In this context, a 3rd-party printer driver is defined as
one that did not ship with the OS. The drivers that ship
with the OS are all WHQL-certified and thus digitally
signed.

The list of drivers that shipped with windows can be
found in the i386 directory of the installation cd, in a
file named ntprint.inf (a copy of ntprint.inf is on the
server as well, but could have been modified). Additionally,
you can find the actual driver files for comparison sake in
the driver cache, located here on your 2003 server:

C:\WINDOWS\Driver Cache\i386\driver.cab

Instead of trying to track down and eliminate all drivers
that didn't ship with the OS, it is probably easiest to
simply eliminate all drivers that are not digitally signed.

There are two approachs to this that come to mind,
I will explain the first in detail:

APPROACH 1--Manually check each installed driver
to see if it is digitally signed.

You can get a list of the drivers installed on your server
with a script. Copy the text below into notepad, and save
it to your server as printdrv.vbs (be careful of line wraps):

********** Begin script text below this line

const HKLM = &H80000002
sComp = "."
Set out = WScript.StdOut

out.WriteLine "Version 3 Drivers:"
out.WriteLine

Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" _
& sComp & "\root\default:StdRegProv")

sPath = "SYSTEM\CurrentControlSet\Control" _
& "\Print\Environments\Windows NT x86\Drivers\Version-3"

oReg.EnumKey HKLM, sPath, aKeys

For Each subkey In aKeys
out.WriteLine subkey
Next

out.WriteLine
out.WriteLine "Version 2 Drivers:"
out.WriteLine

sPath = "SYSTEM\CurrentControlSet\Control" _
& "\Print\Environments\Windows NT x86\Drivers\Version-2"

oReg.EnumKey HKLM, sPath, aKeys

For Each subkey In aKeys
out.WriteLine subkey
Next

********** End script text above this line

Open up a command prompt, change into the directory
where you saved the above file, and type this:

cscript printdrv.vbs>drivers.txt
notepad drivers.txt

At this point Notepad should be open with a list of
the printer drivers installed on your TS. You may
want to print the list to make things easier.

Still on your TS, open up the Printers folder, and then
choose File-->Server Properties. On the Drivers tab,
click Add Driver, then Next.

Find each Version 3 driver on your printed list and see if
it has a green check next to it. If it does that means it is
digitally signed and can remain. If not, make a note of that
so that you can remove the driver later.

After you have completed the above, it is time to remove
the drivers. If you have any version 2 drivers, remove
them along with the drivers that were not digitally signed.

At this point you should follow the instructions that Vera
gave you regarding mapping drivers.

APPROACH 2--Remove ALL printer drivers and allow
the digitally-signed ones to be automatically re-installed.

First thing you should do is to disable the installation of
non-signed drivers. This is done in the local security
policy of the TS at this location:

Security Settings-->Local Policies-->Security Options

Devices: Unsigned driver installation behavior

Set to "Do not allow installation"

Remove all drivers from the server. As users connect,
some printers will not auto-create because a mapping
to a built-in driver doesn't exist.

At this point you should follow the instructions that Vera
gave you regarding mapping drivers.

After reading all of the above I think you can start to
see the benefits of a universal printer driver solution,
like Vera asked you to consider.

-TP

JayKon wrote:
> We have been having a problem where our Terminal Services box hangs,
> sometimes to the point of having to press the reset button on the
> hardware.
>
> Windows 2003 5.2 (SP1)
> Terminal Services 5.2 (SP1) (always the same?)
> SQL Server 2000
> About 15-25 users logged in at a time.
>
> I've been watching the event logs carefully and have found that
> between 3-7 minutes before the system hangs, we get an Application
> error on spoolsv.exe (pasted in at the bottom). This puts a popup on
> the system console and the computer room is not easily accessible.
>
> It seems like, if we do go to the console and click OK, the problem
> clears. However, if we do a remote desktop, that session will also
> hang and the server hangs a little faster (speculation).
>
> We also have the problem of users default printer changing when they
> login to the Terminal Services server; however, we believe we know
> how to fix that
> (http://support.microsoft.com/default.aspx/kb/302361/en-us). Still, I
> believe that this is somehow related (we'll be fixing that next
> week).
>
> A tech at the vendor supplying our primary software believes someone
> installed printer drivers that are not TS compliant and feels that
> the popup on the console reinforces that line of thinking. I have no
> clue and can't tell one print driver from another.
>
> I'm the DBA, not a Windows (or TS) Admin, so I'm a bit out of my
> league and need some help.
>
> Thanks,
> Jay
>
> -----------------------------------------
> Event Type: Error
> Event Source: Application Error
> Event Category: (100)
> Event ID: 1000
> Date: 12/6/2006
> Time: 3:45:25 PM
> User: N/A
> Computer: PEIDB
> Description:
> Faulting application spoolsv.exe, version 5.2.3790.1830, faulting
> module rpcrt4.dll, version 5.2.3790.1830, fault address 0x00021861.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
> Data:
> 0000: 41 70 70 6c 69 63 61 74 Applicat
> 0008: 69 6f 6e 20 46 61 69 6c ion Fail
> 0010: 75 72 65 20 20 73 70 6f ure spo
> 0018: 6f 6c 73 76 2e 65 78 65 olsv.exe
> 0020: 20 35 2e 32 2e 33 37 39 5.2.379
> 0028: 30 2e 31 38 33 30 20 69 0.1830 i
> 0030: 6e 20 72 70 63 72 74 34 n rpcrt4
> 0038: 2e 64 6c 6c 20 35 2e 32 .dll 5.2
> 0040: 2e 33 37 39 30 2e 31 38 .3790.18
> 0048: 33 30 20 61 74 20 6f 66 30 at of
> 0050: 66 73 65 74 20 30 30 30 fset 000
> 0058: 32 31 38 36 31 21861

From: TP on 7 Dec 2006 19:03

---

It occurs to me that I could write a small program in my
free time. It would have a computed hash for each driver
file that shipped with windows, and then compare this
hash to the currently-installed printer driver files.

If there are any mismatches or unknown files, it could
retrieve the printer driver name from the registry and
display this to the user.

Not perfect, but they would have an idea which printer
drivers to take a closer look at.

-TP

Vera Noest [MVP] wrote:
> I'm afraid that you have quite some work ahead of you :-(
>
> To be absolutely clear: you should *not* re-install those 3rd party
> drivers, just uninstall them.
> And then *only* use drivers that came with the Windows OS CDrom.
>
> You can identify the vendor by searching for the .dll file for that
> printer, right-click it - Properties - Version - Company.
> Everything that does *not* say "Microsft" as the company is a 3rd
> party driver.
>
> Since you have so many different printers, you might consider a 3rd
> party "driver free" printing solution, like ThinPrint, triCerat or
> Print-IT.
> For more information and URLs check my website, under "Printing"
> _________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private email ___

From: JayKon on 11 Dec 2006 13:35

---

Thanks guys.

This is complex enough that we've decided to bring someone in to deal with
it. I'm just the DBA and the Windows guys are much more operations & network
guys.

I appreciate the help.

Thanks,
Jay

"JayKon" wrote:

> We have been having a problem where our Terminal Services box hangs,
> sometimes to the point of having to press the reset button on the hardware.
>
> Windows 2003 5.2 (SP1)
> Terminal Services 5.2 (SP1) (always the same?)
> SQL Server 2000
> About 15-25 users logged in at a time.
>
> I've been watching the event logs carefully and have found that between 3-7
> minutes before the system hangs, we get an Application error on spoolsv.exe
> (pasted in at the bottom). This puts a popup on the system console and the
> computer room is not easily accessible.
>
> It seems like, if we do go to the console and click OK, the problem clears.
> However, if we do a remote desktop, that session will also hang and the
> server hangs a little faster (speculation).
>
> We also have the problem of users default printer changing when they login
> to the Terminal Services server; however, we believe we know how to fix that
> (http://support.microsoft.com/default.aspx/kb/302361/en-us). Still, I believe
> that this is somehow related (we'll be fixing that next week).
>
> A tech at the vendor supplying our primary software believes someone
> installed printer drivers that are not TS compliant and feels that the popup
> on the console reinforces that line of thinking. I have no clue and can't
> tell one print driver from another.
>
> I'm the DBA, not a Windows (or TS) Admin, so I'm a bit out of my league and
> need some help.
>
> Thanks,
> Jay
>
> -----------------------------------------
> Event Type: Error
> Event Source: Application Error
> Event Category: (100)
> Event ID: 1000
> Date: 12/6/2006
> Time: 3:45:25 PM
> User: N/A
> Computer: PEIDB
> Description:
> Faulting application spoolsv.exe, version 5.2.3790.1830, faulting module
> rpcrt4.dll, version 5.2.3790.1830, fault address 0x00021861.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
> Data:
> 0000: 41 70 70 6c 69 63 61 74 Applicat
> 0008: 69 6f 6e 20 46 61 69 6c ion Fail
> 0010: 75 72 65 20 20 73 70 6f ure spo
> 0018: 6f 6c 73 76 2e 65 78 65 olsv.exe
> 0020: 20 35 2e 32 2e 33 37 39 5.2.379
> 0028: 30 2e 31 38 33 30 20 69 0.1830 i
> 0030: 6e 20 72 70 63 72 74 34 n rpcrt4
> 0038: 2e 64 6c 6c 20 35 2e 32 .dll 5.2
> 0040: 2e 33 37 39 30 2e 31 38 .3790.18
> 0048: 33 30 20 61 74 20 6f 66 30 at of
> 0050: 66 73 65 74 20 30 30 30 fset 000
> 0058: 32 31 38 36 31 21861
>

First  |  Prev  | 
Pages: 1 2
Prev: Software Restriction Policies and logging
Next: Error connecting to existing session for <username> (Id 0)