March 21st, 2005, 03:39 PM
rasctrs.dll Performance Counter Can Kill Remote Access
I ran into a very odd issue with Windows 2000 SP4. Let me throw it at you guys and see if anyone has an idea what actually causes this...
Last week, our terminal server just up and started kicking everyone off of it periodically (about once a day). When I tried to log into the local machine to investigate, the log in would take way too long and I would be left having to just manually reboot the server. All it took was a reboot for the server to behave again and allow everyone to connect...for a while anyway.
I found entries in the error log coinciding with the very moment this crash occured that revealed a problem with rasctrs.dll (which is a file required for RemoteAccess to function properly). Did some research, and I found the fix. I used exctrlst.exe from the Resource Kit, looked up RemoteAccess, and unchecked the "Performance Counters Enabled" box. That was last week, and here it is Monday and the problem still hasn't resurfaced, so that looked like the fix.
I've also read that this is a fairly common problem with the SP4 patch.
Now here's my question -- The odd thing about this situation is that SP4 has been installed on this server for quite some time now, and no changes have been made to rasctrs.dll or its performance counter. All things equal, why did it only start acting up recently? If that was the problem, shouldn't I have encountered this issue quite a while back? How could it have run fine this long?
March 21st, 2005, 04:05 PM
Probably one of the 39 hotfixes post SP4????
How people treat you is their karma- how you react is yours-Wayne Dyer
March 21st, 2005, 04:09 PM
What are the file size and date of that file?
March 21st, 2005, 04:55 PM
It's 12.2kb in size and was last modified Dec. 7th, 1999.
March 21st, 2005, 05:00 PM
the file sounds good - as in no malware attached, but it might be corrupted. I suggest replacing the file from either master disk or off the network.
Even a broken watch is correct twice a day.
Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!
March 22nd, 2005, 05:07 AM
Here's my reply,
Your Performance log(s) were full and weren't being deleted.
I've seen cases where the Performance logs were not being deleted and were at their highest quota so they caused the OS to freak out, same with Event Viewer logs. Not sure why a stupid log can cause so much problems, but it can.
And....for the next rabbit out of this hat.....
Beta tester of "0"s and "1"s"