[itdiscuss] Vista Problem
Michael Sainz
michaelsainz at sunsetpres.org
Fri Jul 10 12:02:29 EDT 2009
Bill,
The SVCHost is a host process, it hosts threads of services for execution. This process can have MANY services associated to itself and a lot of them are not Microsoft generated. Think of it as a container for other stuff to run.
What you need to do is to download Process Explorer and identify the PID (Process ID) for that SVCHost. Go to the properties of that PID and then select the tab Services. It's one of those services that is making the call. I would then proceed to do normal trial/error troubleshooting. Shut one down and then check the IIS logs to see if it stopped.
With a call to /ENTuse on the server Bill, I'm pretty sure this is not a Microsoft service.
michael|sainz
information technology coordinator | sunset presbyterian church<http://www.sunsetpres.org/>
michaelsainz at sunsetpres.org<mailto:michaelsainz at sunsetpres.org> | twitter.com/michaelsainz<http://twitter.com/michaelsainz> | My Blog<http://www.iamdigerati.com/>
"We listen to worship music, while the rest of the world listens to hip hop and pop. We talk about history, while the rest of the world talks about reality. We use bulletins, while the rest of the world is on Facebook." -Tony Morgan
From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org] On Behalf Of Phillips, Paul
Sent: Friday, July 10, 2009 7:13 AM
To: IT Discussion Forum
Subject: Re: [itdiscuss] Vista Problem
That's just the friendly name of the executable "SVCHost". Go to the "Services" tab for that process and you can see what DLL's are being loaded as applications within the process.
[cid:image001.jpg at 01CA013C.FCFE24E0]
Paul Phillips
IT Manager
[cid:image002.jpg at 01CA013C.FCFE24E0]
(770) 458-9300 x305
pphillips at walkthru.org<mailto:pphillips at walkthru.org>
From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org] On Behalf Of blloyd at buskercom.com
Sent: Friday, July 10, 2009 9:44 AM
To: discuss at itdiscuss.org
Subject: Re: [itdiscuss] Vista Problem
I did, based on Jason's suggestion, and found that it is "Host process for Windows Services".
What do I do with that? Too generic....
Bill Lloyd
IT Manager
[cid:image003.jpg at 01CA013C.FCFE24E0]
2567 Athens Hwy.
Gainesville, GA 30507
Phone: 770-417-1604 Ext.: 250
Fax: 770-417-1747
Cell: 404-379-6963
blloyd at buskercom.com
This email and any accompanying attachments may contain confidential and proprietary information. If you are not the intended recipient, you are requested to delete this entire communication immediately. Emails cannot be guaranteed to be secure or free of errors or viruses. The sender does not accept any liability or responsibility for any problems that may result from emails you receive.
From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org] On Behalf Of Phillips, Paul
Sent: Friday, July 10, 2009 9:40 AM
To: IT Discussion Forum
Subject: Re: [itdiscuss] Vista Problem
Download Process Explorer from Sysinternals
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
You can look at the individual svchost processes and see what each process is running internally.
[cid:image001.jpg at 01CA013C.FCFE24E0]
Paul Phillips
IT Manager
[cid:image002.jpg at 01CA013C.FCFE24E0]
(770) 458-9300 x305
pphillips at walkthru.org<mailto:pphillips at walkthru.org>
From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org] On Behalf Of blloyd at buskercom.com
Sent: Friday, July 10, 2009 8:59 AM
To: discuss at itdiscuss.org
Subject: Re: [itdiscuss] Vista Problem
You are going to love this...
The process that is causing this problem is "svchost.exe".
Just love when Microsoft upgrades OSs...
Any thoughts on how to proceed?
Bill Lloyd
IT Manager
[cid:image003.jpg at 01CA013C.FCFE24E0]
2567 Athens Hwy.
Gainesville, GA 30507
Phone: 770-417-1604 Ext.: 250
Fax: 770-417-1747
Cell: 404-379-6963
blloyd at buskercom.com
This email and any accompanying attachments may contain confidential and proprietary information. If you are not the intended recipient, you are requested to delete this entire communication immediately. Emails cannot be guaranteed to be secure or free of errors or viruses. The sender does not accept any liability or responsibility for any problems that may result from emails you receive.
From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org] On Behalf Of Michael Sainz
Sent: Thursday, July 09, 2009 2:31 PM
To: IT Discussion Forum
Subject: Re: [itdiscuss] Vista Problem
What is ENTuse? Something on that computer is making a web call to that subsite. What you can do is look at the connections on that PC, and find the process that is making a connection to that server via port 80. Think its netstat -o. After you have the PID, cross reference it with taskman or process explorer and you'll have the process that is making the call.
michael|sainz
information technology coordinator | sunset presbyterian church<http://www.sunsetpres.org/>
michaelsainz at sunsetpres.org<mailto:michaelsainz at sunsetpres.org> | twitter.com/michaelsainz<http://twitter.com/michaelsainz> | My Blog<http://www.iamdigerati.com/>
"We listen to worship music, while the rest of the world listens to hip hop and pop. We talk about history, while the rest of the world talks about reality. We use bulletins, while the rest of the world is on Facebook." -Tony Morgan
From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org] On Behalf Of blloyd at buskercom.com
Sent: Thursday, July 09, 2009 11:23 AM
To: discuss at itdiscuss.org
Subject: Re: [itdiscuss] Vista Problem
I know what machine it is coming from and the user isn't doing anything specific that should cause this. I think it is happening because Vista is automatically making the calls. But what on that machine is making the calls I can't quite figure out.
Bill Lloyd
IT Manager
[cid:image003.jpg at 01CA013C.FCFE24E0]
2567 Athens Hwy.
Gainesville, GA 30507
Phone: 770-417-1604 Ext.: 250
Fax: 770-417-1747
Cell: 404-379-6963
blloyd at buskercom.com
This email and any accompanying attachments may contain confidential and proprietary information. If you are not the intended recipient, you are requested to delete this entire communication immediately. Emails cannot be guaranteed to be secure or free of errors or viruses. The sender does not accept any liability or responsibility for any problems that may result from emails you receive.
From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org] On Behalf Of Michael Sainz
Sent: Thursday, July 09, 2009 1:47 PM
To: IT Discussion Forum
Subject: Re: [itdiscuss] Vista Problem
Sorry, didn't see the updated thread here.
So this basically is telling us that a process/thread on the Vista machine is making a call to <server>/ENTuse. Find out who is making that call and you'll find the culprit.
michael|sainz
information technology coordinator | sunset presbyterian church<http://www.sunsetpres.org/>
michaelsainz at sunsetpres.org<mailto:michaelsainz at sunsetpres.org> | twitter.com/michaelsainz<http://twitter.com/michaelsainz> | My Blog<http://www.iamdigerati.com/>
"We listen to worship music, while the rest of the world listens to hip hop and pop. We talk about history, while the rest of the world talks about reality. We use bulletins, while the rest of the world is on Facebook." -Tony Morgan
From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org] On Behalf Of blloyd at buskercom.com
Sent: Thursday, July 09, 2009 10:09 AM
To: discuss at itdiscuss.org
Subject: Re: [itdiscuss] Vista Problem
I tried disabling the logging but to no avail. Further research revealed a problem with WebDAV and Vista that produces this kind of result. Here is an interesting link:
http://www.mediasmartserver.net/forums/viewtopic.php?f=5&t=3900&start=0
As for adding it as a safe site, the log doesn't appear to be logging this access as an error, just logging the access. Here is a line or two from the file:
2009-07-09 16:09:47 W3SVC1 10.0.3.27 PROPFIND /ENTuse - 80 - 10.0.2.52 Microsoft-WebDAV-MiniRedir/6.0.6001 501 0 0
2009-07-09 16:09:47 W3SVC1 10.0.3.27 PROPFIND /ENTuse - 80 - 10.0.2.52 Microsoft-WebDAV-MiniRedir/6.0.6001 501 0 0
2009-07-09 16:09:47 W3SVC1 10.0.3.27 PROPFIND /ENTuse - 80 - 10.0.2.52 Microsoft-WebDAV-MiniRedir/6.0.6001 501 0 0
Do you know anyone who develops applications with WebDAV?
Thanks,
Bill Lloyd
IT Manager
[cid:image003.jpg at 01CA013C.FCFE24E0]
2567 Athens Hwy.
Gainesville, GA 30507
Phone: 770-417-1604 Ext.: 250
Fax: 770-417-1747
Cell: 404-379-6963
blloyd at buskercom.com
This email and any accompanying attachments may contain confidential and proprietary information. If you are not the intended recipient, you are requested to delete this entire communication immediately. Emails cannot be guaranteed to be secure or free of errors or viruses. The sender does not accept any liability or responsibility for any problems that may result from emails you receive.
From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org] On Behalf Of Jason Hand
Sent: Thursday, July 09, 2009 12:57 PM
To: IT Discussion Forum
Subject: Re: [itdiscuss] Vista Problem
It sounds like the DocuTeam app is using port 80 to the IIS backend. Can you not disable the logging on the IIS side?
You could try making sure to add the share location as safe site, ie..."\\server\share" in the security zone area and since this is also represented in the intranet zone you could turn off "Protected Mode" on the Intranet Zone and see if that changes the behavior.
Your brother in Christ,
Jason
On Jul 9, 2009, at 12:45 PM, <blloyd at buskercom.com<mailto:blloyd at buskercom.com>> wrote:
For all you Vista buffs out there, I have a problem that defies being solved. We recently installed an application on our file/print server that interacts with our new Sharp MX-3110n copier/printer. (It is custom developed by DocuTeam.) The application uses IIS to provide for special file sharing and advanced scanning capabilities.
This morning I discovered that our file server's system drive was filling up and almost completely out of space. It turns out that IIS has been creating log files each day that are 500 to 700 mb in size. When you look at the files you see that IIS is logging the connection from the Vista machine. It is logging a record at least every minute or more.
Now my theory is that the Vista machine is taking advantage of a new service on the network. When I look at the network traffic the Vista machine is accessing file shares the normal way but it is also establishing a port 80 connection, thereby causing IIS to create the log files. Since this is only happening with the Vista machine I would like to find a way to keep Vista from "taking advantage" of this new network service. Anyone run into this kind of problem before?
Thanks,
Bill Lloyd
IT Manager
<bcilogo25.jpg>
2567 Athens Hwy.
Gainesville, GA 30507
Phone: 770-417-1604 Ext.: 250
Fax: 770-417-1747
Cell: 404-379-6963
blloyd at buskercom.com<mailto:blloyd at buskercom.com>
This email and any accompanying attachments may contain confidential and proprietary information. If you are not the intended recipient, you are requested to delete this entire communication immediately. Emails cannot be guaranteed to be secure or free of errors or viruses. The sender does not accept any liability or responsibility for any problems that may result from emails you receive.
_______________________________________________
it discuss mailing list: discuss at itdiscuss.org<mailto:discuss at itdiscuss.org>
Mailing List: http://itdiscuss.org/discuss
Web Discussion Board: http://itdiscuss.org/discuss-forum
Wiki: http://itdiscuss.org/wiki
Internet Relay Chat: irc://irc.freenode.net/citrt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://optimus.thompsonic.com/pipermail/discuss/attachments/20090710/1eafcd8e/attachment-0001.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 1664 bytes
Desc: image001.jpg
Url : http://optimus.thompsonic.com/pipermail/discuss/attachments/20090710/1eafcd8e/attachment-0003.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 2713 bytes
Desc: image002.jpg
Url : http://optimus.thompsonic.com/pipermail/discuss/attachments/20090710/1eafcd8e/attachment-0004.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 14873 bytes
Desc: image003.jpg
Url : http://optimus.thompsonic.com/pipermail/discuss/attachments/20090710/1eafcd8e/attachment-0005.jpg
More information about the discuss
mailing list