Hmmm.
Well, this is a crash caused by:
C:\Program Files\ISS\issSensors\slcowa1_ss_1\ISAPI\rsiisfilter.dll
I think that I have seen that before and there is a fix from the vendor. It
wasn't causing 100% CPU though.
In fact, none of the threads appear to have used very much of the processor.
To capture the 100% CPU, you need to run IISState against the DLLHost while
it is having the problem:
iisstate -p <pid for dllhost> <enter>
So, the short answer is that you have at least 2 problems. This one
(rsiisfilter.dll) and another that causes 100% CPU.
Pat
"Aaron" <anonymous.TakeThisOut@discussions.microsoft.com> wrote in message
news:189db01c4231d$a8cc6dd0$a001280a@phx.gbl...
> I am running OWA 5.5 on win2k SP4 (IIS 5). The server hits
> 100% utilization once or twice a day with the DLLHOST.EXE
> process. Either killing the process or restarting the box
> fixes the problem temporarily. The event log has asp
> errors (events 5 and 9), which led me to run iisstate.
> Here is the log file. If you can point me in the right
> direction as to what is happening, I'd greatly appreciate
> it.
>
> ~~~~~~~~~~~~~~~~~~~~~~~
> Opened log file 'D:\iisState\output\IISState-1232.log'
>
> ***********************
> Starting new log output
> IISState version 3.3.1
>
> Thu Apr 15 12:41:31 2004
>
> OS = Windows 2000
> Executable: inetinfo.exe
> PID = 1232
>
> Note: Thread times are formatted as HH:MM:SS.ms
>
> ***********************
>
>
> IIS has crashed...
> Beginning Analysis
> *** WARNING: Unable to verify checksum for C:\Program
> Files\ISS\issSensors\slcowa1_ss_1\BlackICE\iss-pam1.dll
> *** ERROR: Symbol file could not be found. Defaulted to
> export symbols for C:\Program
> Files\ISS\issSensors\slcowa1_ss_1\BlackICE\iss-pam1.dll -
> DLL (!FunctionName) that failed: iss_pam1!
> psomReadSignatures
>
>
>
>
> Thread ID: 4
> System Thread ID: 558
> Kernel Time: 0:0:0.375
> User Time: 0:0:0.718
> *** WARNING: Unable to verify checksum for C:\Program
> Files\ISS\issSensors\slcowa1_ss_1\ISAPI\rsiisfilter.dll
> *** ERROR: Symbol file could not be found. Defaulted to
> export symbols for C:\Program
> Files\ISS\issSensors\slcowa1_ss_1\ISAPI\rsiisfilter.dll -
> Thread Type: Other
> # ChildEBP RetAddr
> WARNING: Stack unwind information not available. Following
> frames may be wrong.
> 00 00b7eb20 5e097ea0 iss_pam1!psomReadSignatures+0x7c16
> 01 00b7f47c 5e09d4c9 iss_pam1!psomDisplayMem+0x6b380
> 02 00b7f4d4 1000658b iss_pam1!pamEventInterpret+0x2d9
> 03 00b7f4f4 10001e47 rsiisfilter!HttpFilterProc+0x20db
> 04 00b7f534 1000471b rsiisfilter+0x1e47
> 05 000006cc 00000000 rsiisfilter!HttpFilterProc+0x26b
> Closing open log file D:\iisState\output\IISState-1232.log
> Opened log file 'D:\iisState\output\IISState-1232.log'
>
> ***********************
> Starting new log output
> IISState version 3.3.1
>
> Thu Apr 15 12:43:53 2004
>
> OS = Windows 2000
> Executable: inetinfo.exe
> PID = 1232
>
> Note: Thread times are formatted as HH:MM:SS.ms
>
> ***********************
>
>
>
>
> Thread ID: 0
> System Thread ID: 4cc
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Other
> # ChildEBP RetAddr
> 00 0006f89c 7c5785d1 ntdll!ZwReadFile+0xb
> 01 0006f910 7c2e4cd9 KERNEL32!ReadFile+0x181
> 02 0006f93c 7c2e4b5f ADVAPI32!ScGetPipeInput+0x28
> 03 0006f9b8 7c2e6632 ADVAPI32!ScDispatcherLoop+0x4a
> 04 0006fbf4 01002884 ADVAPI32!
> StartServiceCtrlDispatcherA+0x7d
> 05 0006fd30 01001e94 inetinfo!StartDispatchTable+0x2f1
> 06 0006ff70 01002fbf inetinfo!main+0x654
> 07 0006ffc0 7c581af6 inetinfo!mainCRTStartup+0xff
> 08 0006fff0 00000000 KERNEL32!BaseProcessStart+0x3d
>
>
>
>
> Thread ID: 1
> System Thread ID: 52c
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.31
> Thread Type: Other
> # ChildEBP RetAddr
> 00 0059fd1c 7c573b28 ntdll!ZwWaitForSingleObject+0xb
> 01 0059fd44 7c573b50 KERNEL32!WaitForSingleObjectEx+0x71
> 02 0059fd54 6e6f1685 KERNEL32!WaitForSingleObject+0xf
> 03 0059fd70 01002440 iisadmin!ServiceEntry+0x156
> 04 0059ffa4 7c2e4e9b inetinfo!InetinfoStartService+0x2bd
> 05 0059ffb4 7c57438b ADVAPI32!ScSvcctrlThreadW+0xe
> 06 0059ffec 00000000 KERNEL32!BaseThreadStart+0x52
>
>
>
>
> Thread ID: 2
> System Thread ID: 550
> Kernel Time: 0:0:2.234
> User Time: 0:0:1.203
> Thread Type: Other
> # ChildEBP RetAddr
> 00 006dfe5c 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
> 01 006dfeac 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
> 02 006dff08 77e11ace USER32!
> MsgWaitForMultipleObjectsEx+0x153
> 03 006dff24 6e5a5a7c USER32!MsgWaitForMultipleObjects+0x1d
> 04 006dff7c 780085bc IisRTL!SchedulerWorkerThread+0xa7
> 05 006dffb4 7c57438b MSVCRT!_endthreadex+0xc1
> 06 006dffec 00000000 KERNEL32!BaseThreadStart+0x52
>
>
>
>
> Thread ID: 3
> System Thread ID: 554
> Kernel Time: 0:0:1.796
> User Time: 0:0:1.187
> Thread Type: Other
> # ChildEBP RetAddr
> 00 0071fe5c 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
> 01 0071feac 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
> 02 0071ff08 77e11ace USER32!
> MsgWaitForMultipleObjectsEx+0x153
> 03 0071ff24 6e5a5a7c USER32!MsgWaitForMultipleObjects+0x1d
> 04 0071ff7c 780085bc IisRTL!SchedulerWorkerThread+0xa7
> 05 0071ffb4 7c57438b MSVCRT!_endthreadex+0xc1
> 06 0071ffec 00000000 KERNEL32!BaseThreadStart+0x52
>
>
>
>
> Thread ID: 4
> System Thread ID: 558
> Kernel Time: 0:0:0.375
> User Time: 0:0:0.718
> Thread Type: Other
> # ChildEBP RetAddr
> WARNING: Stack unwind information not available. Following
> frames may be wrong.
> 00 00b7eb20 5e097ea0 iss_pam1!psomReadSignatures+0x7c16
> 01 00b7f47c 5e09d4c9 iss_pam1!psomDisplayMem+0x6b380
> 02 00b7f4d4 1000658b iss_pam1!pamEventInterpret+0x2d9
> 03 00b7f4f4 10001e47 rsiisfilter!HttpFilterProc+0x20db
> 04 00b7f534 1000471b rsiisfilter+0x1e47
> 05 000006cc 00000000 rsiisfilter!HttpFilterProc+0x26b
>
>
>
>
> Thread ID: 5
> System Thread ID: 5d8
> Kernel Time: 0:0:0.62
> User Time: 0:0:0.0
> Thread Type: Other
> # ChildEBP RetAddr
> 00 00e0fc1c 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
> 01 00e0fc6c 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
> 02 00e0fcc8 77e11ace USER32!
> MsgWaitForMultipleObjectsEx+0x153
> 03 00e0fce4 769c71e0 USER32!MsgWaitForMultipleObjects+0x1d
> 04 00e0fd30 65f0cfd8 INFOCOMM!
> IIS_SERVICE::StartServiceOperation+0x209
> 05 00e0fd70 01002440 w3svc!ServiceEntry+0x1b5
> 06 00e0ffa4 7c2e4e9b inetinfo!InetinfoStartService+0x2bd
> 07 00e0ffb4 7c57438b ADVAPI32!ScSvcctrlThreadW+0xe
> 08 00e0ffec 00000000 KERNEL32!BaseThreadStart+0x52
>
>
>
>
> Thread ID: 6
> System Thread ID: 5dc
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: HTTP Listener
> # ChildEBP RetAddr
> 00 00ecff5c 7c573c73 ntdll!ZwRemoveIoCompletion+0xb
> 01 00ecff88 6d7029ef KERNEL32!
> GetQueuedCompletionStatus+0x27
> 02 00ecffb4 7c57438b ISATQ!I_AtqOplockThreadFunc+0x32
> 03 00ecffec 00000000 KERNEL32!BaseThreadStart+0x52
>
>
>
>
> Thread ID: 7
> System Thread ID: 5e0
> Kernel Time: 0:0:0.515
> User Time: 0:0:1.609
> Thread Type: HTTP Listener
> # ChildEBP RetAddr
> 00 00f0ff50 7c573c73 ntdll!ZwRemoveIoCompletion+0xb
> 01 00f0ff7c 6d702957 KERNEL32!
> GetQueuedCompletionStatus+0x27
> 02 00f0ffb4 7c57438b ISATQ!AtqPoolThread+0x40
> 03 00f0ffec 00000000 KERNEL32!BaseThreadStart+0x52
>
>
>
>
> Thread ID: 8
> System Thread ID: 5e4
> Kernel Time: 0:0:0.531
> User Time: 0:0:2.593
> Thread Type: HTTP Listener
> # ChildEBP RetAddr
> 00 00f4ff50 7c573c73 ntdll!ZwRemoveIoCompletion+0xb
> 01 00f4ff7c 6d702957 KERNEL32!
> GetQueuedCompletionStatus+0x27
> 02 00f4ffb4 7c57438b ISATQ!AtqPoolThread+0x40
> 03 00f4ffec 00000000 KERNEL32!BaseThreadStart+0x52
>
>
>
>
> Thread ID: 9
> System Thread ID: 5f0
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Other
> # ChildEBP RetAddr
> 00 0134fd20 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
> 01 0134fd70 7c578f0d KERNEL32!WaitForMultipleObjectsEx+0xea
> 02 0134fd88 778322b2 KERNEL32!WaitForMultipleObjects+0x17
> 03 0134ffb4 7c57438b RTUTILS!TraceServerThread+0xde
> 04 0134ffec 00000000 KERNEL32!BaseThreadStart+0x52
>
>
>
>
> Thread ID: 10
> System Thread ID: 5f4
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> *** ERROR: Symbol file could not be found. Defaulted to
> export symbols for C:\WINNT\system32\RPCRT4.DLL -
> Thread Type: Possible ASP page. Possible DCOM activity
> Executing Page: ASP.dll symbols not found. Unable to
> locate ASP page.
> Continuing with other analysis.
>
> *** ERROR: Symbol file could not be found. Defaulted to
> export symbols for C:\WINNT\system32\ole32.dll -
> OLE32.dll Symbols not found. Unable to proceed with DCOM
> check.
> Continuing other analysis.
>
> # ChildEBP RetAddr
> 00 0139feb8 7c573c73 ntdll!ZwRemoveIoCompletion+0xb
> 01 0139fee4 77d31394 KERNEL32!
> GetQueuedCompletionStatus+0x27
> WARNING: Stack unwind information not available. Following
> frames may be wrong.
> 02 0139ff20 77d3e93f RPCRT4+0x1394
> 03 0139ff74 77d3e8c2 RPCRT4!RpcRevertToSelf+0x1fc6
> 04 0139ffa8 77d358d6 RPCRT4!RpcRevertToSelf+0x1f49
> 05 0139ffb4 7c57438b RPCRT4!RpcBindingFree+0x492
> 06 0139ffec 00000000 KERNEL32!BaseThreadStart+0x52
>
>
>
>
> Thread ID: 11
> System Thread ID: 5f8
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: HTTP Compression Thread
> # ChildEBP RetAddr
> 00 013dff5c 7c573b28 ntdll!ZwWaitForSingleObject+0xb
> 01 013dff84 7c573b50 KERNEL32!WaitForSingleObjectEx+0x71
> 02 013dff94 732c3366 KERNEL32!WaitForSingleObject+0xf
> 03 013dffb4 7c57438b compfilt!CompressionThread+0x29
> 04 013dffc0 00000000 KERNEL32!BaseThreadStart+0x52
>
>
>
>
> Thread ID: 12
> System Thread ID: 600
> Kernel Time: 0:0:0.15
> User Time: 0:0:0.78
> Thread Type: Other
> # ChildEBP RetAddr
> 00 0146ff78 7c573a4e ntdll!NtDelayExecution+0xb
> 01 0146ff98 7c573a22 KERNEL32!SleepEx+0x32
> 02 0146ffa4 1000c610 KERNEL32!Sleep+0xb
> WARNING: Stack unwind information not available. Following
> frames may be wrong.
> 03 0146ffec 00000000 rsiisfilter!HttpFilterProc+0x8160
>
>
>
>
> Thread ID: 13
> System Thread ID: 698
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Possible ASP page. Possible DCOM activity
> Executing Page: ASP.dll symbols not found. Unable to
> locate ASP page.
> Continuing with other analysis.
>
> OLE32.dll Symbols not found. Unable to proceed with DCOM
> check.
> Continuing other analysis.
>
> # ChildEBP RetAddr
> 00 0178fe24 77d37ba7 ntdll!ZwReplyWaitReceivePortEx+0xb
> WARNING: Stack unwind information not available. Following
> frames may be wrong.
> 01 0178ff74 77d37b4c RPCRT4!NdrCorrelationInitialize+0xd1
> 02 0178ffa8 77d358d6 RPCRT4!NdrCorrelationInitialize+0x76
> 03 0178ffb4 7c57438b RPCRT4!RpcBindingFree+0x492
> 04 0178ffec 00000000 KERNEL32!BaseThreadStart+0x52
>
>
>
>
> Thread ID: 14
> System Thread ID: 66c
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Other
> # ChildEBP RetAddr
> 00 017cfe70 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
> 01 017cfec0 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
> 02 017cff1c 77e11ace USER32!
> MsgWaitForMultipleObjectsEx+0x153
> 03 017cff38 65f09ccb USER32!MsgWaitForMultipleObjects+0x1d
> 04 017cff7c 78008454 w3svc!CMTACallbackThread::Thread+0x42
> 05 017cffb4 7c57438b MSVCRT!_endthread+0xc6
> 06 017cffec 00000000 KERNEL32!BaseThreadStart+0x52
>
>
>
>
> Thread ID: 15
> System Thread ID: 674
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Other
> # ChildEBP RetAddr
> 00 0180fea8 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
> 01 0180fef8 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
> 02 0180ff54 77e11ace USER32!
> MsgWaitForMultipleObjectsEx+0x153
> 03 0180ff70 65f09d47 USER32!MsgWaitForMultipleObjects+0x1d
> 04 0180ffb4 7c57438b w3svc!OleHackThread+0x88
> 05 0180ffec 00000000 KERNEL32!BaseThreadStart+0x52
>
>
>
>
> Thread ID: 16
> System Thread ID: 670
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Other
> # ChildEBP RetAddr
> 00 0188fce0 74fd1394 ntdll!ZwWaitForSingleObject+0xb
> 01 0188fd1c 74fd3c59 msafd!SockWaitForSingleObject+0x1a8
> 02 0188fe08 750312f5 msafd!WSPSelect+0x24e
> 03 0188fe6c 6e2b3b6e WS2_32!select+0xe7
> 04 0188ffb4 7c57438b inetsloc!SocketListenThread+0x51
> 05 0188ffec 00000000 KERNEL32!BaseThreadStart+0x52
>
>
>
>
> Thread ID: 17
> System Thread ID: 668
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: HTTP Listener
> # ChildEBP RetAddr
> 00 018cfdfc 74fd1394 ntdll!ZwWaitForSingleObject+0xb
> 01 018cfe38 74fd3c59 msafd!SockWaitForSingleObject+0x1a8
> 02 018cff24 750312f5 msafd!WSPSelect+0x24e
> 03 018cff88 6d7075bd WS2_32!select+0xe7
> 04 018cffb0 6d70791b ISATQ!
> ATQ_BMON_SET::BmonThreadFunc+0x22
> 05 018cffb4 7c57438b ISATQ!BmonThreadFunc+0x9
> 06 018cffec 00000000 KERNEL32!BaseThreadStart+0x52
>
>
>
>
> Thread ID: 18
> System Thread ID: 754
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Other
> # ChildEBP RetAddr
> 00 01a3ebe0 77f89ebd ntdll!ZwWaitForMultipleObjects+0xb
> 01 01a3ffb4 7c57438b ntdll!RtlpWaitThread+0x1b9
> 02 01a3ffec 00000000 KERNEL32!BaseThreadStart+0x52
>
>
>
>
> Thread ID: 19
> System Thread ID: 8a0
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Other
> # ChildEBP RetAddr
> 00 01a7ff1c 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
> 01 01a7ff6c 7c578f0d KERNEL32!WaitForMultipleObjectsEx+0xea
> 02 01a7ff84 7c121fef KERNEL32!WaitForMultipleObjects+0x17
> 03 01a7ffb4 7c57438b USERENV!NotificationThread+0x5f
> 04 01a7ffec 00000000 KERNEL32!BaseThreadStart+0x52
>
>
>
>
> Thread ID: 20
> System Thread ID: 258
> Kernel Time: 0:0:0.234
> User Time: 0:0:0.562
> Thread Type: Possible ASP page. Possible DCOM activity
> Executing Page: ASP.dll symbols not found. Unable to
> locate ASP page.
> Continuing with other analysis.
>
> OLE32.dll Symbols not found. Unable to proceed with DCOM
> check.
> Continuing other analysis.
>
> # ChildEBP RetAddr
> 00 023efe24 77d37ba7 ntdll!ZwReplyWaitReceivePortEx+0xb
> WARNING: Stack unwind information not available. Following
> frames may be wrong.
> 01 023eff74 77d37b4c RPCRT4!NdrCorrelationInitialize+0xd1
> 02 023effa8 77d358d6 RPCRT4!NdrCorrelationInitialize+0x76
> 03 023effb4 7c57438b RPCRT4!RpcBindingFree+0x492
> 04 023effec 00000000 KERNEL32!BaseThreadStart+0x52
>
>
>
>
> Thread ID: 21
> System Thread ID: 6ac
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Other
> # ChildEBP RetAddr
> 00 024aff9c 77f842c4 ntdll!NtDelayExecution+0xb
> 01 024affb4 7c57438b ntdll!RtlpTimerThread+0x42
> 02 024affec 00000000 KERNEL32!BaseThreadStart+0x52
>
>
>
>
> Thread ID: 22
> System Thread ID: 7b0
> Kernel Time: 0:0:0.203
> User Time: 0:0:1.312
> Thread Type: HTTP Listener
> # ChildEBP RetAddr
> 00 02d4ff50 7c573c73 ntdll!ZwRemoveIoCompletion+0xb
> 01 02d4ff7c 6d702957 KERNEL32!
> GetQueuedCompletionStatus+0x27
> 02 02d4ffb4 7c57438b ISATQ!AtqPoolThread+0x40
> 03 02d4ffec 00000000 KERNEL32!BaseThreadStart+0x52
>
>
>
>
> Thread ID: 23
> System Thread ID: 5fc
> Kernel Time: 0:0:0.234
> User Time: 0:0:1.156
> Thread Type: HTTP Listener
> # ChildEBP RetAddr
> 00 02dbff50 7c573c73 ntdll!ZwRemoveIoCompletion+0xb
> 01 02dbff7c 6d702957 KERNEL32!
> GetQueuedCompletionStatus+0x27
> 02 02dbffb4 7c57438b ISATQ!AtqPoolThread+0x40
> 03 02dbffec 00000000 KERNEL32!BaseThreadStart+0x52
>
> *****
>
> Dump name is formatted as: PID-Timestamp.dmp
>
> Creating D:\iisState\output\1232-1082054715.dmp - mini
> user dump
>
> *****
>
> Closing open log file D:\iisState\output\IISState-1232.log
><!-- ~MESSAGE_AFTER~ -->
FAQ
Profile
Private Messages
Log in
