On Tuesday (03-04-08), the system went down again ... it fixed itself the next day.
This was a major disaster, on Tuesday
Eventually, the system started working again and no specific cause was found.
On both days, the first symptom was observed while using Internet Explorer (IE) - when I tried to right click and open a link in another page ... the right click menu would not display.
On Friday, about 6:00 pm
On that machine, I normally keep the System Internals program Process Explorer running ... but I could not find it. So I started it again.
Right click worked ok ... but
Based on this information, I assumed that the IT department was simply making
some kind of security update.
The fact that the machine had been identified as critical (because it collects
experimental data 24/7) is a major issue.
If changing a
critical machine at 6:00 pm on a Friday night
broke something, then all the data for Saturday and Sunday would be lost.
(Actually, on another machine related to the same experiment, the program crashed at
After about half an hour, the system started working again. At that point, I noticed that someone had changed the computer's security settings. Specifically, ports 137, 138, & 139 were disabled and then about 2 minutes later, they were re-enabled. (These are the ports Windows uses to share files between machines.) There were numerous other security and policy changes ... but details were lacking.
Based on the data collected, whatever happened to the machine crashed Process Explorer - that is why I could not find a running copy.
On Tuesday, about 7:00 pm
This time, Process Explorer continued to work ... showing data on the properties pages. And there were no crashes. However, the menu options (at the top of the application) quit working.
I tried to start notepad so I could make notes ... but there was no way to start it. I have shortcuts in the Start menu, but could not navigate to them. I was able to get to the Accessories menu and click on notepad ... but it would not start.
I normally use Alt-Tab to switch applications, but this key combination was working like Alt-Esc - directly switching applications instead of showing application icons and letting me step through those before changing the applications.
In several open applications,
Note: The IE Favorites menu still worked ... but none of the other IE menus.
I still had an open System Event Viewer (left open since Friday) and, sure enough, there were new security changes at the same time as the failures. (F5 - refresh - was still working.)
Also, browsing the internet still worked as long as I did not try to right click a link ... regular left clicks still worked fine. (Though the menus did not work, I did not think to try and open a new window with Ctrl-N.)
After an hour and a half (about 8:45 pm) I left for the day - the system was still broken.
Perhaps this was really a keyboard failure ... that would explain why it would come and go. The fact that Alt-Tab performed the same function as Alt-Esc implied a keyboard failure. However, testing on another system did not support this position - I could not find a key that, if stuck, would cause these symptoms.
On Wednesday (the next day) I unplugged the keyboard - the mouse still failed. I plugged it back in (it is USB) ... no difference.
About 5:oo pm, the system magically fixed itself ... again.
The best I've come up with is that too many windows were open. At any rate, after closing about 3 IE windows (using the mouse), the system started working normally again. I tried to recreate the problem by opening more windows and returning to the same sites. It had no effect.
During the attack, I check the System Events on several other systems and they did not show similar entries ... to me, this implied that my machine was specifically targeted and NOT a part of a general security update. This suggests some kind of virus. Further analysis suggests that the questionable entries may have actually been caused by how I investigated the problem and therefore are not related to the cause of the problem.
I was still bothered by the continuous security policy changes, but these were explained as normal for our installation.
The Event logs apparently showed nothing of interest, I was able to use them to simply mislead myself.
A virus scan did find some bad files, but none were running.
A check of available memory, resources, handles, and the like did not reveal a problem.
It was determined that the Symantec software had a problem - so it was uninstalled and then reinstalled. (Attempts to repair and update it actually failed.)
I must admit they I am uncomfortable with security changes being made every 90 minutes. I understand the need for security, but I was taught that changes should always be fully tested (usually for several weeks) before being made to a live production system. Continuous, untested, updates is a disaster waiting to happen.
Context Menu Handlers
Note: I do not suggest deleting anything from the registry (especially while debugging a problem). Instead, you should comment out the entries.
Disable Context menu
KEY: HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions DWORD: NoBrowserContextMenu = 1
Remove Windows Explorer default context menu
KEY: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer DWORD: NoViewContextMenu = 1
I was told that the security policies had not changed and, therefore, even though they were continuously "updated", these actions should not have caused the problems.
So ... I have to assume that Windows XP simply lost its mind and that there is a rather small limit on the number of windows that can be open. However, most XP crashes require rebooting the machine or killing an application, not just closing a few windows.