A Group Policy problem on XenApp servers is a high visibility issue so I was not happy to see this error in the system log:
The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
And this error in the application log:
Faulting application name: svchost.exe_gpsvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp: 0x4cc7b325
Exception code: 0xc0000374
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
That is what a crash of the Group Policy service looks like, followed by page after page of GroupPolicy 1128 warnings in system log. I am a big fan of Windows Error Reporting (WER) as WER automatically creates a crash dump file when this type of error occurs which means rather than just googling the crash I can analysis the dump and (hopefully) see what caused the crash. In this case, the key info from the analysis is:
ERROR_CODE: (NTSTATUS) 0xc0000374 – A heap has been corrupted.
Now I know the offending module is gpprefcl.dll I hit google looking for the most recent hotfix which updates this dll and I come up with KB2514376
. I will test this over the coming weeks to see if it fixes the Group Policy service crash.
EDIT – 20 June 2011: The hotfix has not solved this issue and we have logged an incident with Microsoft
EDIT – 08 July 2011: We have installed KB982293
and not seen this issue again….. yet.