Faulting module: svchost.exe_gpsvc

A Group Policy problem on XenApp servers is a high visibility issue so I was not happy to see this error in the system log:
The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

And this error in the application log:
Faulting application name: svchost.exe_gpsvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp: 0x4cc7b325
Exception code: 0xc0000374
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

That is what a crash of the Group Policy service looks like, followed by page after page of GroupPolicy 1128 warnings in system log. I am a big fan of Windows Error Reporting (WER) as WER automatically creates a crash dump file when this type of error occurs which means rather than just googling the crash I can analysis the dump and (hopefully) see what caused the crash. In this case, the key info from the analysis is:
DEFAULT_BUCKET_ID: STATUS_HEAP_CORRUPTION

PROCESS_NAME: svchost.exe

ERROR_CODE: (NTSTATUS) 0xc0000374 – A heap has been corrupted.

MODULE_NAME: gpprefcl

IMAGE_NAME: gpprefcl.dll

Now I know the offending module is gpprefcl.dll I hit google looking for the most recent hotfix which updates this dll and I come up with KB2514376. I will test this over the coming weeks to see if it fixes the Group Policy service crash.
EDIT – 20 June 2011: The hotfix has not solved this issue and we have logged an incident with Microsoft
EDIT – 08 July 2011: We have installed KB982293 and KB2526870 and not seen this issue again….. yet.

1 Comment

  1. Error ntdll.dll says:
    November 12, 2014 at 11:44 am

    by natural means much like your website and you ought to look at the punctuation with numerous of the content.. Error ntdll.dll Several of these are rife together with spelling troubles we to find this pretty problematic to see the facts on the other hand I most certainly will surely go back just as before.

Leave a Reply

Contact Deptive

Location
Level 13 (Regus)
92 Albert St
Auckland
We also have a virtual office in Wellington.

Contact Details

0800 000 141

Postal Address
PO Box 34797,
Birkenhead, Auckland 0746