MORE INFORMATION

You may experience one of the following symptoms:

• The following events are added to the System log:

  Event ID: 1101
  Type: Error
  Source: SNMP
  Description: The SNMP service encountered a fatal error.

  Event ID: 7024
  Type: Error
  Source: Service Control Manager
  Description: The SNMP Service terminated with service specific error 3.

• The SNMP service stops responding.
• The SNMP process CPU utilization is 70 to 80 percent.
• An access violation occurs in the SNMP process, and then you receive the following error message:

  An application error has occurred and an application log is being generated. SNMP.EXE Exception: access violation (0xc0000005), Address: <address>

• The stack is overwritten in the SNMP extension agents.

To resolve these SNMP issues, use one or more of the following methods, depending on your symptoms:

• Apply the latest service pack to the operating system.
  
  Note If you removed the SNMP service after you have applied Microsoft Windows NT 4.0 Service Pack 6a, you must reinstall Windows NT 4.0 Service Pack 6a.
• Install the latest SNMP security update. To download the latest SNMP security update, MS02-006, visit the following Microsoft Web site:

  http://www.microsoft.com/technet/security/bulletin/MS02-006.mspx

• Confirm that the SNMP service uses the correct User Datagram Protocol (UDP) ports. The SNMP service uses the default UDP port 161 for general SNMP messages. The SNMP service uses the default UDP port 162 for SNMP trap messages. The SNMP service sends SNMP trap packets to the SNMP trap host or manager by using UDP port 162. If these ports are being used by another service, you can change the settings by modifying the local services file on the agent. The services file is located in the %systemroot%\System32\Drivers\Etc folder.
  
  Note To make sure that another service or program does not bind to UDP port 161, type netstat –an at a command prompt, and then press ENTER. If you find another service or program that binds to UDP port 161, stop the automatic startup of that service or program.
  
  For more information about a related topic, click the following article number to view the article in the Microsoft Knowledge Base:

  158770 SNMP service will not start with Event ID: 7024

• Use the DependOnService feature to make third-party services depend on the SNMP service. The startup of another service may succeed if the SNMP service starts before a third-party service starts. To avoid this timing issue, make the third-party service dependent on the SNMP service by using the DependOnService feature. For more information about the DependOnService feature, click the following article number to view the article in the Microsoft Knowledge Base:

  193888 How to delay loading of specific services

• Disable or remove extension agents from the Management Information Base until the issue no longer exists. Disable or remove extension agents one extension agent at a time. The registry entries in the following registry subkey define the list of extension agents that are configured:

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ExtensionAgents

  Note The values of the registry entries in the previous registry subkey contain pointers to the HKEY_LOCAL_MACHINE\SOFTWARE registry subkey. Find the location in the HKEY_LOCAL_MACHINE\SOFTWARE subkey to which these pointers point. Then, obtain the path and the name of the dynamic link library (DLL) files that are listed in the HKEY_LOCAL_MACHINE\SOFTWARE subkey.
  
  Contact the vendor of the extension agent for the latest version of the DLL files. You must temporarily rename the suspected third-party DLL files that are listed in the HKEY_LOCAL_MACHINE\SOFTWARE subkey, and then restart the computer.
  
  Note This method changes the settings in the value data of the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters registry subkey. The following examples show the changed value data in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters registry subkey.

  Name: 1
  Value data: SOFTWARE\\Microsoft\\LANManagerMIB2Agent\\CurrentVersion
  
  Name: 2
  Value data: SOFTWARE\\Microsoft\\RFC1156Agent\\CurrentVersion
  
  Name: 3
  Value data: SOFTWARE\\Microsoft\\DhcpMibAgent\\CurrentVersion
  
  Name: 4
  Value data: SOFTWARE\\Microsoft\\WinsMibAgent\\CurrentVersion
  
  Name: 0
  Value data: Software\\Microsoft\\W3SVC\\CurrentVersion
  
  Name: 5
  Value data: Software\\Microsoft\\MSFTPSVC\\CurrentVersion
  
  Name: 6
  Value data: SOFTWARE\\Empire Technologies\\Empire SystemEDGE\\CurrentVersion
  
  Name: 7
  Value data: SOFTWARE\\ComputerAssociates\\ARCserveIT\\Base\\SNMP
  
  Name: dptscsi
  Value data: SOFTWARE\\DPT\\SNMP\\SCSI_SYSTEM_AGENT\\CurrentVersion
  
  Name: ASMAgent
  Value data: SOFTWARE\\AsmAgent\\CurrentVersion

  The SNMP service loads the extension agents in the same order in which the extension agents are listed in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters registry subkey. In this example, the DLL files in the corresponding HKEY_LOCAL_MACHINE\SOFTWARE registry subkey of the agent number 7 have the following path and name:

  HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\ARCserveIT\Base\SNMP
  
  Name: path
  Value data: C:\\Programme\\ComputerAssociates\\ARCserve\\tasnmp
  
  Name: TrapEnable
  Value data: 1

  Note DLL files might not be referenced with a .dll file name extension in the registry entry. Sometimes the error messages that are described earlier in the "More Information" section are related to competing SNMP monitors.
  
  

  Compaq Insight Manager versions 4.22 and 4.21 are also known to cause this kind of issue. Compaq Insight Manager version 3.6 does not cause this issue.

The SNMP agent service is a master agent that runs in the Snmp.exe process. The SNMP agent service accepts the requests of the manager program. Then, the SNMP agent service forwards the requests to the appropriate DLL file for processing.

To restart the SNMP service, follow these steps:

1. Click Start, click Run, type cmd in the Open box, and then click OK.
2. At the command prompt, type net stop snmp, and then press ENTER to stop the SNMP service.
3. To see how to configure SNMP agent error logging, type net help start snmp at the command prompt, and then press ENTER.
4. Use the checked build of the Snmp.exe program with the following command syntax:

   net start snmp [/logtype:type] [/loglevel:level]

   Note The /LOGTYPE:type parameter determines where the log is created. The possible type values include the following:

   2 - Write logs into a file. This option creates a file under the %SYSTEMROOT%\System32 folder that is named Snmpdbg.log.
   4 - Write logs into the System log.
   6 - Write logs into both a file and the System log
   8 - Show the output in a DebugView window.

   The default value is 4.
   
   The /LOGLEVEL:level parameter determines the debug level. More events are logged if you use a higher number for the debug level. The default debug level is 1, and 1 is also the minimum debug level. The range of the debug level is from 1 to 20.
   
   

   If you using a Microsoft Windows XP-based or a Windows Server 2003-based computer, type snmp.exe /debug /loglevel:5 /logtype:2 at a command prompt, and then press ENTER.

How to find the process or the service that loads a particular DLL file

To find the process or the service that loads a particular DLL file, follow these steps:

1. At a command prompt, type tlist -m <module name>, and then press ENTER. For example, type tlist -m tasnmp.dll at a command prompt, and then press ENTER.
2. In the output of this command, note the process that is associated with the DLL file.
3. Disable the service that is related to the DLL file.

Use SNMP resource kit utilities

You can use the Snmputil.exe command-line tool from the Microsoft Windows NT4.0 Resource Kit to run SNMP functions. You can also use the Snmputilg.exe utility to run SNMP functions. The Snmputilg.exe utility has a graphical user interface and is similar to the Snmputil.exe command-line tool.

SnmpExtensionQuery

The extension agent calls the SnmpExtensionQuery function when it determines whether the object identifier (also known as the OID) of an SNMP request matches the supportedView object identifier. The supportedView object identifier is returned by the DLL file of the extension agent from the SnmpExtensionInit function. The RequestType argument indicates the type of SNMP request that is being processed. The following list describes the possible RequestType arguments:

• ASN_RFC1157_GETREQUEST indicates that the SNMP service gets the request.
• ASN_RFC1157_GETNEXTREQUEST indicates that the SNMP service gets the next request.

For more information about related topics, click the following article numbers to view the articles in the Microsoft Knowledge Base:

For more information about SNMP, visit the following Microsoft Web site:

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.