Article ID: 888798
Article Last Modified on 1/4/2008
APPLIES TO
- Microsoft Windows XP Professional
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Server
- Microsoft Windows NT Server 4.0, Terminal Server Edition
- Microsoft Windows NT Server 4.0 Enterprise Edition
- Microsoft Windows NT Advanced Server 3.1
- Microsoft Windows NT Server 4.0 Standard Edition
- Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
- Microsoft Windows Server 2003, Datacenter x64 Edition
- Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise x64 Edition
- Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
- Microsoft Windows Server 2003, Standard x64 Edition
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
INTRODUCTION
This article describes some Simple Network Management Protocol (SNMP) service startup issues. This article also describes how to troubleshoot these SNMP service startup issues.
MORE INFORMATION
You may experience one of the following symptoms:
The following events are added to the System log:
Event ID: 1101
Type: Error
Source: SNMP
Description: The SNMP service encountered a fatal error.Event ID: 7024
Type: Error
Source: Service Control Manager
Description: The SNMP Service terminated with service specific error 3.- The SNMP service stops responding.
- The SNMP process CPU utilization is 70 to 80 percent.
- An access violation occurs in the SNMP process, and then you receive the following error message:
- The stack is overwritten in the SNMP extension agents.
To resolve these SNMP issues, use one or more of the following methods, depending on your symptoms:
- Apply the latest service pack to the operating system.
Note If you removed the SNMP service after you have applied Microsoft Windows NT 4.0 Service Pack 6a, you must reinstall Windows NT 4.0 Service Pack 6a. - Install the latest SNMP security update. To download the latest SNMP security update, MS02-006, visit the following Microsoft Web site:
- Confirm that the SNMP service uses the correct User Datagram Protocol (UDP) ports. The SNMP service uses the default UDP port 161 for general SNMP messages. The SNMP service uses the default UDP port 162 for SNMP trap messages. The SNMP service sends SNMP trap packets to the SNMP trap host or manager by using UDP port 162. If these ports are being used by another service, you can change the settings by modifying the local services file on the agent. The services file is located in the %systemroot%\System32\Drivers\Etc folder.
Note To make sure that another service or program does not bind to UDP port 161, type netstat –an at a command prompt, and then press ENTER. If you find another service or program that binds to UDP port 161, stop the automatic startup of that service or program.
For more information about a related topic, click the following article number to view the article in the Microsoft Knowledge Base:158770 SNMP service will not start with Event ID: 7024
- Use the DependOnService feature to make third-party services depend on the SNMP service. The startup of another service may succeed if the SNMP service starts before a third-party service starts. To avoid this timing issue, make the third-party service dependent on the SNMP service by using the DependOnService feature. For more information about the DependOnService feature, click the following article number to view the article in the Microsoft Knowledge Base:
193888 How to delay loading of specific services
- Disable or remove extension agents from the Management Information Base until the issue no longer exists. Disable or remove extension agents one extension agent at a time. The registry entries in the following registry subkey define the list of extension agents that are configured:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ExtensionAgents
Note The values of the registry entries in the previous registry subkey contain pointers to the
HKEY_LOCAL_MACHINE\SOFTWARE
registry subkey. Find the location in theHKEY_LOCAL_MACHINE\SOFTWARE
subkey to which these pointers point. Then, obtain the path and the name of the dynamic link library (DLL) files that are listed in theHKEY_LOCAL_MACHINE\SOFTWARE
subkey.
Contact the vendor of the extension agent for the latest version of the DLL files. You must temporarily rename the suspected third-party DLL files that are listed in theHKEY_LOCAL_MACHINE\SOFTWARE
subkey, and then restart the computer.
Note This method changes the settings in the value data of theHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters
registry subkey. The following examples show the changed value data in theHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters
registry subkey.Name: 1
Value data: SOFTWARE\\Microsoft\\LANManagerMIB2Agent\\CurrentVersion
Name: 2
Value data: SOFTWARE\\Microsoft\\RFC1156Agent\\CurrentVersion
Name: 3
Value data: SOFTWARE\\Microsoft\\DhcpMibAgent\\CurrentVersion
Name: 4
Value data: SOFTWARE\\Microsoft\\WinsMibAgent\\CurrentVersion
Name: 0
Value data: Software\\Microsoft\\W3SVC\\CurrentVersion
Name: 5
Value data: Software\\Microsoft\\MSFTPSVC\\CurrentVersion
Name: 6
Value data: SOFTWARE\\Empire Technologies\\Empire SystemEDGE\\CurrentVersion
Name: 7
Value data: SOFTWARE\\ComputerAssociates\\ARCserveIT\\Base\\SNMP
Name: dptscsi
Value data: SOFTWARE\\DPT\\SNMP\\SCSI_SYSTEM_AGENT\\CurrentVersion
Name: ASMAgent
Value data: SOFTWARE\\AsmAgent\\CurrentVersionThe SNMP service loads the extension agents in the same order in which the extension agents are listed in the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters
registry subkey. In this example, the DLL files in the correspondingHKEY_LOCAL_MACHINE\SOFTWARE
registry subkey of the agent number 7 have the following path and name:HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\ARCserveIT\Base\SNMP
Name:path
Value data: C:\\Programme\\ComputerAssociates\\ARCserve\\tasnmp
Name: TrapEnable
Value data: 1Note DLL files might not be referenced with a .dll file name extension in the registry entry. Sometimes the error messages that are described earlier in the "More Information" section are related to competing SNMP monitors.
Compaq Insight Manager versions 4.22 and 4.21 are also known to cause this kind of issue. Compaq Insight Manager version 3.6 does not cause this issue.
The SNMP agent service is a master agent that runs in the Snmp.exe process. The SNMP agent service accepts the requests of the manager program. Then, the SNMP agent service forwards the requests to the appropriate DLL file for processing.
To restart the SNMP service, follow these steps:
- Click Start, click Run, type cmd in the Open box, and then click OK.
- At the command prompt, type net stop snmp, and then press ENTER to stop the SNMP service.
- To see how to configure SNMP agent error logging, type net help start snmp at the command prompt, and then press ENTER.
- Use the checked build of the Snmp.exe program with the following command syntax:
net start snmp [/logtype:
type
] [/loglevel:level
]Note The /LOGTYPE:
type
parameter determines where the log is created. The possibletype
values include the following:2 - Write logs into a file. This option creates a file under the %SYSTEMROOT%\System32 folder that is named Snmpdbg.log.
4 - Write logs into the System log.
6 - Write logs into both a file and the System log
8 - Show the output in a DebugView window.The default value is 4.
If you using a Microsoft Windows XP-based or a Windows Server 2003-based computer, type snmp.exe /debug /loglevel:5 /logtype:2 at a command prompt, and then press ENTER.
The /LOGLEVEL:level parameter determines the debug level. More events are logged if you use a higher number for the debug level. The default debug level is 1, and 1 is also the minimum debug level. The range of the debug level is from 1 to 20.
How to find the process or the service that loads a particular DLL file
To find the process or the service that loads a particular DLL file, follow these steps:
- At a command prompt, type tlist -m <
module name
>, and then press ENTER. For example, type tlist -m tasnmp.dll at a command prompt, and then press ENTER. - In the output of this command, note the process that is associated with the DLL file.
- Disable the service that is related to the DLL file.
Use SNMP resource kit utilities
You can use the Snmputil.exe command-line tool from the Microsoft Windows NT4.0 Resource Kit to run SNMP functions. You can also use the Snmputilg.exe utility to run SNMP functions. The Snmputilg.exe utility has a graphical user interface and is similar to the Snmputil.exe command-line tool.
SnmpExtensionQuery
The extension agent calls the SnmpExtensionQuery function when it determines whether the object identifier (also known as the OID) of an SNMP request matches the supportedView object identifier. The supportedView object identifier is returned by the DLL file of the extension agent from the SnmpExtensionInit function. The RequestType argument indicates the type of SNMP request that is being processed. The following list describes the possible RequestType arguments:
- ASN_RFC1157_GETREQUEST indicates that the SNMP service gets the request.
- ASN_RFC1157_GETNEXTREQUEST indicates that the SNMP service gets the next request.
For more information about related topics, click the following article numbers to view the articles in the Microsoft Knowledge Base:
149421 Using detailed logging to debug SNMP issues
158770 SNMP service will not start with event ID: 7024
232663 How to use the Snmputil.exe tool to verify the Microsoft SNMP agent configuration
314147 MS02-006: An unchecked buffer in the SNMP service may allow code to run
136403 Description of UDP ports
233395 SNMP access violation after installing Windows NT 4.0 Service Pack 4
272680 SNMP service does not start or hangs on shutdown
314731 An access violation occurs in SNMP if you run a GETNEXT query against RIP
317960 SNMP management programs may stop responding if invalid trap frames are received
For more information about SNMP, visit the following Microsoft Web site:
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.
Additional query words: ArcserveIT Arcserv 2000 Adv.Edition, Dell Open Manage OpenManager Netserver Agents traps Stop 21a DrWtsn DrWatson DRWTSN32 0xC0000005 80% 100% CPU stack corruption SMNP failure SNMP consuming CPU timeSNMP spiking snmputil.exe MIB snmp-trap SNMPAPI.DLL tasnmp.dll agntsvc.exe Oracle SNMP Peer Master Agent OracleSNMPPeerMasterAgent OracleAgent DBSNMP.EXE Tivoli SMS Site Net Multi Link UPS Compaq Insight Agent MIB
Keywords: kbhowto kbinfo kbtshoot KB888798