HCHTech
Well-Known Member
- Reaction score
- 3,823
- Location
- Pittsburgh, PA - USA
Had a client who had a power outage last night in the middle of their backup routine. Single HyperV host, DC and AppServer VMs, Server 2016. Both VMs offline, Stuck checkpoints, VMs wouldn't restart, what a mess.
For The DC, I ended up deleting the stuck checkpoint, deleting the VM, recreating it and attaching the vhdx file - that worked (mostly) without a hitch.
For the AppServer, for some reason, the c: drive had mounted on the Host as the H: drive (I have never seen that happen before!), so after dismounting that, the server restarted, but it was not happy. It's up again, but none of its shared drives are available on the network. Turns out the Server service isn't started. Attempting to start that gets this message:
"Windows could not start the Server service on the local computer. Error 1075: The dependency service does not exist or has been marked for deletion."
Checking the system event log, I see a 7003 error: The Service depends on the following service: Srv. This service might not be installed.
Running "SC Query svc" in a command box produces "The Specified service does not exist as an installed service".
Running sc query lanmanserver shows it stopped, with the 1075 exit code:
Checking the dependency services (Security Accounts Manager, which depends on Remote Procedure Call(RPC), which depends on DCOM Server process Launcher and RPC Endpoint Mapper), I find that all of those services are running.
Googling around, I see some entries for this error with Windows Vista and 7, along with suggestions to remove the dependencies by editing the registry key for the service. I am hesitant to do this on a server.
The key for LanmanServer is:
and the key for "srv" is:
I've run an srfc /scannow, and got a couple of dozen files in the WinSxS with error like this:
2021-04-20 12:58:03, Info CSI 0000be3f [SR] Cannot repair member file [l:22]'MSFT_MpSignature.cdxml' of Windows-Defender-Management-Powershell, version 10.0.14393.0, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2021-04-20 12:58:03, Info CSI 0000be40 Hashes for file member \SystemRoot\WinSxS\amd64_windows-defender-management-powershell_31bf3856ad364e35_10.0.14393.0_none_1137c685b804c9a3\MSFT_MpThreat.cdxml do not match actual file [l:19]'MSFT_MpThreat.cdxml' :
Found: {l:32 3S3s28bsA1fdvZUq08KcCgX8c2i62zd2SLuPCWTu3uw=} Expected: {l:32 rllSNoMqOITSqj+RNFSsb/THNfVegZx/ORyUtlMoH5I=}
I could restore from the most recent backup that worked (last Friday), but I'd like to avoid that as work will be lost. Before I do that, any recommendations for things I could do?
Edit: I checked the srvsvc.dll file in c:\windows\system32 between my problem machine and another Server2016 client I have on the same update level, and they are exactly the same. Same size and size on disk. One day apart on creation date, but that's probably due to the update schedule.
TIA
For The DC, I ended up deleting the stuck checkpoint, deleting the VM, recreating it and attaching the vhdx file - that worked (mostly) without a hitch.
For the AppServer, for some reason, the c: drive had mounted on the Host as the H: drive (I have never seen that happen before!), so after dismounting that, the server restarted, but it was not happy. It's up again, but none of its shared drives are available on the network. Turns out the Server service isn't started. Attempting to start that gets this message:
"Windows could not start the Server service on the local computer. Error 1075: The dependency service does not exist or has been marked for deletion."
Checking the system event log, I see a 7003 error: The Service depends on the following service: Srv. This service might not be installed.
Running "SC Query svc" in a command box produces "The Specified service does not exist as an installed service".
Running sc query lanmanserver shows it stopped, with the 1075 exit code:
Checking the dependency services (Security Accounts Manager, which depends on Remote Procedure Call(RPC), which depends on DCOM Server process Launcher and RPC Endpoint Mapper), I find that all of those services are running.
Googling around, I see some entries for this error with Windows Vista and 7, along with suggestions to remove the dependencies by editing the registry key for the service. I am hesitant to do this on a server.
The key for LanmanServer is:
and the key for "srv" is:
I've run an srfc /scannow, and got a couple of dozen files in the WinSxS with error like this:
2021-04-20 12:58:03, Info CSI 0000be3f [SR] Cannot repair member file [l:22]'MSFT_MpSignature.cdxml' of Windows-Defender-Management-Powershell, version 10.0.14393.0, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2021-04-20 12:58:03, Info CSI 0000be40 Hashes for file member \SystemRoot\WinSxS\amd64_windows-defender-management-powershell_31bf3856ad364e35_10.0.14393.0_none_1137c685b804c9a3\MSFT_MpThreat.cdxml do not match actual file [l:19]'MSFT_MpThreat.cdxml' :
Found: {l:32 3S3s28bsA1fdvZUq08KcCgX8c2i62zd2SLuPCWTu3uw=} Expected: {l:32 rllSNoMqOITSqj+RNFSsb/THNfVegZx/ORyUtlMoH5I=}
I could restore from the most recent backup that worked (last Friday), but I'd like to avoid that as work will be lost. Before I do that, any recommendations for things I could do?
Edit: I checked the srvsvc.dll file in c:\windows\system32 between my problem machine and another Server2016 client I have on the same update level, and they are exactly the same. Same size and size on disk. One day apart on creation date, but that's probably due to the update schedule.
TIA
Last edited:
