Forum Discussion

nmorgowicz's avatar
nmorgowicz
Copper Contributor
Nov 26, 2018

Server Manager on Server 2019/1809 and Windows 10 1803/1809 not working on domain joined computers

Hello, this problem is a bit complicated to describe, but i joined in on a thread here to post my experiences: https://social.technet.microsoft.com/Forums/en-US/ca8b8e3d-b6df-426f-b58f-c9e4adbd1612/w...
management
Windows Server
nmorgowicz's avatar
nmorgowicz
Copper Contributor
Nov 27, 2018

In case anyone also wanted to see a similar procmon analysis of the ServerManager.exe process on a Server 2019 GUI (Build 17763.134) domain joined machine where the application doesn't spawn and consumes cpu.

  

On Server 2019, as can be seen in the screenshot, the ServerManager.exe process behaves exactly like the Windows 10 1809 build. 69 events and ceases doing anything, save eating cpu.

 

I'm not very experienced in digging into the underlying frameworks of processes/system calls/etc, but i looked at the threads of the ServerManager.exe process on the box as it was at high cpu, and this is what i saw:

 

What i see there looks like the thread !RtlUserThreadStart.  I pasted a stack of the thread as well, if that can be of assistance.

Bradley_Hetherington's avatar
Bradley_Hetherington
Copper Contributor
Nov 29, 2018

Hi,

I have only spent 5 minutes on this so far, but I saw the same issue with Symantec Endpoint Protection version 14.2 MP1 with patch 1031 (the latest I know of.

If I learn more, I'll post.

Cheers,

Brad

  • nmorgowicz's avatar
    nmorgowicz
    Copper Contributor
    Dec 13, 2018
    Hi Brad, But as i mentioned in my analysis, when any machine with SEP installed is not on the domain, there is no problem opening Server Manager. It is only when the machine becomes domain joined that the issue occurs. I don't believe SEP is the problem.
    • chris905's avatar
      chris905
      Copper Contributor
      Jan 24, 2019

      It is the SEPM causing the issue.  You can either remove the device and application control or can create an exception in sepm: Windows exception - File, file is servermanager.exe and select application control.

      • nmorgowicz's avatar
        nmorgowicz
        Copper Contributor
        Feb 03, 2019

        Hi chris905, I created exceptions for both security/file as well as a custom application and pointed to C:\Windows\System32\ServerManager.exe However, it's still an issue like nothing is changed. I haven't tried a case where i would remove SEP from a domain joined machine to see if it is still a problem, but as i stated a few times above, it's highly unlikely that it's SEP. 

         

        I'm just surprised not more people are affected by this.

Resources