How to troubleshoot Simple Network Management Protocol service startup issues

This article applies to Windows 2000. Support for Windows 2000 ends on July 13, 2010. The Windows 2000 End-of-Support Solution Center is a starting point for planning your migration strategy from Windows 2000. For more information see the Microsoft Support Lifecycle Policy.


This article describes some Simple Network Management Protocol (SNMP) service startup issues. This article also describes how to troubleshoot these SNMP service startup issues.

More Information

You may experience one of the following symptoms:
  • The following events are added to the System log:
  • The SNMP service stops responding.
  • The SNMP process CPU utilization is 70 to 80 percent.
  • An access violation occurs in the SNMP process, and then you receive the following error message:
    An application error has occurred and an application log is being generated. SNMP.EXE Exception: access violation (0xc0000005), Address: <address>
  • The stack is overwritten in the SNMP extension agents.
To resolve these SNMP issues, use one or more of the following methods, depending on your symptoms:
  • Apply the latest service pack to the operating system.

    Note If you removed the SNMP service after you have applied Microsoft Windows NT 4.0 Service Pack 6a, you must reinstall Windows NT 4.0 Service Pack 6a.
  • Install the latest SNMP security update. To download the latest SNMP security update, MS02-006, visit the following Microsoft Web site:
  • Confirm that the SNMP service uses the correct User Datagram Protocol (UDP) ports. The SNMP service uses the default UDP port 161 for general SNMP messages. The SNMP service uses the default UDP port 162 for SNMP trap messages. The SNMP service sends SNMP trap packets to the SNMP trap host or manager by using UDP port 162. If these ports are being used by another service, you can change the settings by modifying the local services file on the agent. The services file is located in the %systemroot%\System32\Drivers\Etc folder.

    Note To make sure that another service or program does not bind to UDP port 161, type netstat –an at a command prompt, and then press ENTER. If you find another service or program that binds to UDP port 161, stop the automatic startup of that service or program.

    For more information about a related topic, click the following article number to view the article in the Microsoft Knowledge Base:
    158770 SNMP service will not start with Event ID: 7024

  • Use the DependOnService feature to make third-party services depend on the SNMP service. The startup of another service may succeed if the SNMP service starts before a third-party service starts. To avoid this timing issue, make the third-party service dependent on the SNMP service by using the DependOnService feature. For more information about the DependOnService feature, click the following article number to view the article in the Microsoft Knowledge Base:
    193888 How to delay loading of specific services

  • Disable or remove extension agents from the Management Information Base until the issue no longer exists. Disable or remove extension agents one extension agent at a time. The registry entries in the following registry subkey define the list of extension agents that are configured:
    Note The values of the registry entries in the previous registry subkey contain pointers to the HKEY_LOCAL_MACHINE\SOFTWARE registry subkey. Find the location in the HKEY_LOCAL_MACHINE\SOFTWARE subkey to which these pointers point. Then, obtain the path and the name of the dynamic link library (DLL) files that are listed in the

    Contact the vendor of the extension agent for the latest version of the DLL files. You must temporarily rename the suspected third-party DLL files that are listed in the HKEY_LOCAL_MACHINE\SOFTWARE subkey, and then restart the computer.

    Note This method changes the settings in the value data of the
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parametersregistry subkey. The following examples show the changed value data in the
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parametersregistry subkey.
    Name: 1
    Value data: SOFTWARE\\Microsoft\\LANManagerMIB2Agent\\CurrentVersion

    Name: 2
    Value data: SOFTWARE\\Microsoft\\RFC1156Agent\\CurrentVersion

    Name: 3
    Value data: SOFTWARE\\Microsoft\\DhcpMibAgent\\CurrentVersion

    Name: 4
    Value data: SOFTWARE\\Microsoft\\WinsMibAgent\\CurrentVersion

    Name: 0
    Value data: Software\\Microsoft\\W3SVC\\CurrentVersion

    Name: 5
    Value data: Software\\Microsoft\\MSFTPSVC\\CurrentVersion

    Name: 6
    Value data: SOFTWARE\\Empire Technologies\\Empire SystemEDGE\\CurrentVersion

    Name: 7
    Value data: SOFTWARE\\ComputerAssociates\\ARCserveIT\\Base\\SNMP

    Name: dptscsi
    Value data: SOFTWARE\\DPT\\SNMP\\SCSI_SYSTEM_AGENT\\CurrentVersion

    Name: ASMAgent
    Value data: SOFTWARE\\AsmAgent\\CurrentVersion
    The SNMP service loads the extension agents in the same order in which the extension agents are listed in the
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parametersregistry subkey. In this example, the DLL files in the corresponding
    HKEY_LOCAL_MACHINE\SOFTWARE registry subkey of the agent number 7 have the following path and name:

    Name: path
    Value data: C:\\Programme\\ComputerAssociates\\ARCserve\\tasnmp

    Name: TrapEnable
    Value data: 1
    Note DLL files might not be referenced with a .dll file name extension in the registry entry. Sometimes the error messages that are described earlier in the "More Information" section are related to competing SNMP monitors.

    Compaq Insight Manager versions 4.22 and 4.21 are also known to cause this kind of issue. Compaq Insight Manager version 3.6 does not cause this issue.
The SNMP agent service is a master agent that runs in the Snmp.exe process. The SNMP agent service accepts the requests of the manager program. Then, the SNMP agent service forwards the requests to the appropriate DLL file for processing.

To restart the SNMP service, follow these steps:
  1. Click Start, click Run, type cmd in the Open box, and then click OK.
  2. At the command prompt, type net stop snmp, and then press ENTER to stop the SNMP service.
  3. To see how to configure SNMP agent error logging, type
    net help start snmp at the command prompt, and then press ENTER.
  4. Use the checked build of the Snmp.exe program with the following command syntax:
    net start snmp [/logtype:type] [/loglevel:level]
    Note The /LOGTYPE:type parameter determines where the log is created. The possible
    type values include the following:
    2 - Write logs into a file. This option creates a file under the %SYSTEMROOT%\System32 folder that is named Snmpdbg.log.
    4 - Write logs into the System log.
    6 - Write logs into both a file and the System log
    8 - Show the output in a DebugView window.
    The default value is 4.

    The /LOGLEVEL:level parameter determines the debug level. More events are logged if you use a higher number for the debug level. The default debug level is 1, and 1 is also the minimum debug level. The range of the debug level is from 1 to 20.

    If you are using a Microsoft Windows XP-based or a Windows Server 2003-based computer, type
    snmp.exe /debug /loglevel:5 /logtype:2 at a command prompt, and then press ENTER. In this case, the Snmpdbg.log file is written to the directory from which you ran the Snmp.exe command.

How to find the process or the service that loads a particular DLL file

To find the process or the service that loads a particular DLL file, follow these steps:
  1. At a command prompt, type tlist -m <module name>, and then press ENTER. For example, type tlist -m tasnmp.dll at a command prompt, and then press ENTER.
  2. In the output of this command, note the process that is associated with the DLL file.
  3. Disable the service that is related to the DLL file.

Use SNMP resource kit utilities

You can use the Snmputil.exe command-line tool from the Microsoft Windows NT4.0 Resource Kit to run SNMP functions. You can also use the Snmputilg.exe utility to run SNMP functions. The Snmputilg.exe utility has a graphical user interface and is similar to the Snmputil.exe command-line tool.


The extension agent calls the SnmpExtensionQuery function when it determines whether the object identifier (also known as the OID) of an SNMP request matches the supportedView object identifier. The supportedView object identifier is returned by the DLL file of the extension agent from the SnmpExtensionInit function. The RequestType argument indicates the type of SNMP request that is being processed. The following list describes the possible RequestType arguments:
  • ASN_RFC1157_GETREQUEST indicates that the SNMP service gets the request.
  • ASN_RFC1157_GETNEXTREQUEST indicates that the SNMP service gets the next request.
For more information about related topics, click the following article numbers to view the articles in the Microsoft Knowledge Base:
149421 Using detailed logging to debug SNMP issues

158770 SNMP service will not start with event ID: 7024

232663 How to use the Snmputil.exe tool to verify the Microsoft SNMP agent configuration

314147 MS02-006: An unchecked buffer in the SNMP service may allow code to run

136403 Description of UDP ports

233395 SNMP access violation after installing Windows NT 4.0 Service Pack 4

272680 SNMP service does not start or hangs on shutdown

314731 An access violation occurs in SNMP if you run a GETNEXT query against RIP

317960 SNMP management programs may stop responding if invalid trap frames are received

For more information about SNMP, visit the following Microsoft Web site: The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.