BSOD:MS-9249 1U Server
I'm experiencing random BSOD with this server. I did not write down the last BSOD message, but I believe it was the IRQ_NOT_LESS_OR_EQUAL
It failed twice on me yesterday, but I couldn't get the info because when I switched the monitor over to the box through my KVM there was no video output.
When it fails it fails hard. System does not reboot even though Win2K is setup to reboot. No failed events are in the logs.
Ran memtest for 9 hours. No problems reported. Right now I'm running Prime95.
No BIOS update exists for this box according to MSI's LiveUpdate.
This is a server box so it has a minimal amount of additional software on it -- MySQL, Sygate Firewall, BlackIce Defender, IIS v5 are the major services running.
The only thing "odd" is that I share this USB mouse with another system (unplugging when needed) so I was wondering if maybe a USB driver issue.
Code: [Select]
MSI: MS-9249 1U Rackmount Server
BIOS: W9249MS V1.0 030204
OS: Windows 2000 Workstation SP4
CPU: Intel P4 2.8GHz HT enabled
RAM: 2x512 Crucial CT6472Z40B (Slots A0 & A2)
DDR PC3200 CL=3 Unbuffered ECC DDR400 2.6V 64Meg x 72
RAM BIOS Setting: 3 8 3 3
HD: Hitachi SATA
PCI: empty
VIDEO: On-board ATI Rage XL PCI
PSU: MSI OEM
DRAM Timing: By SPD
Latest LiveUpdate: 10/09/2004 (No BIOS update, updated Intel INF and LAN)
Memtest86: No errors. Standard Test. 52 Passes. 9.3 hours
No BIOS settings to change RAM voltage
Well the pig BSOD'ed on me again today.
Code: [Select]
Use !analyze -v to get detailed debugging information.
BugCheck A, {bc6558, 2, 0, 80437d8c}
Probably caused by : memory_corruption ( nt!MiRemovePteTracker+72 )
Followup: MachineOwner
1: kd> !analyze -v
* Bugcheck Analysis *
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00bc6558, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 80437d8c, address which referenced memory
Debugging Details:
READ_ADDRESS: 00bc6558 Paged pool
CURRENT_IRQL: 2
FAULTING_IP:
nt!MiRemovePteTracker+72
80437d8c 8a11 mov dl,[ecx]
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
LAST_CONTROL_TRANSFER: from 5345534a to 80469d1c
STACK_TEXT:
ec423780 5345534a 4e4f4953 373d4449 39434541 nt!KiTrap13
WARNING: Frame IP not in any known module. Following frames may be wrong.
203b4333 00000000 00000000 00000000 00000000 0x5345534a
STACK_COMMAND: .bugcheck ; kb
FOLLOWUP_IP:
nt!MiRemovePteTracker+72
80437d8c 8a11 mov dl,[ecx]
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: nt!MiRemovePteTracker+72
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 40d1d19a
IMAGE_NAME: memory_corruption
BUCKET_ID: 0xA_nt!MiRemovePteTracker+72
Followup: MachineOwner
Similar Messages
-
I have three servers in a Citrix Farm, one of the servers BSOD's once or twice a week with the error PAGE_FAULT_IN_NONPAGED_AREA (50). When I analyze the dump file it always shows the faulting drive is lcencm.sys. This is Sophos Lan Crypt, which
we have to use for encrypted images. The same version is installed on two other citrix servers with no problems, so I am unsure what is the actual cause. There is definitely a memory leak on the server, but I haven't been able to determine what
it actually is. I have tried updating Lan Crypt with the newest patch, uninstalling/reinstalling Lan Crypt, ran memtest, sfc, chkdsk, etc. and I'm about to loose my mind. Here is the dump log, I'm not sure where to upload it:
Kernel Summary Dump File: Only kernel address space is available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*c:\mss*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\mss*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (16 procs) Free x86 compatible
Product: Server, suite: TerminalServer
Built by: 3790.srv03_sp2_qfe.130703-1535
Machine Name:
Kernel base = 0x80800000 PsLoadedModuleList = 0x808a8ee8
Debug session time: Tue Jan 20 08:17:27.587 2015 (UTC - 6:00)
System Uptime: 3 days 7:13:08.713
Loading Kernel Symbols
Loading User Symbols
PEB is paged out (Peb.Ldr = 7ffd400c). Type ".hh dbgerr001" for details
Loading unloaded module list
* Bugcheck Analysis
Use !analyze -v to get detailed debugging information.
BugCheck 50, {80000155, 0, 8081c630, 0}
*** ERROR: Module load completed but symbols could not be loaded for lcencm.sys
Probably caused by : lcencm.sys ( lcencm+1b6f3 )
Followup: MachineOwner
14: kd> !analyze -v
* Bugcheck Analysis
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: 80000155, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 8081c630, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000000, (reserved)
Debugging Details:
READ_ADDRESS: 80000155
FAULTING_IP:
nt!IoGetAttachedDevice+c
8081c630 8b4810 mov ecx,dword ptr [eax+10h]
MM_INTERNAL_CODE: 0
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: lchelper.exe
CURRENT_IRQL: 1
ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) x86fre
TRAP_FRAME: a33c5a34 -- (.trap 0xffffffffa33c5a34)
ErrCode = 00000000
eax=80000145 ebx=00000000 ecx=80000145 edx=8082f3e1 esi=84a50a04 edi=00000043
eip=8081c630 esp=a33c5aa8 ebp=a33c5aa8 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282
nt!IoGetAttachedDevice+0xc:
8081c630 8b4810 mov ecx,dword ptr [eax+10h] ds:0023:80000155=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 80860295 to 80827f7d
STACK_TEXT:
a33c59a4 80860295 00000050 80000155 00000000 nt!KeBugCheckEx+0x1b
a33c5a1c 8088e680 00000000 80000155 00000000 nt!MmAccessFault+0xb25
a33c5a1c 8081c630 00000000 80000155 00000000 nt!KiTrap0E+0xdc
a33c5aa8 f7b8b6f3 85973dd0 802021a4 848398d8 nt!IoGetAttachedDevice+0xc
WARNING: Stack unwind information not available. Following frames may be wrong.
a33c5b34 8098cfb0 e1bb4ab0 00000011 85e51740 lcencm+0x1b6f3
a33c5b60 8098db9f e1bb4ab0 00000000 85e51740 nt!ExpAllocateHandleTableEntry+0xf4
a33c5b7c 809380a1 00000001 a33c5bb0 8545dc58 nt!ExCreateHandle+0x19
a33c5bc8 847bd008 847bd020 a33c5c18 a33ce180 nt!ObpCreateHandle+0x3f3
a33c5c0c f7bb1e80 00000000 85b89878 f7b850f0 0x847bd008
a33c5c18 f7b850f0 00000019 85b89878 85b898e8 lcencm+0x41e80
a33c5c3c 8081e185 8b5e8c60 00000019 8545dc70 lcencm+0x150f0
a33c5c50 808f787b 85b898e8 8545dc70 85b89878 nt!IofCallDriver+0x45
a33c5c64 808f861d 8b5e8c60 85b89878 8545dc70 nt!IopSynchronousServiceTail+0x10b
a33c5d00 808f1164 00000138 00000000 00000000 nt!IopXxxControlFile+0x5e5
a33c5d34 8088b658 00000138 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
a33c5d34 7c82845c 00000138 00000000 00000000 nt!KiSystemServicePostCall
0012faf8 00000000 00000000 00000000 00000000 0x7c82845c
STACK_COMMAND: kb
FOLLOWUP_IP:
lcencm+1b6f3
f7b8b6f3 8b0e mov ecx,dword ptr [esi]
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: lcencm+1b6f3
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: lcencm
IMAGE_NAME: lcencm.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4bbc8a56
FAILURE_BUCKET_ID: 0x50_lcencm+1b6f3
BUCKET_ID: 0x50_lcencm+1b6f3
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x50_lcencm+1b6f3
FAILURE_ID_HASH: {6b9c7ca1-20bc-f357-3296-ccf4fa7996f3}
Followup: MachineOwnerBug Check Code 0x50: http://msdn.microsoft.com/en-us/library/windows/hardware/ff559023%28v=vs.85%29.aspx
Bug check 0x50 usually occurs after the installation of faulty hardware or in the event of failure of installed hardware (usually related to defective RAM, be it main memory, L2 RAM cache, or video RAM).
Another common cause is the installation of a faulty system service.
Antivirus software can also trigger this error, as can a corrupted NTFS volume.
In the dump lcencm.sys seems to be the cause. You can simply disable it and see if the problem disappears. If this is the case then you will need to contact Sophos technical support for assistance.
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
Windows Server 2008 R2 SP1 BSOD 0x1a with CLFS.sys
Hello,
I've got a BSOD on a Windows Server 2008 R2 with SP1 installed. Analyzed the dump and could
see a Bug-check of 0x1a which means "MEMORY_MANAGEMENT".
Further analysis on this dump shows me, that this probably is caused by the CLFS.sys, which
is the Common Log File System Driver. This CLFS.sys is installed with date:
Tue Jul 14 01:19:57 2009
I have now searched trough MS Support pages and resources and also the Internet, but I found no
information about an update for this or a newer version. It's nearby impossible to find newer versions
for specific files in i.e. Hot-fixes.
Do you know this issue with the 0x1a BSOD and CLFS.sys and/or do you know a newer version ?
Any help would be very appreciated!
Thanks and regards plus have a nice day !
TinoHi Tino,
Regarding to Bug Check 0x1A, please refer to following article.
Bug Check 0x1A: MEMORY_MANAGEMENT
Did you install any third-party application in this problematic server? Would you please let me know whether
the BSOD issue occurred regularly? Or just occurred suddenly? If the BSOD issue occurred regularly, please
perform a clean boot and check if this BSOD issue still exists.
In addition, please check if necessary updates need to be installed and drivers need to be updated. Please
run sfc /scannow command to scan all protected system files and check if find errors.
As you know, troubleshoot this kind of kernel crash issue, we need to analyze the crash dump file to narrow down the root cause of the issue. Actually, it is not effective
for us to debug the crash dump file here in the forum. If this issues is a state of emergency for you. Please contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
To obtain the phone numbers for specific technology request, please refer to the web site listed below:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
àThis CLFS.sys is installed with date: Tue Jul 14 01:19:57 2009
àor do you know a newer version?
By the way, I checked the CLFS.sys in a Windows Server 2008 R2 in my Lab environment. It also created in July
2009.
Hope this helps.
Best regards,
Justin Gu -
BSOD on Server 2008 STANDARD SP2
Assistance with BSOD on Dell R710 Server running Server 2008 STANDARD SP2
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
Communication was lost to this server (Not a power outage). It was discovered with a blue screen with the above error. A memory dump was created with reference STOP 0x0000000D1. NETIO.SYS Address 8075FA37.
The machine rebooted after the dump and upon logon the following message was displayed:
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.272.7
Locale ID: 1033
Additional information about the problem:
BCCode: d1
BCP1: 000000D4
BCP2: 00000002
BCP3: 00000000
BCP4: 8075FA37
OS Version: 6_0_6002
Service Pack: 2_0
Product: 272_3
Files that help describe the problem:
C:\Windows\Minidump\Mini011315-01.dmp
Link to one drive for the dump files:
https://onedrive.live.com/?cid=D0667AD0A7D6788C&id=D0667AD0A7D6788C!180* Bugcheck Analysis *
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 000000d4, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 8075fa37, address which referenced memory
Debugging Details:
Unable to load image \SystemRoot\system32\DRIVERS\Teefer.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Teefer.sys
*** ERROR: Module load completed but symbols could not be loaded for Teefer.sys
READ_ADDRESS: GetPointerFromAddress: unable to read from 81d6d874
Unable to read MiSystemVaType memory at 81d4d420
000000d4
CURRENT_IRQL: 2
FAULTING_IP:
NETIO!StreamGetCalloutContext+d4
8075fa37 833800 cmp dword ptr [eax],0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: 9bd152f4 -- (.trap 0xffffffff9bd152f4)
ErrCode = 00000000
eax=000000d4 ebx=000000d0 ecx=9bd15374 edx=00046e28 esi=000001a0 edi=c0000017
eip=8075fa37 esp=9bd15368 ebp=9bd15378 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
NETIO!StreamGetCalloutContext+0xd4:
8075fa37 833800 cmp dword ptr [eax],0 ds:0023:000000d4=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 8075fa37 to 81c83ecd
STACK_TEXT:
9bd152f4 8075fa37 badb0d00 00046e28 00000000 nt!KiTrap0E+0x1c5
9bd15378 8075fac6 001f3516 00000000 00000107 NETIO!StreamGetCalloutContext+0xd4
9bd153ac 80761508 001f3516 00000000 00000107 NETIO!StreamGetCalloutAndDataContexts+0x33
9bd15428 80750580 00000014 a1756830 9bd15734 NETIO!StreamProcessCallout+0x63
9bd15480 8073c44b 00000014 9bd15734 9bd1563c NETIO!ProcessCallout+0xee
9bd154b0 8073c4ab 00000014 d6b06208 9bd15734 NETIO!ProcessFastCalloutClassify+0x2c
9bd15590 8075ed12 00000014 9bd15734 9bd1563c NETIO!KfdClassify+0xd8
9bd15618 8075effb 00000014 9bd15734 9bd1563c NETIO!StreamClassify+0x94
9bd15744 8075f436 fe1fd800 00000014 9bd1576c NETIO!StreamCommonInspect+0x19b
9bd15770 8ccf74c7 fe1fd818 fe160b00 a264ed98 NETIO!WfpStreamInspectReceive+0xab
9bd15798 8ccce96f fe160b08 fe160bf4 a264ed98 tcpip!TcpInspectReceive+0x52
9bd157d8 8cccf24d fe160b08 9bd157f8 9bd1582c tcpip!TcpTcbFastDatagram+0x2ca
9bd15838 8cccd686 8572df40 00160b08 9bd1589c tcpip!TcpTcbReceive+0xf8
9bd15890 8cccf099 8572df40 85720000 00000000 tcpip!TcpMatchReceive+0x1ec
9bd158d8 8cccf0ff 8572df40 85720000 85720018 tcpip!TcpPreValidatedReceive+0x22d
9bd158f4 8cccdaa0 8572df40 85720000 9bd15930 tcpip!TcpReceive+0x2d
9bd15904 8cce5bfb 9bd15918 c000023e 00000000 tcpip!TcpNlClientReceiveDatagrams+0x12
9bd15930 8cce5628 8cd3cebc 9bd15984 c000023e tcpip!IppDeliverListToProtocol+0x49
9bd15950 8cce5a78 8cd3ccd0 00000006 9bd15984 tcpip!IppProcessDeliverList+0x2a
9bd159a8 8cce7290 8cd3ccd0 00000006 00000000 tcpip!IppReceiveHeaderBatch+0x1eb
9bd15a38 8cce3798 86573400 00000000 9bd15a00 tcpip!IpFlcReceivePackets+0xbe1
9bd15ab4 8cce30a9 86572420 85a88978 00000000 tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x6e3
9bd15adc 806d10b0 86572420 85a88978 00000000 tcpip!FlReceiveNetBufferListChain+0x104
9bd15b10 806c3d25 00573af8 85a88978 00000000 NDIS!ndisMIndicateNetBufferListsToOpen+0xab
9bd15b38 806c3c9c 00000000 86573008 86177388 NDIS!ndisIndicateSortedNetBufferLists+0x4a
9bd15cb4 8060457f 85814368 00000000 00000000 NDIS!ndisMDispatchReceiveNetBufferLists+0x129
9bd15cd0 8062fccd 85814368 85a88978 00000000 NDIS!ndisMTopReceiveNetBufferLists+0x2c
9bd15cec 8062fca4 86572c10 85a88978 00000000 NDIS!ndisFilterIndicateReceiveNetBufferLists+0x20
9bd15d08 9465cc13 86572c10 85a88978 00000000 NDIS!NdisFIndicateReceiveNetBufferLists+0x1b
WARNING: Stack unwind information not available. Following frames may be wrong.
9bd15d30 9465d22f 86177388 86188700 94661108 Teefer+0xac13
9bd15d60 9465d494 8618b7c0 87792358 00000000 Teefer+0xb22f
9bd15d7c 81e0c01c 94661108 97fe8bf9 00000000 Teefer+0xb494
9bd15dc0 81c74eee 9465d420 94661108 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
NETIO!StreamGetCalloutContext+d4
8075fa37 833800 cmp dword ptr [eax],0
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: NETIO!StreamGetCalloutContext+d4
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NETIO
IMAGE_NAME: NETIO.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 49e0209d
FAILURE_BUCKET_ID: 0xD1_NETIO!StreamGetCalloutContext+d4
BUCKET_ID: 0xD1_NETIO!StreamGetCalloutContext+d4
Followup: MachineOwner
Bug Check Code 0xD1: https://msdn.microsoft.com/en-us/library/windows/hardware/ff560244(v=vs.85).aspx
The BSOD is probably caused by teefer.sys driver. Based on searches, I found that it belongs to Sygate firewall driver system driver. So, either you update it or you remove this software. You can also contact its vendor/developer for assistance.
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
Getting a BSOD on a Windows Server 2008 Standard x86 server that has been working fine for a few years. Running it as a VM on vSphere 5.1 and when rebooted I now receive this gem.
I have tried booting from Install CD and running chkdsk /f /r, bootrec variations, deleting pending.xml, booting to Safe Mode (won't work), etc. In Safe Mode, it gets to crcdisk.sys which may be a symptom not the problem. sfc /scannow
won't work as the Window Resource Protection states that it won't run.
I also run an Dell/Equallogic SAN where two partitions are on the same virtual volume.
Need some help here. Any further suggestions?Hi dkenn256,
The Bug Check code for the BSOD errors you are experiencing is 0xF4, this may be caused by your storage, if you can’t boot your system now please first check your storage,
such upgrade the storage firmware check the storage cable or replace a new array adapter.
This issue also may caused by the know issue descripted in kb 2675806, please try to install this KB then monitor this issue again.
The KB 2675806 download:
http://support.microsoft.com/kb/2675806/en-us
The similar thread:
How to troubleshoot and solve blue screen (S"line-height:107%;font-family:'Verdana','sans-serif';font-size:10pt;">http://answers.microsoft.com/en-us/windows/forum/windows_7-performance/how-to-troubleshoot-and-solve-blue-screen-stop/dc00a824-74d7-43b3-9330-f2c6ba054731
I’m glad to be of help to you!
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Fresh install of Server 2012 R2 causes inaccessible boot device on first Reboot
Hello Everyone,
Doing a fresh install of Windows Server 2012 R2 on a SuperMicro X9DRT-HF+ motherboard based server. The server is using iSCSI boot, setup detects the iSCSI disk and copies its files, finishes the "Getting files ready for installation" "Installing
Updates" phase, reboots, takes a while and eventually gives a Blue screen with Inaccessible Boot Device error. I have tried some changing options in the BIOS, I've had Nimble (storage array) support on the phone and they confirmed the setup is correct
but for some reason after the first reboot Windows can no longer find its install files and gives a BSOD.
Additional Information:
Server: SuperMicro X9DRT-HF+ (no internal disk)
Storage: iSCSI disk provided from Nimble CS220 Array
Windows 2008 R2 Server installation will proceed without any problems.
I checked the \Windows\Panther\Setupact.log / CBS.log file and there doesn't seem to be anything indicating a problem.
I have googled a number of times to find solutions but most articles reference a similar problem after installing a particular KB (which shouldn't be the case here). Need some help :)Hey Tim,
Thanks for your reply, since the start of this post I have also installed MDT to try a different approach to installing the OS. Using MDT I have injected the Intel I350 driver into the installation so it should be restarting with the driver loaded.
The odd thing is that when the server reboots the Windows startup screen loads for about 4 minutes before it gives the INACCESSIBLE_BOOT_DEVICE error. This would indicate to me that it sees the disk and tries to boot from it but then something goes wrong.
Other than the \Windows\Panther location is there another place I should be looking for log files during this part of the Windows install? I have reviewed all the locations listed under the TechNet library article "hh824819" (I can't post
a link to the article but a google search brings it up) but I can't seem to find a log of when the server crashes what it is doing at that point. -
T-500 and Windows Server 2008 R2 RTM
My setup:
T-500 dual booting via VHD - Windows 7 and Windows Server 2008 R2 (both 64-bit).
My problem:
I'm having a devil of a time with this one. I get random BSOD'd in my Server 2008 R2 installation, but my Win7 install is rock solid. Sometimes it's right away, sometimes after a few minutes, sometimes when trying to use WordPad. I cannot get my wireless card (Intel 5100 AGN) to work along with video drivers for my ATI card, so I'm leaning towards a driver issue. I'm trying to use the Win7 drivers for anything that's missing drivers at the moment, since they are the same under the hood, so to speak.
Has anyone else experimented with this setup and/or run into similar problems? Thanks!
T500: T9400 (2.53GHz), 4GB RAM, 160GB 7200rpm, 15.4in 1680x1050 WSXGA+ LCD, 256MB ATI Radeon HD3650, DVDRW, Intel 802.11agn wireless, AT&T WWAN, Bluetooth, Modem, 1Gb Ethernet, 9c Li-Ion, Windows 7 Ultimate x64 RC (Build 7100)You shouldn't have any big issues, but there are a couple of gotchas that Server versions of Windows have (a notable one is the Bluetooth stack). Those are somewhat detailed in the review, though (and that blog also details how to get other features of Server 2008 R2 running).
-
CSA MC - BSOD after installing KB 958644
I installed the out-of-band MS KB 958644 last friday on our CSA management console server (only app on that server), rebooted and was greeted with a BSOD shortly after the server came up.
Tried a couple more times and got same results. Lots of event ID# 333 in the log.
I restored the server to my previous night's backup image and it is running again.
Might try re applying the KB again to see if it happens again.
Specifics are Win2003 RS SP2 with all relevant MS patches / 2 GB RAM / Running on a VMware ESX3i virtual machine. CSA Ver 6.0.201this error is so much obvius.
just look on internet on how to disable readyboost. additional just turn off the hybrid function and u will never see this bsod again, even i dont know how dumb ur mediacenter edition is and want to give u other bsods. btw i only seen bsods couse of **bleep** driver on my devices. donno how u manage to get such bluescreens......
btw according to the results i recommning ya to use ckhdsk /f to ur disk. mstWorker is mentioned wich means read write issues on access files. mstworker is microsoft Tiworker, an process wich examines files an bit. used by winupdate and the indexer. -
Storport.sys BSOD on Windows Server 2012 R2
I recently purchased a Server that houses 45 4TB drives to use as my backup to disk solution. I installed Windows Server 2012 R2 Standard so that I could take advantage of Microsoft's Storage Spaces. I have configured the Storage Pool
with Dual Parity with 3 hot spares. I have also updated every thing to the most current firmware, drivers and Windows Updates that I could find but I am still getting the BSOD. I am using Symantec Backup Exec 2010 R3 to backup my file server to this server.
It will run for anywhere between 12 to 31 hours transferring 1.5 to 3TB and then my server will Blue Screen and every time it Blue Screens it says it is caused by the storport.sys Driver. I've found articles talking about the storport.sys driver causing nonpaged
pool leaks but that was for Windows Server 2008 R2, I can't find anything for Windows Server 2012 R2. If you need additional information just let me know and I will provide it. Any help you can give would be greatly appreciated.Hi,
This article provided the limitation of Storage Pool in Windows Server 2012 R2:
https://social.technet.microsoft.com/wiki/contents/articles/11382.storage-spaces-frequently-asked-questions-faq.aspx#What_are_the_recommended_configuration_limits
Yor current situation is still in supported configuration.
Also there is no hotfix for Windows Server 2012 R2 regarding storport.sys yet. Which means your current issue is not a known issue.
For further troubleshooting purpose you may need to collect dump files for analysis. However it will take a long time to do the troubleshooting process on forum. Thus it is recommended to submit a ticket to Microsoft online support for a professional troubleshooting.
To obtain the phone numbers for specific technology request please take a look at the web site listed below:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS
If you have any feedback on our support, please send to [email protected] -
Windows Server 2008 R2 SP1 - BSOD Stop Error 0x00000050 RDPWD.SYS
Hi all,
I have been struggling with a BSOD for the past 5 weeks and have scoured the web trying in vain to find someone else with the same issue.
Environment:
8 x 2008 R2 SP1 Windows Servers (8Gb RAM, 25Gb HDD) with Remote Desktop Services Roles installed, running as part of an RDS Farm. All Servers are VM Guests (hardware version 7) running on VMware vSphere v4.1.0-260247 Hosts (Dell
PowerEdge R710 - 128Gb RAM). Our vSphere 'farm' has 5 Hosts that connect to our EMC SAN via iSCSI with multipath routes.
Each RDS Server is load balanced via a Connection Broker, and each server has the same set of software / vm hardware installed. In a nutshell, each has Symantec Endpoint Protection v11.0.5002.333, Symantec Altiris v7.0, Microsoft Office 2007 as well as
other various software essential to these servers.
Symptoms:
Randomly throughout the day, one (or more) of the RDS Servers will crash with a BSOD more often than not with "caused by driver ntoskrnl.exe" sometimes with "cng.sys" and once with "ksecpkg.sys". So far in the 5 weeks I have had 90 crashes. Yesterday
all 8 of the RDS Servers crashed at some point throughout the day.
On a typical BSOD, it says:
The problem seems to be caused by the following file: ntoskrnl.exe
PAGE_FAULT_IN_NONPAGED_AREA
Technical Information:
*** STOP: 0x00000050 (0xfffffa800c153284, 0x0000000000000001, 0xfffff880053dc0c9, 0x0000000000000000)
*** ntoskrnl.exe - Address 0xfffff8000169ac40 base at 0xfffff8000161e000 DateStamp 0x4e02aaa3
Using BlueScreenView it says "caused by address: ntoskrnl.exe+7cc40" nearly every time.
I have analysed as best I could using Microsoft WinDbg, and this is the output of a typical mini-dump file:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [\\hqrds01\c$\Windows\Minidump\030112-19359-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\Program Files\Debugging Tools for Windows (x64)\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: Server, suite: TerminalServer
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`01609000 PsLoadedModuleList = 0xfffff800`0184e670
Debug session time: Thu Mar 1 09:14:00.921 2012 (UTC + 0:00)
System Uptime: 0 days 21:31:41.950
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
* Bugcheck Analysis
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffffa800be83284, 1, fffff8800576f0c9, 0}
Could not read faulting driver name
Probably caused by : RDPWD.SYS ( RDPWD!memcpy+1d9 )
Followup: MachineOwner
1: kd> !analyze -v
* Bugcheck Analysis
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa800be83284, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff8800576f0c9, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)
Debugging Details:
Could not read faulting driver name
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800018b8100
fffffa800be83284
FAULTING_IP:
RDPWD!memcpy+1d9
fffff880`0576f0c9 668901 mov word ptr [rcx],ax
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
BUGCHECK_STR: 0x50
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff8800bf70a80 -- (.trap 0xfffff8800bf70a80)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000000000000023d rbx=0000000000000000 rcx=fffffa800be83284
rdx=ffffffffffe7e63b rsi=0000000000000000 rdi=0000000000000000
rip=fffff8800576f0c9 rsp=fffff8800bf70c18 rbp=0000000000000001
r8=000000000000001c r9=fffff8a0033401e8 r10=fffff8a0033401e8
r11=fffffa800be83268 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
RDPWD!memcpy+0x1d9:
fffff880`0576f0c9 668901 mov word ptr [rcx],ax ds:0c40:fffffa80`0be83284=????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800016319fc to fffff80001685c40
STACK_TEXT:
fffff880`0bf70918 fffff800`016319fc : 00000000`00000050 fffffa80`0be83284 00000000`00000001 fffff880`0bf70a80 : nt!KeBugCheckEx
fffff880`0bf70920 fffff800`01683d6e : 00000000`00000001 fffffa80`0be83284 00000000`00000000 fffff8a0`0be85820 : nt! ?? ::FNODOBFM::`string'+0x4611f
fffff880`0bf70a80 fffff880`0576f0c9 : fffff880`057547cf 00000000`00000000 00000000`00000022 00000000`00000002 : nt!KiPageFault+0x16e
fffff880`0bf70c18 fffff880`057547cf : 00000000`00000000 00000000`00000022 00000000`00000002 fffff880`0576c99d : RDPWD!memcpy+0x1d9
fffff880`0bf70c20 fffff880`0576c9fc : fffff8a0`0f938010 00000000`00000022 00000000`00000019 00000000`00000002 : RDPWD!SM_MCSSendDataCallback+0x303
fffff880`0bf70c60 fffff880`0576b354 : fffff880`0bf70da0 fffff8a0`033401e8 00000000`00000000 fffff880`0576abfd : RDPWD!HandleAllSendDataPDUs+0x188
fffff880`0bf70d10 fffff880`0576af64 : 00000000`00000031 fffffa80`0bd01895 00000006`0000001f fffff880`05739079 : RDPWD!RecognizeMCSFrame+0x28
fffff880`0bf70d50 fffff880`029ba1f8 : fffff8a0`03345000 fffffa80`0bae6e80 fffffa80`0a5c0e60 fffff880`05737e00 : RDPWD!MCSIcaRawInputWorker+0x3d4
fffff880`0bf70df0 fffff880`057378d0 : 00000000`00000000 fffff880`0bf70f10 fffff880`0bf70f08 00000000`00000000 : termdd!IcaRawInput+0x50
fffff880`0bf70e20 fffff880`05736d85 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tssecsrv!CRawInputDM::PassDataToServer+0x2c
fffff880`0bf70e50 fffff880`057367c2 : fffffa80`088e8a28 fffffa80`00000000 00000000`00000031 fffff800`00000000 : tssecsrv!CFilter::FilterIncomingData+0xc9
fffff880`0bf70ef0 fffff880`029ba1f8 : fffff880`009b8180 00000000`00000001 00000000`00000000 00000000`00000000 : tssecsrv!ScrRawInput+0x82
fffff880`0bf70f60 fffff880`0572c4c5 : fffffa80`088e8a10 fffffa80`0bd01658 00000000`00000000 fffffa80`088e8a10 : termdd!IcaRawInput+0x50
fffff880`0bf70f90 fffff880`029baf3e : fffffa80`0bd01620 fffffa80`0c100420 fffffa80`0bd4b450 fffffa80`0973b9b0 : tdtcp!TdInputThread+0x465
fffff880`0bf71810 fffff880`029b9ae3 : fffffa80`09d902b0 fffffa80`0973b9b0 fffffa80`093d8520 fffffa80`0bd4b450 : termdd!IcaDriverThread+0x5a
fffff880`0bf71840 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : termdd!IcaDeviceControlStack+0x827
STACK_COMMAND: kb
FOLLOWUP_IP:
RDPWD!memcpy+1d9
fffff880`0576f0c9 668901 mov word ptr [rcx],ax
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: RDPWD!memcpy+1d9
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: RDPWD
IMAGE_NAME: RDPWD.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7ab45
FAILURE_BUCKET_ID: X64_0x50_VRF_RDPWD!memcpy+1d9
BUCKET_ID: X64_0x50_VRF_RDPWD!memcpy+1d9
Followup: MachineOwner
The RDS servers are set to reboot automatically, and after a period of 5 minutes or so, the users can reconnect and log back in. On a typical day each server will have around 10 people RDP'd in to them.
The Users connecting to the RDS Servers included XP laptops/desktops and IGEL UD-120-LX Thin Terminals. The XPs have SP3 installed and are fully patched via Symantec Altiris.
Things I have tried:
- Analyse the dump-files (as per above).
- I have tracked each user logging on to the RDS Farm (via batch scripts) and tried to determine if this is caused by the same individual(s) but it appears random.
- Check to see if the crashing Virtual Machine is running on a specific host, but it has happened on all Hosts.
- Check to see if there was anything specific that happened on the day that the crashes started. There were about 5 new poeple introduced to the RDS Farm at that time, but there were using (a) client machines that had been used previously elsewhere with
no issues, (b) software that had been used previously, (c) in a remote location that had previous users using RDS, (d) have not been logged on to a RDS Server when it has crashed.
- Updated Windows Server 2008 R2 SP1 to the latest patches (as of Feb 2012).
- Turned on Verifier (using recommended settings), and then analysed dump-files with the same reference to rdpwd.sys.
- Fixed the Memory Resource Reservation in vSphere to the full 8Gb for all these RDS Servers (so that the memory is not shared at all).
- Ran MEMTEST on a VM Guest with the full 8Gb RAM, on a couple of the ESX Hosts.
- Changed the VMTools Video Driver to the SVGA II driver from the Standard VGA Driver.
- Ran a full AV Scan (using SEP).
- Isolated the Printer Drivers using the Printer Management MMC.
- Ran sfc /scannow of all RDS Servers and rebooted.
The mini-dump file mentioned above is here:https://skydrive.live.com/redir.aspx?cid=48f471f287af2349&resid=48F471F287AF2349!105&parid=48F471F287AF2349!103
I hope someone can help, as what hair I have left (from pulling it out) is turning grey!
Andy* Bugcheck Analysis
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa800c153284, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff880053dc0c9, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)
Debugging Details:
Could not read faulting driver name
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800018cd100
fffffa800c153284
FAULTING_IP:
RDPWD!memcpy+1d9
fffff880`053dc0c9 668901 mov word ptr [rcx],ax
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
BUGCHECK_STR: 0x50
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff8800aa48a80 -- (.trap 0xfffff8800aa48a80)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00000000000001ff rbx=0000000000000000 rcx=fffffa800c153284
rdx=ffffffffffee6b8b rsi=0000000000000000 rdi=0000000000000000
rip=fffff880053dc0c9 rsp=fffff8800aa48c18 rbp=0000000000000001
r8=000000000000001c r9=fffff8a0123923a8 r10=fffff8a0123923a8
r11=fffffa800c153268 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
RDPWD!memcpy+0x1d9:
fffff880`053dc0c9 668901 mov word ptr [rcx],ax ds:8c40:fffffa80`0c153284=????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800016469fc to fffff8000169ac40
STACK_TEXT:
fffff880`0aa48918 fffff800`016469fc : 00000000`00000050 fffffa80`0c153284 00000000`00000001 fffff880`0aa48a80 : nt!KeBugCheckEx
fffff880`0aa48920 fffff800`01698d6e : 00000000`00000001 fffffa80`0c153284 00000000`00000000 fffff8a0`10919830 : nt! ?? ::FNODOBFM::`string'+0x4611f
fffff880`0aa48a80 fffff880`053dc0c9 : fffff880`053c17cf 00000000`00000000 00000000`00000022 00000000`00000002 : nt!KiPageFault+0x16e
fffff880`0aa48c18 fffff880`053c17cf : 00000000`00000000 00000000`00000022 00000000`00000002 fffff880`053d999d : RDPWD!memcpy+0x1d9
fffff880`0aa48c20 fffff880`053d99fc : fffff8a0`10cf30d0 00000000`00000022 00000000`00000019 00000000`00000002 : RDPWD!SM_MCSSendDataCallback+0x303
fffff880`0aa48c60 fffff880`053d8354 : fffff880`0aa48da0 fffff8a0`123923a8 00000000`00000000 fffff880`053d7bfd : RDPWD!HandleAllSendDataPDUs+0x188
fffff880`0aa48d10 fffff880`053d7f64 : 00000000`00000031 fffffa80`0c039de5 00000006`0000001f fffff880`053a6079 : RDPWD!RecognizeMCSFrame+0x28
fffff880`0aa48d50 fffff880`012c01f8 : fffff8a0`12393000 fffffa80`0bb7aa60 fffffa80`0b81e9c0 fffff880`053a4e00 : RDPWD!MCSIcaRawInputWorker+0x3d4
fffff880`0aa48df0 fffff880`053a48d0 : 00000000`00000000 fffff880`0aa48f10 fffff880`0aa48f08 fffffa80`0c039ba8 : termdd!IcaRawInput+0x50
fffff880`0aa48e20 fffff880`053a3d85 : fffff880`01716890 fffffa80`0c0327e8 00000000`00000000 00000000`00000000 : tssecsrv!CRawInputDM::PassDataToServer+0x2c
fffff880`0aa48e50 fffff880`053a37c2 : fffffa80`0c16e598 fffffa80`00000000 00000000`00000031 fffff800`00000000 : tssecsrv!CFilter::FilterIncomingData+0xc9
fffff880`0aa48ef0 fffff880`012c01f8 : fffff880`009b8180 00000000`00000001 00000000`00000000 00000000`00000000 : tssecsrv!ScrRawInput+0x82
fffff880`0aa48f60 fffff880`052994c5 : fffffa80`0c16e580 fffffa80`0c039ba8 00000000`00000000 fffffa80`0c16e580 : termdd!IcaRawInput+0x50
fffff880`0aa48f90 fffff880`012c0f3e : fffffa80`0c039b70 fffffa80`0acccf20 fffffa80`0a95c450 fffffa80`0abf9620 : tdtcp!TdInputThread+0x465
fffff880`0aa49810 fffff880`012bfae3 : fffffa80`0c0a6560 fffffa80`0abf9620 fffffa80`087eee80 fffffa80`0a95c450 : termdd!IcaDriverThread+0x5a
fffff880`0aa49840 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : termdd!IcaDeviceControlStack+0x827
STACK_COMMAND: kb
FOLLOWUP_IP:
RDPWD!memcpy+1d9
fffff880`053dc0c9 668901 mov word ptr [rcx],ax
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: RDPWD!memcpy+1d9
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: RDPWD
IMAGE_NAME: RDPWD.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7ab45
FAILURE_BUCKET_ID: X64_0x50_VRF_RDPWD!memcpy+1d9
BUCKET_ID: X64_0x50_VRF_RDPWD!memcpy+1d9
Followup: MachineOwner
Bug Check Code 0x50:http://msdn.microsoft.com/en-us/library/windows/hardware/ff559023%28v=vs.85%29.aspx
Please start by that:
Update all possible drivers
Uninstall all unused programs
Disable all security softwares you have
Run chkdsk /r /f and sfc /scannow
Run memtest86+ to check if all is okay with your RAM. If an error was detected then replace the faulty RAM or contact your manufacturer Technical Support
If this does not help then upload MEMORY.DMP file (You can zip it and divide it using 7-ZIP) using Microsoft Skydrive and post a link here.
You can also contact Microsoft CSS for assistance.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft
Certified Professional
Microsoft
Certified Systems Administrator: Security
Microsoft
Certified Systems Engineer: Security
Microsoft
Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows 7, Configuring
Microsoft
Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft
Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer -
BSOD when starting MSMQ service as domain user Windows server 2012
Hi
We have a problem with a server getting BSOD when we start a service related to MSMQ. We get the attempted execute of noexecute memory BSOD whenever we start the service as a User on the domain. When we start the service as a system local it starts without
problem. I got the crashdump here:
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Microsoft (R) Windows Debugger Version 6.3.9600.17298 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\170\120314-11828-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Kernel Version 9200 MP (4 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Built by: 9200.16912.amd64fre.win8_gdr.140502-1507
Machine Name:
Kernel base = 0xfffff800`48476000 PsLoadedModuleList = 0xfffff800`48742aa0
Debug session time: Wed Dec 3 14:41:01.892 2014 (UTC + 1:00)
System Uptime: 0 days 0:04:09.904
Loading Kernel Symbols
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
Loading User Symbols
Loading unloaded module list
* Bugcheck Analysis *
Use !analyze -v to get detailed debugging information.
BugCheck FC, {7f982e340e0, 791000010fdb1025, fffff8800485a5e0, 80000005}
Probably caused by : mqac.sys ( mqac!ACCreateQueue+a77 )
Followup: MachineOwner
1: kd> !analyze -v
* Bugcheck Analysis *
ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY (fc)
An attempt was made to execute non-executable memory. The guilty driver
is on the stack trace (and is typically the current instruction pointer).
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: 000007f982e340e0, Virtual address for the attempted execute.
Arg2: 791000010fdb1025, PTE contents.
Arg3: fffff8800485a5e0, (reserved)
Arg4: 0000000080000005, (reserved)
Debugging Details:
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT_SERVER
BUGCHECK_STR: 0xFC
PROCESS_NAME: mqsvc.exe
CURRENT_IRQL: 0
ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre
TRAP_FRAME: fffff8800485a5e0 -- (.trap 0xfffff8800485a5e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000007f982e0c950 rbx=0000000000000000 rcx=0000005dff1fecd0
rdx=0000005dff34e988 rsi=0000000000000000 rdi=0000000000000000
rip=000007f982e340e0 rsp=fffff8800485a778 rbp=fffff8800485ab80
r8=fffffa800e623980 r9=0000000000000521 r10=fffffa800ec547a0
r11=0000000000000006 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
000007f9`82e340e0 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80048661ef1 to fffff800484d0540
STACK_TEXT:
fffff880`0485a408 fffff800`48661ef1 : 00000000`000000fc 000007f9`82e340e0 79100001`0fdb1025 fffff880`0485a5e0 : nt!KeBugCheckEx
fffff880`0485a410 fffff800`48588980 : fffff880`0485a5e0 ffffd8e9`9e6056e2 fffffa80`0ec547a0 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x33f2d
fffff880`0485a450 fffff800`4850aabd : fffff880`0485a500 00000000`c0000016 fffffa80`0e603b00 fffffa80`0e623980 : nt! ?? ::FNODOBFM::`string'+0x33e85
fffff880`0485a4a0 fffff800`484cdfee : 00000000`00000008 00000000`00000000 00000000`00000000 fffff880`0485a5e0 : nt!MmAccessFault+0x3ed
fffff880`0485a5e0 000007f9`82e340e0 : fffff880`00dc5297 fffffa80`0ec54770 00000000`00000000 fffff8a0`011ce7c0 : nt!KiPageFault+0x16e
fffff880`0485a778 fffff880`00dc5297 : fffffa80`0ec54770 00000000`00000000 fffff8a0`011ce7c0 fffff980`00000000 : 0x000007f9`82e340e0
fffff880`0485a780 fffff880`00dc60d7 : 00000000`00000000 0000005d`ff34e988 00000000`00000000 00000000`00000000 : mqac!ACCreateQueue+0xa77
fffff880`0485a7f0 fffff800`488ab127 : fffffa80`0e5ed520 fffffa80`0d50ecf0 00000000`00000521 00000000`00000000 : mqac!ACDeviceControl+0x62b
fffff880`0485a890 fffff800`488c02f6 : 00000000`00000000 fffff8a0`00000080 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x7e5
fffff880`0485aa20 fffff800`484cf553 : 00000000`00000000 00000000`0000000c fffff6fb`7dbed078 fffff6fb`7da0ff30 : nt!NtDeviceIoControlFile+0x56
fffff880`0485aa90 000007f9`8a702c1a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
0000005d`ff34e928 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x000007f9`8a702c1a
STACK_COMMAND: kb
FOLLOWUP_IP:
mqac!ACCreateQueue+a77
fffff880`00dc5297 85c0 test eax,eax
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: mqac!ACCreateQueue+a77
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: mqac
IMAGE_NAME: mqac.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5010abc2
IMAGE_VERSION: 6.2.9200.16384
BUCKET_ID_FUNC_OFFSET: a77
FAILURE_BUCKET_ID: 0xFC_mqac!ACCreateQueue
BUCKET_ID: 0xFC_mqac!ACCreateQueue
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xfc_mqac!accreatequeue
FAILURE_ID_HASH: {d1daca31-6256-358c-65b5-69af54392880}
Followup: MachineOwnerHi,
For BugCheck FC, it indicates that an attempt was made to execute non-executable memory. For more details,
please refer to following article.
Bug Check 0xFC: ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY
à
whenever we start the service as a User on the domain
. When we start the service as a system local it starts without problem
Did you mean that just use a standard domain user account to start the service, then encounter the issue? If
configure Log on as Local System account, will no BSOD issue occurred? Just a confirmation, thanks for your understanding.
Please check if you install all necessary Windows Updates on the server.
In addition, as you know, troubleshoot this kind of kernel crash issue, we need to analyze the crash dump file to narrow down the root cause of the issue. However, it is
not effective for us to debug the crash dump file here in the forum. If this issues is a state of emergency for you. Please contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
To obtain the phone numbers for specific technology request, please refer to the web site listed below:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
Hope this helps.
Best regards,
Justin Gu -
Exchange 2013 SP1 on Windows Server 2008 R2 Enterprise - BSOD after DAG creation
Hi,
We are running Exchange 2007 SP3 RU13 on Windows 2003 R2 with SP2 in a 2003 native AD environment and recently decided to upgrade to Exchange 2013. We installed a pair of new DELL R420 servers running Windows 2008 R2 Enterprise then threw Exchange 2013 SP1
onto them. This all went fine and the servers are running stable.
We connected the second NIC of each server to the other via a separate switch, the second NIC has Client for MS Networks and File/Printer Sharing disabled plus a totally separate subnet with no DNS or GW address assigned. DAG setup was run and completed
OK. I created the DAG network in Exchange and enabled replication, I also left replication enabled across the production LAN. Finally, I went into the advanced network settings and made sure the replication network was below the production network in the binding
order.
After an hour or two the BSOD's started.. both servers would crash within a few minutes of each other and reboot with a Kernel Panic. I have attached the contents of the dump file below. This seems to happen every few hours and it always seems to be the
server hosting the passive DB copies crashes first, followed by the server hosting the active copies. Note that if we disable the replication NIC on both servers they do not crash.
I got the impression from somewhere that perhaps the servers had mixed up the binding order and were trying to use the replication network as primary, losing access to AD and rebooting (which I have read is the behaviour for Exchange now). It appears the
Exchange Health service has killed WININIT which causes the crash.
Thanks!!!
The crash dump text is below:
CRITICAL_OBJECT_TERMINATION (f4)
A process or thread crucial to system operation has unexpectedly exited or been
terminated.
Several processes and threads are necessary for the operation of the
system; when they are terminated (for any reason), the system can no
longer function.
Arguments:
Arg1: 0000000000000003, Process
Arg2: fffffa80192ebb30, Terminating object
Arg3: fffffa80192ebe10, Process image file name
Arg4: fffff80001dc37b0, Explanatory message (ascii)
Debugging Details:
PROCESS_OBJECT: fffffa80192ebb30
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: wininit
FAULTING_MODULE: 0000000000000000
PROCESS_NAME: MSExchangeHMWo
BUGCHECK_STR: 0xF4_MSExchangeHMWo
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80001e4cab2 to fffff80001abebc0
STACK_TEXT:
fffff880`0d7f39c8 fffff800`01e4cab2 : 00000000`000000f4 00000000`00000003 fffffa80`192ebb30 fffffa80`192ebe10 : nt!KeBugCheckEx
fffff880`0d7f39d0 fffff800`01df7abb : ffffffff`ffffffff fffffa80`1bcf3060 fffffa80`192ebb30 fffffa80`383ea060 : nt!PspCatchCriticalBreak+0x92
fffff880`0d7f3a10 fffff800`01d77674 : ffffffff`ffffffff 00000000`00000001 fffffa80`192ebb30 00000000`00000008 : nt! ?? ::NNGAKEGL::`string'+0x17486
fffff880`0d7f3a60 fffff800`01abde53 : fffffa80`192ebb30 fffff880`ffffffff fffffa80`1bcf3060 00000000`00000000 : nt!NtTerminateProcess+0xf4
fffff880`0d7f3ae0 00000000`7772157a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`34eed638 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7772157a
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: wininit.exe
FAILURE_BUCKET_ID: X64_0xF4_MSExchangeHMWo_IMAGE_wininit.exe
BUCKET_ID: X64_0xF4_MSExchangeHMWo_IMAGE_wininit.exe
Followup: MachineOwnerHi Darrkon,
I suggest checking the status of the HealthMailbox on each of servers.
Also try to re-create the mailbox. You can safely delete and recreate health mailboxes.
Be aware that any local Managed Availability probes that are using the these mailboxes will fail until the Microsoft Exchange Health Manager is restarted. Once that service is restarted, it will recreate any mailboxes that it needs.
More details in the following similar thread, just for your reference:
BSOD after creating DAG
http://social.technet.microsoft.com/Forums/exchange/en-US/44d1cd98-cba1-4ed0-b0e7-8aa76ee3eabc/bsod-after-creating-dag
Thanks
Mavis
Mavis Huang
TechNet Community Support -
Windows server 2012 R2 randomly BSOD's
Dear all,
Since recently we suffering from random BSOD's on a Windows 2012 R2 terminal server. We already checked if there has been any changes, updates, new drivers installed, etc. around the time we receive the first one, but we cannot find anything. The server
is a virtual server on Hyper-V but the Hyper-V host doesn't suffer from BSOD's and is working properly. We updated the servers with newest windows updates. Could someone please help me debugging this minidump:
Loading Dump File [C:\Users\admtem\Desktop\031915-48906-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*c:\cache*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\cache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Kernel Version 9600 MP (16 procs) Free x64
Product: Server, suite: TerminalServer
Built by: 9600.17668.amd64fre.winblue_r8.150127-1500
Machine Name:
Kernel base = 0xfffff801`f4489000 PsLoadedModuleList = 0xfffff801`f4762250
Debug session time: Thu Mar 19 01:55:51.856 2015 (UTC + 1:00)
System Uptime: 0 days 2:21:59.525
Loading Kernel Symbols
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
Loading User Symbols
Loading unloaded module list
* Bugcheck Analysis *
Use !analyze -v to get detailed debugging information.
BugCheck A, {fffff90140599000, 2, 0, fffff801f45280ab}
Probably caused by : ntkrnlmp.exe ( nt!KeSetEvent+3fb )
Followup: MachineOwner
6: kd> !analyze -v
* Bugcheck Analysis *
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffff90140599000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff801f45280ab, address which referenced memory
Debugging Details:
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff801f47ec138
unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
fffff90140599000
CURRENT_IRQL: 2
FAULTING_IP:
nt!KeSetEvent+3fb
fffff801`f45280ab 488b09 mov rcx,qword ptr [rcx]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
BUGCHECK_STR: AV
PROCESS_NAME: System
ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre
TRAP_FRAME: ffffd00142686900 -- (.trap 0xffffd00142686900)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffd001475bc4e8 rbx=0000000000000000 rcx=fffff90140599000
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff801f45280ab rsp=ffffd00142686a90 rbp=0000000000000000
r8=0000000000000000 r9=fffff801f492c628 r10=fffff90140599000
r11=ffffd00142686b00 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac po nc
nt!KeSetEvent+0x3fb:
fffff801`f45280ab 488b09 mov rcx,qword ptr [rcx] ds:fffff901`40599000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff801f45e54e9 to fffff801f45d99a0
STACK_TEXT:
ffffd001`426867b8 fffff801`f45e54e9 : 00000000`0000000a fffff901`40599000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffffd001`426867c0 fffff801`f45e3d3a : 00000000`00000000 ffffd001`475bc4e0 ffffe001`26538900 ffffcf81`0df3afa0 : nt!KiBugCheckDispatch+0x69
ffffd001`42686900 fffff801`f45280ab : 00000000`00002608 00000000`00000000 00000000`00000030 00000000`00000000 : nt!KiPageFault+0x23a
ffffd001`42686a90 fffff801`f45343ac : fffff901`40599000 ffffe001`00000000 ffffe001`25f34800 fffff801`00000000 : nt!KeSetEvent+0x3fb
ffffd001`42686b50 fffff801`f4561280 : 13131313`13131313 ffffe001`25f34880 00000000`00000080 ffffe001`25f34880 : nt!ExpWorkerThread+0x28c
ffffd001`42686c00 fffff801`f45dffc6 : ffffd001`42040180 ffffe001`25f34880 ffffd001`4204c5c0 13131313`13131313 : nt!PspSystemThreadStartup+0x58
ffffd001`42686c60 00000000`00000000 : ffffd001`42687000 ffffd001`42681000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KeSetEvent+3fb
fffff801`f45280ab 488b09 mov rcx,qword ptr [rcx]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!KeSetEvent+3fb
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 54c832b2
IMAGE_VERSION: 6.3.9600.17668
BUCKET_ID_FUNC_OFFSET: 3fb
FAILURE_BUCKET_ID: AV_VRF_nt!KeSetEvent
BUCKET_ID: AV_VRF_nt!KeSetEvent
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_vrf_nt!kesetevent
FAILURE_ID_HASH: {3ff99d47-0a85-0b19-f59a-c152651b9c12}
Followup: MachineOwner
Any help would be much appriciated!
Kind Regards,
ThijsHi Thijs,
Just addition, please also check if all necessary windows updates were installed in this problematic server. Please check if drivers need to be updated.
Please also refer to following thread and check if can help you.
Blue Screen Error (Probably caused by : ntkrnlmp.exe)
If this issues is a state of emergency for you. Please contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
To obtain the phone numbers for specific technology request, please refer to the web site listed below:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
Best regards,
Justin Gu
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
BSOD terminal server 2008 r2 after user logoff
Hi there,
We have a serieus problem with users that logoff on a terminal server. When a user logoff of the terminal server we'll get a bsod. Win32k.sys crashes.
Our terminal server is a Windows 2008 r2 sp1 based on VMWare 5.0. We have installed al the available updates on this Windows Server.
Any idea how to solve this problem?
This topic first appeared in the Spiceworks CommunityOk, I think I found the issue.
I installed JRE 7 Update 51 for 64-bit. And Chrome does not have a 64-bit for Windows.
I went back and uninstalled this JRE version and instead installed the 32-bit version and now the Chrome plugin is working. -
BSOD Error Windows 2008 R2 Terminal Server
Hi guys
I have a unique issue on a Windows 2008 R2 Enterprise Terminal Server where it keeps blue screening every so often (from every 2 or 3 days to some times once a week) with the exact same BSOD error. After countless hours Googling and researching I am simply
at a dead end and desperately require some guidance if possible. I have ran malware bytes and other tools and the TS does not have any malware or viruses. I have ran a chkdsk and everything is also okay with that.
It has happened about 5 times now with the same errors every time:
29/05/2014 09:42:18
Bug Check String: CRITICAL_OBJECT_TERMINATION
Bug Check Code: 0x000000f4
Parameter 1: 00000000`00000003
2: fffffa80`243c5060
3: fffffa80`243c5340
4: fffff800`01bc70d0
Caused by driver: ntoskrnl.exe
Caused by address: ntoskrnl.exe+75b80
Processor: x64
I have uploaded the DMP to OneDrive: edit: it won't let me post a link until my account is verified?
Thanks
DanHi,
Thank you for posting in Windows Server Forum.
The problem which you are facing seems to be due to ntoskrnl.exe. There might be some corruption in ntoskrnl.exe file.It’s responsible for various system services such as hardware virtualization, process and memory management, thus making it a fundamental part
of the system. It contains the cache manager, the executive, the kernel, the security reference monitor, the memory manager, and the scheduler.
Please check below articles to fix the issue of ntoskrnl.exe.
1. NTOSKRNL.EXE is missing or corrupt
2. How to Fix Ntoskrnl.exe Missing or Corrupt Error
Hope it helps!
Thanks.
Dharmesh Solanki
Maybe you are looking for
-
Getting ORA-06512/ORA-00972 ERROR WHILE EXECUTING THE PROCEDURE????
Hi , while executing this procedure , I am getting follwoing errors: Create or Replace procedure ADD_CUSTOM_INDEX is INDX_NOT_EXIST Number; CREATE_SQL_STATMENT VARCHAR2(1500); ALTER_SQL_STATMENT VARCHAR2(150); CURSOR C1 IS select INDEX_NAME,CREATE_DD
-
Ghost32 image on my X61s = error message with winload.exe and 0xc000000f
hi scuse my poor english. i have a deployment to do with 200 notebooks : r61 & x61s. i create a WDS server with a boot.wim and a Ghost Solution Suite Server 2.5 with images of R61 & X61s on the same server 2003. i start my R61, boot on the F12, start
-
Running Safari 5.0.2 on Mac OS 10.5.8 (Mac G5 quad) just installed Flash Player Plugin 10.1 r82. can't view streaming video in Safari -- "an error occurred, please try later" is the typical warning. (same result in current Firefox) I also installed F
-
Searching for iTunes 4.9 or 5.1
Does any one know where I can get iTunes 4.9 or 5.1? as iTunes 6.0 won't work on my computer and i want to dowlad podcasts
-
Safari keeps crashing, why?
Ever since yesterday Safari keeps crashing. I keep getting the same error code listed below. I can be on Safari for about 10-15 then it crashes. I have deleted the plist files and ran repair disk still keep getting the same result. Please help, its q