BSOD:MS-9249 1U Server

I'm experiencing random BSOD with this server.  I did not write down the last BSOD message, but I believe it was the IRQ_NOT_LESS_OR_EQUAL
It failed twice on me yesterday, but I couldn't get the info because when I switched the monitor over to the box through my KVM there was no video output.
When it fails it fails hard.  System does not reboot even though Win2K is setup to reboot.  No failed events are in the logs.
Ran memtest for 9 hours.  No problems reported.  Right now I'm running Prime95.
No BIOS update exists for this box according to MSI's LiveUpdate.
This is a server box so it has a minimal amount of additional software on it -- MySQL, Sygate Firewall, BlackIce Defender, IIS v5 are the major services running.
The only thing "odd" is that I share this USB mouse with another system (unplugging when needed) so I was wondering if maybe a USB driver issue.
Code: [Select]
 MSI: MS-9249 1U Rackmount Server
 BIOS: W9249MS V1.0 030204
   OS: Windows 2000 Workstation SP4
  CPU: Intel P4 2.8GHz  HT enabled
  RAM: 2x512 Crucial CT6472Z40B (Slots A0 & A2)
       DDR PC3200 CL=3 Unbuffered ECC DDR400 2.6V 64Meg x 72
       RAM BIOS Setting: 3 8 3 3
   HD: Hitachi SATA
  PCI: empty
VIDEO: On-board ATI Rage XL PCI
  PSU: MSI OEM
  DRAM Timing: By SPD
Latest LiveUpdate: 10/09/2004 (No BIOS update, updated Intel INF and LAN)
Memtest86: No errors.  Standard Test. 52 Passes. 9.3 hours
No BIOS settings to change RAM voltage

Well the pig BSOD'ed on me again today.
Code: [Select]
Use !analyze -v to get detailed debugging information.
BugCheck A, {bc6558, 2, 0, 80437d8c}
Probably caused by : memory_corruption ( nt!MiRemovePteTracker+72 )
Followup: MachineOwner
1: kd> !analyze -v
*                        Bugcheck Analysis                                    *
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00bc6558, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 80437d8c, address which referenced memory
Debugging Details:
READ_ADDRESS:  00bc6558 Paged pool
CURRENT_IRQL:  2
FAULTING_IP:
nt!MiRemovePteTracker+72
80437d8c 8a11             mov     dl,[ecx]
DEFAULT_BUCKET_ID:  DRIVER_FAULT
BUGCHECK_STR:  0xA
LAST_CONTROL_TRANSFER:  from 5345534a to 80469d1c
STACK_TEXT:  
ec423780 5345534a 4e4f4953 373d4449 39434541 nt!KiTrap13
WARNING: Frame IP not in any known module. Following frames may be wrong.
203b4333 00000000 00000000 00000000 00000000 0x5345534a
STACK_COMMAND:  .bugcheck ; kb
FOLLOWUP_IP:
nt!MiRemovePteTracker+72
80437d8c 8a11             mov     dl,[ecx]
FOLLOWUP_NAME:  MachineOwner
SYMBOL_NAME:  nt!MiRemovePteTracker+72
MODULE_NAME:  nt
DEBUG_FLR_IMAGE_TIMESTAMP:  40d1d19a
IMAGE_NAME:  memory_corruption
BUCKET_ID:  0xA_nt!MiRemovePteTracker+72
Followup: MachineOwner

Similar Messages

  • Help with PAGE_FAULT_IN_NONPAGED_AREA (50) BSOD on 2003 Citrix Server

    I have three servers in a Citrix Farm, one of the servers BSOD's once or twice a week with the error PAGE_FAULT_IN_NONPAGED_AREA (50).  When I analyze the dump file it always shows the faulting drive is lcencm.sys.  This is Sophos Lan Crypt, which
    we have to use for encrypted images.  The same version is installed on two other citrix servers with no problems, so I am unsure what is the actual cause.  There is definitely a memory leak on the server, but I haven't been able to determine what
    it actually is.  I have tried updating Lan Crypt with the newest patch, uninstalling/reinstalling Lan Crypt, ran memtest, sfc, chkdsk, etc. and I'm about to loose my mind.  Here is the dump log, I'm not sure where to upload it:
    Kernel Summary Dump File: Only kernel address space is available
    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       srv*c:\mss*http://msdl.microsoft.com/download/symbols
    Symbol search path is: srv*c:\mss*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (16 procs) Free x86 compatible
    Product: Server, suite: TerminalServer
    Built by: 3790.srv03_sp2_qfe.130703-1535
    Machine Name:
    Kernel base = 0x80800000 PsLoadedModuleList = 0x808a8ee8
    Debug session time: Tue Jan 20 08:17:27.587 2015 (UTC - 6:00)
    System Uptime: 3 days 7:13:08.713
    Loading Kernel Symbols
    Loading User Symbols
    PEB is paged out (Peb.Ldr = 7ffd400c).  Type ".hh dbgerr001" for details
    Loading unloaded module list
    *                        Bugcheck Analysis                                   
    Use !analyze -v to get detailed debugging information.
    BugCheck 50, {80000155, 0, 8081c630, 0}
    *** ERROR: Module load completed but symbols could not be loaded for lcencm.sys
    Probably caused by : lcencm.sys ( lcencm+1b6f3 )
    Followup: MachineOwner
    14: kd> !analyze -v
    *                        Bugcheck Analysis                                   
    PAGE_FAULT_IN_NONPAGED_AREA (50)
    Invalid system memory was referenced.  This cannot be protected by try-except,
    it must be protected by a Probe.  Typically the address is just plain bad or it
    is pointing at freed memory.
    Arguments:
    Arg1: 80000155, memory referenced.
    Arg2: 00000000, value 0 = read operation, 1 = write operation.
    Arg3: 8081c630, If non-zero, the instruction address which referenced the bad memory
        address.
    Arg4: 00000000, (reserved)
    Debugging Details:
    READ_ADDRESS:  80000155
    FAULTING_IP:
    nt!IoGetAttachedDevice+c
    8081c630 8b4810          mov     ecx,dword ptr [eax+10h]
    MM_INTERNAL_CODE:  0
    DEFAULT_BUCKET_ID:  DRIVER_FAULT
    BUGCHECK_STR:  0x50
    PROCESS_NAME:  lchelper.exe
    CURRENT_IRQL:  1
    ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) x86fre
    TRAP_FRAME:  a33c5a34 -- (.trap 0xffffffffa33c5a34)
    ErrCode = 00000000
    eax=80000145 ebx=00000000 ecx=80000145 edx=8082f3e1 esi=84a50a04 edi=00000043
    eip=8081c630 esp=a33c5aa8 ebp=a33c5aa8 iopl=0         nv up ei ng nz na po nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010282
    nt!IoGetAttachedDevice+0xc:
    8081c630 8b4810          mov     ecx,dword ptr [eax+10h] ds:0023:80000155=????????
    Resetting default scope
    LAST_CONTROL_TRANSFER:  from 80860295 to 80827f7d
    STACK_TEXT:  
    a33c59a4 80860295 00000050 80000155 00000000 nt!KeBugCheckEx+0x1b
    a33c5a1c 8088e680 00000000 80000155 00000000 nt!MmAccessFault+0xb25
    a33c5a1c 8081c630 00000000 80000155 00000000 nt!KiTrap0E+0xdc
    a33c5aa8 f7b8b6f3 85973dd0 802021a4 848398d8 nt!IoGetAttachedDevice+0xc
    WARNING: Stack unwind information not available. Following frames may be wrong.
    a33c5b34 8098cfb0 e1bb4ab0 00000011 85e51740 lcencm+0x1b6f3
    a33c5b60 8098db9f e1bb4ab0 00000000 85e51740 nt!ExpAllocateHandleTableEntry+0xf4
    a33c5b7c 809380a1 00000001 a33c5bb0 8545dc58 nt!ExCreateHandle+0x19
    a33c5bc8 847bd008 847bd020 a33c5c18 a33ce180 nt!ObpCreateHandle+0x3f3
    a33c5c0c f7bb1e80 00000000 85b89878 f7b850f0 0x847bd008
    a33c5c18 f7b850f0 00000019 85b89878 85b898e8 lcencm+0x41e80
    a33c5c3c 8081e185 8b5e8c60 00000019 8545dc70 lcencm+0x150f0
    a33c5c50 808f787b 85b898e8 8545dc70 85b89878 nt!IofCallDriver+0x45
    a33c5c64 808f861d 8b5e8c60 85b89878 8545dc70 nt!IopSynchronousServiceTail+0x10b
    a33c5d00 808f1164 00000138 00000000 00000000 nt!IopXxxControlFile+0x5e5
    a33c5d34 8088b658 00000138 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
    a33c5d34 7c82845c 00000138 00000000 00000000 nt!KiSystemServicePostCall
    0012faf8 00000000 00000000 00000000 00000000 0x7c82845c
    STACK_COMMAND:  kb
    FOLLOWUP_IP:
    lcencm+1b6f3
    f7b8b6f3 8b0e            mov     ecx,dword ptr [esi]
    SYMBOL_STACK_INDEX:  4
    SYMBOL_NAME:  lcencm+1b6f3
    FOLLOWUP_NAME:  MachineOwner
    MODULE_NAME: lcencm
    IMAGE_NAME:  lcencm.sys
    DEBUG_FLR_IMAGE_TIMESTAMP:  4bbc8a56
    FAILURE_BUCKET_ID:  0x50_lcencm+1b6f3
    BUCKET_ID:  0x50_lcencm+1b6f3
    ANALYSIS_SOURCE:  KM
    FAILURE_ID_HASH_STRING:  km:0x50_lcencm+1b6f3
    FAILURE_ID_HASH:  {6b9c7ca1-20bc-f357-3296-ccf4fa7996f3}
    Followup: MachineOwner

    Bug Check Code 0x50: http://msdn.microsoft.com/en-us/library/windows/hardware/ff559023%28v=vs.85%29.aspx
    Bug check 0x50 usually occurs after the installation of faulty hardware or in the event of failure of installed hardware (usually related to defective RAM, be it main memory, L2 RAM cache, or video RAM).
    Another common cause is the installation of a faulty system service.
    Antivirus software can also trigger this error, as can a corrupted NTFS volume.
    In the dump lcencm.sys seems to be the cause. You can simply disable it and see if the problem disappears. If this is the case then you will need to contact Sophos technical support for assistance.
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • Windows Server 2008 R2 SP1 BSOD 0x1a with CLFS.sys

    Hello,
    I've got a BSOD on a Windows Server 2008 R2 with SP1 installed. Analyzed the dump and could
    see a Bug-check of 0x1a which means "MEMORY_MANAGEMENT".
    Further analysis on this dump shows me, that this probably is caused by the CLFS.sys, which
    is the Common Log File System Driver. This CLFS.sys is installed with date:
    Tue Jul 14 01:19:57 2009
    I have now searched trough MS Support pages and resources and also the Internet, but I found no
    information about an update for this or a newer version. It's nearby impossible to find newer versions
    for specific  files in i.e. Hot-fixes.
    Do you know this issue with the 0x1a BSOD and CLFS.sys and/or do you know a newer version ?
    Any help would be very appreciated!
    Thanks and regards plus have a nice day !
    Tino

    Hi Tino,
    Regarding to Bug Check 0x1A, please refer to following article.
    Bug Check 0x1A: MEMORY_MANAGEMENT
    Did you install any third-party application in this problematic server? Would you please let me know whether
    the BSOD issue occurred regularly? Or just occurred suddenly? If the BSOD issue occurred regularly, please
    perform a clean boot and check if this BSOD issue still exists.
    In addition, please check if necessary updates need to be installed and drivers need to be updated. Please
    run sfc /scannow command to scan all protected system files and check if find errors.
    As you know, troubleshoot this kind of kernel crash issue, we need to analyze the crash dump file to narrow down the root cause of the issue. Actually, it is not effective
    for us to debug the crash dump file here in the forum. If this issues is a state of emergency for you. Please contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
    To obtain the phone numbers for specific technology request, please refer to the web site listed below:
    http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
    àThis CLFS.sys is installed with date: Tue Jul 14 01:19:57 2009
    àor do you know a newer version?
    By the way, I checked the CLFS.sys in a Windows Server 2008 R2 in my Lab environment. It also created in July
    2009.
    Hope this helps.
    Best regards,
    Justin Gu

  • BSOD on Server 2008 STANDARD SP2

    Assistance with BSOD on Dell R710 Server running Server 2008 STANDARD SP2
    Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Communication was lost to this server (Not a power outage). It was discovered with a blue screen with the above error. A memory dump was created with reference STOP 0x0000000D1. NETIO.SYS Address 8075FA37.
    The machine rebooted after the dump and upon logon the following message was displayed:
    Problem signature:
      Problem Event Name:          BlueScreen
      OS Version:           6.0.6002.2.2.0.272.7
      Locale ID:              1033
    Additional information about the problem:
      BCCode: d1
      BCP1:     000000D4
      BCP2:     00000002
      BCP3:     00000000
      BCP4:     8075FA37
      OS Version:           6_0_6002
      Service Pack:         2_0
      Product: 272_3
    Files that help describe the problem:
      C:\Windows\Minidump\Mini011315-01.dmp
    Link to one drive for the dump files:
    https://onedrive.live.com/?cid=D0667AD0A7D6788C&id=D0667AD0A7D6788C!180

    *                        Bugcheck Analysis                                    *
    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 000000d4, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000000, value 0 = read operation, 1 = write operation
    Arg4: 8075fa37, address which referenced memory
    Debugging Details:
    Unable to load image \SystemRoot\system32\DRIVERS\Teefer.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for Teefer.sys
    *** ERROR: Module load completed but symbols could not be loaded for Teefer.sys
    READ_ADDRESS: GetPointerFromAddress: unable to read from 81d6d874
    Unable to read MiSystemVaType memory at 81d4d420
     000000d4 
    CURRENT_IRQL:  2
    FAULTING_IP: 
    NETIO!StreamGetCalloutContext+d4
    8075fa37 833800          cmp     dword ptr [eax],0
    CUSTOMER_CRASH_COUNT:  1
    DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP
    BUGCHECK_STR:  0xD1
    PROCESS_NAME:  System
    TRAP_FRAME:  9bd152f4 -- (.trap 0xffffffff9bd152f4)
    ErrCode = 00000000
    eax=000000d4 ebx=000000d0 ecx=9bd15374 edx=00046e28 esi=000001a0 edi=c0000017
    eip=8075fa37 esp=9bd15368 ebp=9bd15378 iopl=0         nv up ei pl nz na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010206
    NETIO!StreamGetCalloutContext+0xd4:
    8075fa37 833800          cmp     dword ptr [eax],0    ds:0023:000000d4=????????
    Resetting default scope
    LAST_CONTROL_TRANSFER:  from 8075fa37 to 81c83ecd
    STACK_TEXT:  
    9bd152f4 8075fa37 badb0d00 00046e28 00000000 nt!KiTrap0E+0x1c5
    9bd15378 8075fac6 001f3516 00000000 00000107 NETIO!StreamGetCalloutContext+0xd4
    9bd153ac 80761508 001f3516 00000000 00000107 NETIO!StreamGetCalloutAndDataContexts+0x33
    9bd15428 80750580 00000014 a1756830 9bd15734 NETIO!StreamProcessCallout+0x63
    9bd15480 8073c44b 00000014 9bd15734 9bd1563c NETIO!ProcessCallout+0xee
    9bd154b0 8073c4ab 00000014 d6b06208 9bd15734 NETIO!ProcessFastCalloutClassify+0x2c
    9bd15590 8075ed12 00000014 9bd15734 9bd1563c NETIO!KfdClassify+0xd8
    9bd15618 8075effb 00000014 9bd15734 9bd1563c NETIO!StreamClassify+0x94
    9bd15744 8075f436 fe1fd800 00000014 9bd1576c NETIO!StreamCommonInspect+0x19b
    9bd15770 8ccf74c7 fe1fd818 fe160b00 a264ed98 NETIO!WfpStreamInspectReceive+0xab
    9bd15798 8ccce96f fe160b08 fe160bf4 a264ed98 tcpip!TcpInspectReceive+0x52
    9bd157d8 8cccf24d fe160b08 9bd157f8 9bd1582c tcpip!TcpTcbFastDatagram+0x2ca
    9bd15838 8cccd686 8572df40 00160b08 9bd1589c tcpip!TcpTcbReceive+0xf8
    9bd15890 8cccf099 8572df40 85720000 00000000 tcpip!TcpMatchReceive+0x1ec
    9bd158d8 8cccf0ff 8572df40 85720000 85720018 tcpip!TcpPreValidatedReceive+0x22d
    9bd158f4 8cccdaa0 8572df40 85720000 9bd15930 tcpip!TcpReceive+0x2d
    9bd15904 8cce5bfb 9bd15918 c000023e 00000000 tcpip!TcpNlClientReceiveDatagrams+0x12
    9bd15930 8cce5628 8cd3cebc 9bd15984 c000023e tcpip!IppDeliverListToProtocol+0x49
    9bd15950 8cce5a78 8cd3ccd0 00000006 9bd15984 tcpip!IppProcessDeliverList+0x2a
    9bd159a8 8cce7290 8cd3ccd0 00000006 00000000 tcpip!IppReceiveHeaderBatch+0x1eb
    9bd15a38 8cce3798 86573400 00000000 9bd15a00 tcpip!IpFlcReceivePackets+0xbe1
    9bd15ab4 8cce30a9 86572420 85a88978 00000000 tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x6e3
    9bd15adc 806d10b0 86572420 85a88978 00000000 tcpip!FlReceiveNetBufferListChain+0x104
    9bd15b10 806c3d25 00573af8 85a88978 00000000 NDIS!ndisMIndicateNetBufferListsToOpen+0xab
    9bd15b38 806c3c9c 00000000 86573008 86177388 NDIS!ndisIndicateSortedNetBufferLists+0x4a
    9bd15cb4 8060457f 85814368 00000000 00000000 NDIS!ndisMDispatchReceiveNetBufferLists+0x129
    9bd15cd0 8062fccd 85814368 85a88978 00000000 NDIS!ndisMTopReceiveNetBufferLists+0x2c
    9bd15cec 8062fca4 86572c10 85a88978 00000000 NDIS!ndisFilterIndicateReceiveNetBufferLists+0x20
    9bd15d08 9465cc13 86572c10 85a88978 00000000 NDIS!NdisFIndicateReceiveNetBufferLists+0x1b
    WARNING: Stack unwind information not available. Following frames may be wrong.
    9bd15d30 9465d22f 86177388 86188700 94661108 Teefer+0xac13
    9bd15d60 9465d494 8618b7c0 87792358 00000000 Teefer+0xb22f
    9bd15d7c 81e0c01c 94661108 97fe8bf9 00000000 Teefer+0xb494
    9bd15dc0 81c74eee 9465d420 94661108 00000000 nt!PspSystemThreadStartup+0x9d
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
    STACK_COMMAND:  kb
    FOLLOWUP_IP: 
    NETIO!StreamGetCalloutContext+d4
    8075fa37 833800          cmp     dword ptr [eax],0
    SYMBOL_STACK_INDEX:  1
    SYMBOL_NAME:  NETIO!StreamGetCalloutContext+d4
    FOLLOWUP_NAME:  MachineOwner
    MODULE_NAME: NETIO
    IMAGE_NAME:  NETIO.SYS
    DEBUG_FLR_IMAGE_TIMESTAMP:  49e0209d
    FAILURE_BUCKET_ID:  0xD1_NETIO!StreamGetCalloutContext+d4
    BUCKET_ID:  0xD1_NETIO!StreamGetCalloutContext+d4
    Followup: MachineOwner
    Bug Check Code 0xD1: https://msdn.microsoft.com/en-us/library/windows/hardware/ff560244(v=vs.85).aspx
    The BSOD is probably caused by teefer.sys driver. Based on searches, I found that it belongs to Sygate firewall driver system driver. So, either you update it or you remove this software. You can also contact its vendor/developer for assistance.
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • BSOD: 0x000000F4 (0x00000003, 0x875801A8, 0x875802F4, 0x82C36C30), Windows Server 2008, vSphere 5.1, Equallogic SAN

    Getting a BSOD on a Windows Server 2008 Standard x86 server that has been working fine for a few years.  Running it as a VM on vSphere 5.1 and when rebooted I now receive this gem.
    I have tried booting from Install CD and running chkdsk /f /r, bootrec variations, deleting pending.xml, booting to Safe Mode (won't work), etc.  In Safe Mode, it gets to crcdisk.sys which may be a symptom not the problem.  sfc /scannow
    won't work as the Window Resource Protection states that it won't run.
    I also run an Dell/Equallogic SAN where two partitions are on the same virtual volume. 
    Need some help here.  Any further suggestions? 

    Hi dkenn256,
    The Bug Check code for the BSOD errors you are experiencing is 0xF4, this may be caused by your storage, if you can’t boot your system now please first check your storage,
    such upgrade the storage firmware check the storage cable or replace a new array adapter.
    This issue also may caused by the know issue descripted in kb 2675806, please try to install this KB then monitor this issue again.
    The KB 2675806 download:
    http://support.microsoft.com/kb/2675806/en-us
    The similar thread:
    How to troubleshoot and solve blue screen (S"line-height:107%;font-family:'Verdana','sans-serif';font-size:10pt;">http://answers.microsoft.com/en-us/windows/forum/windows_7-performance/how-to-troubleshoot-and-solve-blue-screen-stop/dc00a824-74d7-43b3-9330-f2c6ba054731
    I’m glad to be of help to you!
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Fresh install of Server 2012 R2 causes inaccessible boot device on first Reboot

    Hello Everyone, 
    Doing a fresh install of Windows Server 2012 R2 on a SuperMicro X9DRT-HF+ motherboard based server. The server is using iSCSI boot, setup detects the iSCSI disk and copies its files, finishes the "Getting files ready for installation" "Installing
    Updates" phase, reboots, takes a while and eventually gives a Blue screen with Inaccessible Boot Device error. I have tried some changing options in the BIOS, I've had Nimble (storage array) support on the phone and they confirmed the setup is correct
    but for some reason after the first reboot Windows can no longer find its install files and gives a BSOD.
    Additional Information: 
    Server: SuperMicro X9DRT-HF+ (no internal disk)
    Storage: iSCSI disk provided from Nimble CS220 Array
    Windows 2008 R2 Server installation will proceed without any problems.
    I checked the \Windows\Panther\Setupact.log / CBS.log file and there doesn't seem to be anything indicating a problem. 
    I have googled a number of times to find solutions but most articles reference a similar problem after installing a particular KB (which shouldn't be the case here). Need some help :) 

    Hey Tim,
    Thanks for your reply, since the start of this post I have also installed MDT to try a different approach to installing the OS. Using MDT I have injected the Intel I350 driver into the installation so it should be restarting with the driver loaded.
    The odd thing is that when the server reboots the Windows startup screen loads for about 4 minutes before it gives the INACCESSIBLE_BOOT_DEVICE error. This would indicate to me that it sees the disk and tries to boot from it but then something goes wrong.
    Other than the \Windows\Panther location is there another place I should be looking for log files during this part of the Windows install? I have reviewed all the locations listed under the TechNet library article "hh824819" (I can't post
    a link to the article but a google search brings it up) but I can't seem to find a log of when the server crashes what it is doing at that point.

  • T-500 and Windows Server 2008 R2 RTM

    My setup:
    T-500 dual booting via VHD - Windows 7 and Windows Server 2008 R2 (both 64-bit).
    My problem:
    I'm having a devil of a time with this one.  I get random BSOD'd in my Server 2008 R2 installation, but my Win7 install is rock solid.  Sometimes it's right away, sometimes after a few minutes, sometimes when trying to use WordPad.  I cannot get my wireless card (Intel 5100 AGN) to work along with video drivers for my ATI card, so I'm leaning towards a driver issue.  I'm trying to use the Win7 drivers for anything that's missing drivers at the moment, since they are the same under the hood, so to speak.
    Has anyone else experimented with this setup and/or run into similar problems?  Thanks!
    T500: T9400 (2.53GHz), 4GB RAM, 160GB 7200rpm, 15.4in 1680x1050 WSXGA+ LCD, 256MB ATI Radeon HD3650, DVDRW, Intel 802.11agn wireless, AT&T WWAN, Bluetooth, Modem, 1Gb Ethernet, 9c Li-Ion, Windows 7 Ultimate x64 RC (Build 7100)

    You shouldn't have any big issues, but there are a couple of gotchas that Server versions of Windows have (a notable one is the Bluetooth stack).  Those are somewhat detailed in the review, though (and that blog also details how to get other features of Server 2008 R2 running).

  • CSA MC - BSOD after installing KB 958644

    I installed the out-of-band MS KB 958644 last friday on our CSA management console server (only app on that server), rebooted and was greeted with a BSOD shortly after the server came up.
    Tried a couple more times and got same results. Lots of event ID# 333 in the log.
    I restored the server to my previous night's backup image and it is running again.
    Might try re applying the KB again to see if it happens again.
    Specifics are Win2003 RS SP2 with all relevant MS patches / 2 GB RAM / Running on a VMware ESX3i virtual machine. CSA Ver 6.0.201

    this error is so much obvius.
    just look on internet on how to disable readyboost. additional just turn off the hybrid function and u will never see this bsod again, even i dont know how dumb ur mediacenter edition is and want to give u other bsods. btw i only seen bsods couse of **bleep** driver on my devices. donno how u manage to get such bluescreens......
    btw according to the results i recommning ya to use ckhdsk /f to ur disk. mstWorker is mentioned wich means read write issues on access files. mstworker is microsoft Tiworker, an process wich examines files an bit. used by winupdate and the indexer. 

  • Storport.sys BSOD on Windows Server 2012 R2

    I recently purchased a Server that houses 45 4TB drives to use as my backup to disk solution. I installed Windows Server 2012 R2 Standard so that I could take advantage of Microsoft's Storage Spaces. I have configured the Storage Pool
    with Dual Parity with 3 hot spares. I have also updated every thing to the most current firmware, drivers and Windows Updates that I could find but I am still getting the BSOD. I am using Symantec Backup Exec 2010 R3 to backup my file server to this server.
    It will run for anywhere between 12 to 31 hours transferring 1.5 to 3TB and then my server will Blue Screen and every time it Blue Screens it says it is caused by the storport.sys Driver. I've found articles talking about the storport.sys driver causing nonpaged
    pool leaks but that was for Windows Server 2008 R2, I can't find anything for Windows Server 2012 R2. If you need additional information just let me know and I will provide it. Any help you can give would be greatly appreciated.

    Hi,
    This article provided the limitation of Storage Pool in Windows Server 2012 R2:
    https://social.technet.microsoft.com/wiki/contents/articles/11382.storage-spaces-frequently-asked-questions-faq.aspx#What_are_the_recommended_configuration_limits
    Yor current situation is still in supported configuration.
    Also there is no hotfix for Windows Server 2012 R2 regarding storport.sys yet. Which means your current issue is not a known issue.
    For further troubleshooting purpose you may need to collect dump files for analysis. However it will take a long time to do the troubleshooting process on forum. Thus it is recommended to submit a ticket to Microsoft online support for a professional troubleshooting.
    To obtain the phone numbers for specific technology request please take a look at the web site listed below:
    http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS
    If you have any feedback on our support, please send to [email protected]

  • Windows Server 2008 R2 SP1 - BSOD Stop Error 0x00000050 RDPWD.SYS

    Hi all,
    I have been struggling with a BSOD for the past 5 weeks and have scoured the web trying in vain to find someone else with the same issue.
    Environment:
    8 x 2008 R2 SP1 Windows Servers (8Gb RAM, 25Gb HDD) with Remote Desktop Services Roles installed, running as part of an RDS Farm.  All Servers are VM Guests (hardware version 7) running on VMware vSphere v4.1.0-260247 Hosts (Dell
    PowerEdge R710 - 128Gb RAM).  Our vSphere 'farm' has 5 Hosts that connect to our EMC SAN via iSCSI with multipath routes. 
    Each RDS Server is load balanced via a Connection Broker, and each server has the same set of software / vm hardware installed.  In a nutshell, each has Symantec Endpoint Protection v11.0.5002.333, Symantec Altiris v7.0, Microsoft Office 2007 as well as
    other various software essential to these servers.
    Symptoms:
    Randomly throughout the day, one (or more) of the RDS Servers will crash with a BSOD more often than not with "caused by driver ntoskrnl.exe" sometimes with "cng.sys" and once with "ksecpkg.sys".  So far in the 5 weeks I have had 90 crashes.  Yesterday
    all 8 of the RDS Servers crashed at some point throughout the day.
    On a typical BSOD, it says:
    The problem seems to be caused by the following file: ntoskrnl.exe
    PAGE_FAULT_IN_NONPAGED_AREA
    Technical Information:
    *** STOP: 0x00000050 (0xfffffa800c153284, 0x0000000000000001, 0xfffff880053dc0c9, 0x0000000000000000)
    *** ntoskrnl.exe - Address 0xfffff8000169ac40 base at 0xfffff8000161e000 DateStamp 0x4e02aaa3
    Using BlueScreenView it says "caused by address: ntoskrnl.exe+7cc40" nearly every time.
    I have analysed as best I could using Microsoft WinDbg, and this is the output of a typical mini-dump file:
    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    Loading Dump File [\\hqrds01\c$\Windows\Minidump\030112-19359-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    Symbol search path is: SRV*C:\Program Files\Debugging Tools for Windows (x64)\Symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
    Product: Server, suite: TerminalServer
    Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
    Machine Name:
    Kernel base = 0xfffff800`01609000 PsLoadedModuleList = 0xfffff800`0184e670
    Debug session time: Thu Mar  1 09:14:00.921 2012 (UTC + 0:00)
    System Uptime: 0 days 21:31:41.950
    Loading Kernel Symbols
    Loading User Symbols
    Loading unloaded module list
    *                        Bugcheck Analysis                                   
    Use !analyze -v to get detailed debugging information.
    BugCheck 50, {fffffa800be83284, 1, fffff8800576f0c9, 0}
    Could not read faulting driver name
    Probably caused by : RDPWD.SYS ( RDPWD!memcpy+1d9 )
    Followup: MachineOwner
    1: kd> !analyze -v
    *                        Bugcheck Analysis                                   
    PAGE_FAULT_IN_NONPAGED_AREA (50)
    Invalid system memory was referenced.  This cannot be protected by try-except,
    it must be protected by a Probe.  Typically the address is just plain bad or it
    is pointing at freed memory.
    Arguments:
    Arg1: fffffa800be83284, memory referenced.
    Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
    Arg3: fffff8800576f0c9, If non-zero, the instruction address which referenced the bad memory
     address.
    Arg4: 0000000000000000, (reserved)
    Debugging Details:
    Could not read faulting driver name
    WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800018b8100
     fffffa800be83284
    FAULTING_IP:
    RDPWD!memcpy+1d9
    fffff880`0576f0c9 668901          mov     word ptr [rcx],ax
    MM_INTERNAL_CODE:  0
    CUSTOMER_CRASH_COUNT:  1
    DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP
    BUGCHECK_STR:  0x50
    PROCESS_NAME:  svchost.exe
    CURRENT_IRQL:  0
    TRAP_FRAME:  fffff8800bf70a80 -- (.trap 0xfffff8800bf70a80)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=000000000000023d rbx=0000000000000000 rcx=fffffa800be83284
    rdx=ffffffffffe7e63b rsi=0000000000000000 rdi=0000000000000000
    rip=fffff8800576f0c9 rsp=fffff8800bf70c18 rbp=0000000000000001
     r8=000000000000001c  r9=fffff8a0033401e8 r10=fffff8a0033401e8
    r11=fffffa800be83268 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl nz na pe nc
    RDPWD!memcpy+0x1d9:
    fffff880`0576f0c9 668901          mov     word ptr [rcx],ax ds:0c40:fffffa80`0be83284=????
    Resetting default scope
    LAST_CONTROL_TRANSFER:  from fffff800016319fc to fffff80001685c40
    STACK_TEXT: 
    fffff880`0bf70918 fffff800`016319fc : 00000000`00000050 fffffa80`0be83284 00000000`00000001 fffff880`0bf70a80 : nt!KeBugCheckEx
    fffff880`0bf70920 fffff800`01683d6e : 00000000`00000001 fffffa80`0be83284 00000000`00000000 fffff8a0`0be85820 : nt! ?? ::FNODOBFM::`string'+0x4611f
    fffff880`0bf70a80 fffff880`0576f0c9 : fffff880`057547cf 00000000`00000000 00000000`00000022 00000000`00000002 : nt!KiPageFault+0x16e
    fffff880`0bf70c18 fffff880`057547cf : 00000000`00000000 00000000`00000022 00000000`00000002 fffff880`0576c99d : RDPWD!memcpy+0x1d9
    fffff880`0bf70c20 fffff880`0576c9fc : fffff8a0`0f938010 00000000`00000022 00000000`00000019 00000000`00000002 : RDPWD!SM_MCSSendDataCallback+0x303
    fffff880`0bf70c60 fffff880`0576b354 : fffff880`0bf70da0 fffff8a0`033401e8 00000000`00000000 fffff880`0576abfd : RDPWD!HandleAllSendDataPDUs+0x188
    fffff880`0bf70d10 fffff880`0576af64 : 00000000`00000031 fffffa80`0bd01895 00000006`0000001f fffff880`05739079 : RDPWD!RecognizeMCSFrame+0x28
    fffff880`0bf70d50 fffff880`029ba1f8 : fffff8a0`03345000 fffffa80`0bae6e80 fffffa80`0a5c0e60 fffff880`05737e00 : RDPWD!MCSIcaRawInputWorker+0x3d4
    fffff880`0bf70df0 fffff880`057378d0 : 00000000`00000000 fffff880`0bf70f10 fffff880`0bf70f08 00000000`00000000 : termdd!IcaRawInput+0x50
    fffff880`0bf70e20 fffff880`05736d85 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tssecsrv!CRawInputDM::PassDataToServer+0x2c
    fffff880`0bf70e50 fffff880`057367c2 : fffffa80`088e8a28 fffffa80`00000000 00000000`00000031 fffff800`00000000 : tssecsrv!CFilter::FilterIncomingData+0xc9
    fffff880`0bf70ef0 fffff880`029ba1f8 : fffff880`009b8180 00000000`00000001 00000000`00000000 00000000`00000000 : tssecsrv!ScrRawInput+0x82
    fffff880`0bf70f60 fffff880`0572c4c5 : fffffa80`088e8a10 fffffa80`0bd01658 00000000`00000000 fffffa80`088e8a10 : termdd!IcaRawInput+0x50
    fffff880`0bf70f90 fffff880`029baf3e : fffffa80`0bd01620 fffffa80`0c100420 fffffa80`0bd4b450 fffffa80`0973b9b0 : tdtcp!TdInputThread+0x465
    fffff880`0bf71810 fffff880`029b9ae3 : fffffa80`09d902b0 fffffa80`0973b9b0 fffffa80`093d8520 fffffa80`0bd4b450 : termdd!IcaDriverThread+0x5a
    fffff880`0bf71840 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : termdd!IcaDeviceControlStack+0x827
    STACK_COMMAND:  kb
    FOLLOWUP_IP:
    RDPWD!memcpy+1d9
    fffff880`0576f0c9 668901          mov     word ptr [rcx],ax
    SYMBOL_STACK_INDEX:  3
    SYMBOL_NAME:  RDPWD!memcpy+1d9
    FOLLOWUP_NAME:  MachineOwner
    MODULE_NAME: RDPWD
    IMAGE_NAME:  RDPWD.SYS
    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce7ab45
    FAILURE_BUCKET_ID:  X64_0x50_VRF_RDPWD!memcpy+1d9
    BUCKET_ID:  X64_0x50_VRF_RDPWD!memcpy+1d9
    Followup: MachineOwner
    The RDS servers are set to reboot automatically, and after a period of 5 minutes or so, the users can reconnect and log back in.  On a typical day each server will have around 10 people RDP'd in to them.
    The Users connecting to the RDS Servers included XP laptops/desktops and IGEL UD-120-LX Thin Terminals.  The XPs have SP3 installed and are fully patched via Symantec Altiris.
    Things I have tried:
    - Analyse the dump-files (as per above).
    - I have tracked each user logging on to the RDS Farm (via batch scripts) and tried to determine if this is caused by the same individual(s) but it appears random.
    - Check to see if the crashing Virtual Machine is running on a specific host, but it has happened on all Hosts.
    - Check to see if there was anything specific that happened on the day that the crashes started.  There were about 5 new poeple introduced to the RDS Farm at that time, but there were using (a) client machines that had been used previously elsewhere with
    no issues, (b) software that had been used previously, (c) in a remote location that had previous users using RDS, (d) have not been logged on to a RDS Server when it has crashed.
    - Updated Windows Server 2008 R2 SP1 to the latest patches (as of Feb 2012).
    - Turned on Verifier (using recommended settings), and then analysed dump-files with the same reference to rdpwd.sys.
    - Fixed the Memory Resource Reservation in vSphere to the full 8Gb for all these RDS Servers (so that the memory is not shared at all).
    - Ran MEMTEST on a VM Guest with the full 8Gb RAM, on a couple of the ESX Hosts.
    - Changed the VMTools Video Driver to the SVGA II driver from the Standard VGA Driver.
    - Ran a full AV Scan (using SEP).
    - Isolated the Printer Drivers using the Printer Management MMC.
    - Ran sfc /scannow of all RDS Servers and rebooted.
    The mini-dump file mentioned above is here:https://skydrive.live.com/redir.aspx?cid=48f471f287af2349&resid=48F471F287AF2349!105&parid=48F471F287AF2349!103
    I hope someone can help, as what hair I have left (from pulling it out) is turning grey!
    Andy

    *                        Bugcheck Analysis                                   
    PAGE_FAULT_IN_NONPAGED_AREA (50)
    Invalid system memory was referenced.  This cannot be protected by try-except,
    it must be protected by a Probe.  Typically the address is just plain bad or it
    is pointing at freed memory.
    Arguments:
    Arg1: fffffa800c153284, memory referenced.
    Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
    Arg3: fffff880053dc0c9, If non-zero, the instruction address which referenced the bad memory
        address.
    Arg4: 0000000000000000, (reserved)
    Debugging Details:
    Could not read faulting driver name
    WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800018cd100
     fffffa800c153284
    FAULTING_IP:
    RDPWD!memcpy+1d9
    fffff880`053dc0c9 668901          mov     word ptr [rcx],ax
    MM_INTERNAL_CODE:  0
    CUSTOMER_CRASH_COUNT:  1
    DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP
    BUGCHECK_STR:  0x50
    PROCESS_NAME:  svchost.exe
    CURRENT_IRQL:  0
    TRAP_FRAME:  fffff8800aa48a80 -- (.trap 0xfffff8800aa48a80)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=00000000000001ff rbx=0000000000000000 rcx=fffffa800c153284
    rdx=ffffffffffee6b8b rsi=0000000000000000 rdi=0000000000000000
    rip=fffff880053dc0c9 rsp=fffff8800aa48c18 rbp=0000000000000001
     r8=000000000000001c  r9=fffff8a0123923a8 r10=fffff8a0123923a8
    r11=fffffa800c153268 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl nz na pe nc
    RDPWD!memcpy+0x1d9:
    fffff880`053dc0c9 668901          mov     word ptr [rcx],ax ds:8c40:fffffa80`0c153284=????
    Resetting default scope
    LAST_CONTROL_TRANSFER:  from fffff800016469fc to fffff8000169ac40
    STACK_TEXT:  
    fffff880`0aa48918 fffff800`016469fc : 00000000`00000050 fffffa80`0c153284 00000000`00000001 fffff880`0aa48a80 : nt!KeBugCheckEx
    fffff880`0aa48920 fffff800`01698d6e : 00000000`00000001 fffffa80`0c153284 00000000`00000000 fffff8a0`10919830 : nt! ?? ::FNODOBFM::`string'+0x4611f
    fffff880`0aa48a80 fffff880`053dc0c9 : fffff880`053c17cf 00000000`00000000 00000000`00000022 00000000`00000002 : nt!KiPageFault+0x16e
    fffff880`0aa48c18 fffff880`053c17cf : 00000000`00000000 00000000`00000022 00000000`00000002 fffff880`053d999d : RDPWD!memcpy+0x1d9
    fffff880`0aa48c20 fffff880`053d99fc : fffff8a0`10cf30d0 00000000`00000022 00000000`00000019 00000000`00000002 : RDPWD!SM_MCSSendDataCallback+0x303
    fffff880`0aa48c60 fffff880`053d8354 : fffff880`0aa48da0 fffff8a0`123923a8 00000000`00000000 fffff880`053d7bfd : RDPWD!HandleAllSendDataPDUs+0x188
    fffff880`0aa48d10 fffff880`053d7f64 : 00000000`00000031 fffffa80`0c039de5 00000006`0000001f fffff880`053a6079 : RDPWD!RecognizeMCSFrame+0x28
    fffff880`0aa48d50 fffff880`012c01f8 : fffff8a0`12393000 fffffa80`0bb7aa60 fffffa80`0b81e9c0 fffff880`053a4e00 : RDPWD!MCSIcaRawInputWorker+0x3d4
    fffff880`0aa48df0 fffff880`053a48d0 : 00000000`00000000 fffff880`0aa48f10 fffff880`0aa48f08 fffffa80`0c039ba8 : termdd!IcaRawInput+0x50
    fffff880`0aa48e20 fffff880`053a3d85 : fffff880`01716890 fffffa80`0c0327e8 00000000`00000000 00000000`00000000 : tssecsrv!CRawInputDM::PassDataToServer+0x2c
    fffff880`0aa48e50 fffff880`053a37c2 : fffffa80`0c16e598 fffffa80`00000000 00000000`00000031 fffff800`00000000 : tssecsrv!CFilter::FilterIncomingData+0xc9
    fffff880`0aa48ef0 fffff880`012c01f8 : fffff880`009b8180 00000000`00000001 00000000`00000000 00000000`00000000 : tssecsrv!ScrRawInput+0x82
    fffff880`0aa48f60 fffff880`052994c5 : fffffa80`0c16e580 fffffa80`0c039ba8 00000000`00000000 fffffa80`0c16e580 : termdd!IcaRawInput+0x50
    fffff880`0aa48f90 fffff880`012c0f3e : fffffa80`0c039b70 fffffa80`0acccf20 fffffa80`0a95c450 fffffa80`0abf9620 : tdtcp!TdInputThread+0x465
    fffff880`0aa49810 fffff880`012bfae3 : fffffa80`0c0a6560 fffffa80`0abf9620 fffffa80`087eee80 fffffa80`0a95c450 : termdd!IcaDriverThread+0x5a
    fffff880`0aa49840 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : termdd!IcaDeviceControlStack+0x827
    STACK_COMMAND:  kb
    FOLLOWUP_IP:
    RDPWD!memcpy+1d9
    fffff880`053dc0c9 668901          mov     word ptr [rcx],ax
    SYMBOL_STACK_INDEX:  3
    SYMBOL_NAME:  RDPWD!memcpy+1d9
    FOLLOWUP_NAME:  MachineOwner
    MODULE_NAME: RDPWD
    IMAGE_NAME:  RDPWD.SYS
    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce7ab45
    FAILURE_BUCKET_ID:  X64_0x50_VRF_RDPWD!memcpy+1d9
    BUCKET_ID:  X64_0x50_VRF_RDPWD!memcpy+1d9
    Followup: MachineOwner
    Bug Check Code 0x50:http://msdn.microsoft.com/en-us/library/windows/hardware/ff559023%28v=vs.85%29.aspx
    Please start by that:
    Update all possible drivers
    Uninstall all unused programs
    Disable all security softwares you have
    Run chkdsk /r /f and sfc /scannow
    Run memtest86+ to check if all is okay with your RAM. If an error was detected then replace the faulty RAM or contact your manufacturer Technical Support
    If this does not help then upload MEMORY.DMP file (You can zip it and divide it using 7-ZIP) using Microsoft Skydrive and post a link here.
    You can also contact Microsoft CSS for assistance.
    This
    posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   
    Microsoft
    Student Partner 2010 / 2011
    Microsoft
    Certified Professional
    Microsoft
    Certified Systems Administrator: Security
    Microsoft
    Certified Systems Engineer: Security
    Microsoft
    Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft
    Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft
    Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft
    Certified Technology Specialist: Windows 7, Configuring
    Microsoft
    Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft
    Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

  • BSOD when starting MSMQ service as domain user Windows server 2012

    Hi
    We have a problem with a server getting BSOD when we start a service related to MSMQ. We get the attempted execute of noexecute memory BSOD whenever we start the service as a User on the domain. When we start the service as a system local it starts without
    problem. I got the crashdump here:
    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
    Microsoft (R) Windows Debugger Version 6.3.9600.17298 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    Loading Dump File [C:\170\120314-11828-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
    Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 8 Kernel Version 9200 MP (4 procs) Free x64
    Product: Server, suite: TerminalServer SingleUserTS
    Built by: 9200.16912.amd64fre.win8_gdr.140502-1507
    Machine Name:
    Kernel base = 0xfffff800`48476000 PsLoadedModuleList = 0xfffff800`48742aa0
    Debug session time: Wed Dec  3 14:41:01.892 2014 (UTC + 1:00)
    System Uptime: 0 days 0:04:09.904
    Loading Kernel Symbols
    Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
    Run !sym noisy before .reload to track down problems loading symbols.
    Loading User Symbols
    Loading unloaded module list
    *                        Bugcheck Analysis                                    *
    Use !analyze -v to get detailed debugging information.
    BugCheck FC, {7f982e340e0, 791000010fdb1025, fffff8800485a5e0, 80000005}
    Probably caused by : mqac.sys ( mqac!ACCreateQueue+a77 )
    Followup: MachineOwner
    1: kd> !analyze -v
    *                        Bugcheck Analysis                                    *
    ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY (fc)
    An attempt was made to execute non-executable memory.  The guilty driver
    is on the stack trace (and is typically the current instruction pointer).
    When possible, the guilty driver's name (Unicode string) is printed on
    the bugcheck screen and saved in KiBugCheckDriver.
    Arguments:
    Arg1: 000007f982e340e0, Virtual address for the attempted execute.
    Arg2: 791000010fdb1025, PTE contents.
    Arg3: fffff8800485a5e0, (reserved)
    Arg4: 0000000080000005, (reserved)
    Debugging Details:
    CUSTOMER_CRASH_COUNT:  1
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT_SERVER
    BUGCHECK_STR:  0xFC
    PROCESS_NAME:  mqsvc.exe
    CURRENT_IRQL:  0
    ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre
    TRAP_FRAME:  fffff8800485a5e0 -- (.trap 0xfffff8800485a5e0)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=000007f982e0c950 rbx=0000000000000000 rcx=0000005dff1fecd0
    rdx=0000005dff34e988 rsi=0000000000000000 rdi=0000000000000000
    rip=000007f982e340e0 rsp=fffff8800485a778 rbp=fffff8800485ab80
     r8=fffffa800e623980  r9=0000000000000521 r10=fffffa800ec547a0
    r11=0000000000000006 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl nz na pe nc
    000007f9`82e340e0 ??              ???
    Resetting default scope
    LAST_CONTROL_TRANSFER:  from fffff80048661ef1 to fffff800484d0540
    STACK_TEXT:  
    fffff880`0485a408 fffff800`48661ef1 : 00000000`000000fc 000007f9`82e340e0 79100001`0fdb1025 fffff880`0485a5e0 : nt!KeBugCheckEx
    fffff880`0485a410 fffff800`48588980 : fffff880`0485a5e0 ffffd8e9`9e6056e2 fffffa80`0ec547a0 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x33f2d
    fffff880`0485a450 fffff800`4850aabd : fffff880`0485a500 00000000`c0000016 fffffa80`0e603b00 fffffa80`0e623980 : nt! ?? ::FNODOBFM::`string'+0x33e85
    fffff880`0485a4a0 fffff800`484cdfee : 00000000`00000008 00000000`00000000 00000000`00000000 fffff880`0485a5e0 : nt!MmAccessFault+0x3ed
    fffff880`0485a5e0 000007f9`82e340e0 : fffff880`00dc5297 fffffa80`0ec54770 00000000`00000000 fffff8a0`011ce7c0 : nt!KiPageFault+0x16e
    fffff880`0485a778 fffff880`00dc5297 : fffffa80`0ec54770 00000000`00000000 fffff8a0`011ce7c0 fffff980`00000000 : 0x000007f9`82e340e0
    fffff880`0485a780 fffff880`00dc60d7 : 00000000`00000000 0000005d`ff34e988 00000000`00000000 00000000`00000000 : mqac!ACCreateQueue+0xa77
    fffff880`0485a7f0 fffff800`488ab127 : fffffa80`0e5ed520 fffffa80`0d50ecf0 00000000`00000521 00000000`00000000 : mqac!ACDeviceControl+0x62b
    fffff880`0485a890 fffff800`488c02f6 : 00000000`00000000 fffff8a0`00000080 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x7e5
    fffff880`0485aa20 fffff800`484cf553 : 00000000`00000000 00000000`0000000c fffff6fb`7dbed078 fffff6fb`7da0ff30 : nt!NtDeviceIoControlFile+0x56
    fffff880`0485aa90 000007f9`8a702c1a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    0000005d`ff34e928 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x000007f9`8a702c1a
    STACK_COMMAND:  kb
    FOLLOWUP_IP: 
    mqac!ACCreateQueue+a77
    fffff880`00dc5297 85c0            test    eax,eax
    SYMBOL_STACK_INDEX:  6
    SYMBOL_NAME:  mqac!ACCreateQueue+a77
    FOLLOWUP_NAME:  MachineOwner
    MODULE_NAME: mqac
    IMAGE_NAME:  mqac.sys
    DEBUG_FLR_IMAGE_TIMESTAMP:  5010abc2
    IMAGE_VERSION:  6.2.9200.16384
    BUCKET_ID_FUNC_OFFSET:  a77
    FAILURE_BUCKET_ID:  0xFC_mqac!ACCreateQueue
    BUCKET_ID:  0xFC_mqac!ACCreateQueue
    ANALYSIS_SOURCE:  KM
    FAILURE_ID_HASH_STRING:  km:0xfc_mqac!accreatequeue
    FAILURE_ID_HASH:  {d1daca31-6256-358c-65b5-69af54392880}
    Followup: MachineOwner

    Hi,
    For BugCheck FC, it indicates that an attempt was made to execute non-executable memory. For more details,
    please refer to following article.
    Bug Check 0xFC: ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY
    à
    whenever we start the service as a User on the domain
    . When we start the service as a system local it starts without problem
    Did you mean that just use a standard domain user account to start the service, then encounter the issue? If
    configure Log on as Local System account, will no BSOD issue occurred? Just a confirmation, thanks for your understanding.
    Please check if you install all necessary Windows Updates on the server.
    In addition, as you know, troubleshoot this kind of kernel crash issue, we need to analyze the crash dump file to narrow down the root cause of the issue. However, it is
    not effective for us to debug the crash dump file here in the forum. If this issues is a state of emergency for you. Please contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
    To obtain the phone numbers for specific technology request, please refer to the web site listed below:
    http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
    Hope this helps.
    Best regards,
    Justin Gu

  • Exchange 2013 SP1 on Windows Server 2008 R2 Enterprise - BSOD after DAG creation

    Hi,
    We are running Exchange 2007 SP3 RU13 on Windows 2003 R2 with SP2 in a 2003 native AD environment and recently decided to upgrade to Exchange 2013. We installed a pair of new DELL R420 servers running Windows 2008 R2 Enterprise then threw Exchange 2013 SP1
    onto them. This all went fine and the servers are running stable.
    We connected the second NIC of each server to the other via a separate switch, the second NIC has Client for MS Networks and File/Printer Sharing disabled plus a totally separate subnet with no DNS or GW address assigned. DAG setup was run and completed
    OK. I created the DAG network in Exchange and enabled replication, I also left replication enabled across the production LAN. Finally, I went into the advanced network settings and made sure the replication network was below the production network in the binding
    order.
    After an hour or two the BSOD's started.. both servers would crash within a few minutes of each other and reboot with a Kernel Panic. I have attached the contents of the dump file below. This seems to happen every few hours and it always seems to be the
    server hosting the passive DB copies crashes first, followed by the server hosting the active copies. Note that if we disable the replication NIC on both servers they do not crash.
    I got the impression from somewhere that perhaps the servers had mixed up the binding order and were trying to use the replication network as primary, losing access to AD and rebooting (which I have read is the behaviour for Exchange now). It appears the
    Exchange Health service has killed WININIT which causes the crash.
    Thanks!!!
    The crash dump text is below:
    CRITICAL_OBJECT_TERMINATION (f4)
    A process or thread crucial to system operation has unexpectedly exited or been
    terminated.
    Several processes and threads are necessary for the operation of the
    system; when they are terminated (for any reason), the system can no
    longer function.
    Arguments:
    Arg1: 0000000000000003, Process
    Arg2: fffffa80192ebb30, Terminating object
    Arg3: fffffa80192ebe10, Process image file name
    Arg4: fffff80001dc37b0, Explanatory message (ascii)
    Debugging Details:
    PROCESS_OBJECT: fffffa80192ebb30
    DEBUG_FLR_IMAGE_TIMESTAMP:  0
    MODULE_NAME: wininit
    FAULTING_MODULE: 0000000000000000
    PROCESS_NAME:  MSExchangeHMWo
    BUGCHECK_STR:  0xF4_MSExchangeHMWo
    CUSTOMER_CRASH_COUNT:  1
    DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP
    CURRENT_IRQL:  0
    LAST_CONTROL_TRANSFER:  from fffff80001e4cab2 to fffff80001abebc0
    STACK_TEXT:  
    fffff880`0d7f39c8 fffff800`01e4cab2 : 00000000`000000f4 00000000`00000003 fffffa80`192ebb30 fffffa80`192ebe10 : nt!KeBugCheckEx
    fffff880`0d7f39d0 fffff800`01df7abb : ffffffff`ffffffff fffffa80`1bcf3060 fffffa80`192ebb30 fffffa80`383ea060 : nt!PspCatchCriticalBreak+0x92
    fffff880`0d7f3a10 fffff800`01d77674 : ffffffff`ffffffff 00000000`00000001 fffffa80`192ebb30 00000000`00000008 : nt! ?? ::NNGAKEGL::`string'+0x17486
    fffff880`0d7f3a60 fffff800`01abde53 : fffffa80`192ebb30 fffff880`ffffffff fffffa80`1bcf3060 00000000`00000000 : nt!NtTerminateProcess+0xf4
    fffff880`0d7f3ae0 00000000`7772157a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    00000000`34eed638 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7772157a
    STACK_COMMAND:  kb
    FOLLOWUP_NAME:  MachineOwner
    IMAGE_NAME:  wininit.exe
    FAILURE_BUCKET_ID:  X64_0xF4_MSExchangeHMWo_IMAGE_wininit.exe
    BUCKET_ID:  X64_0xF4_MSExchangeHMWo_IMAGE_wininit.exe
    Followup: MachineOwner

    Hi Darrkon,
    I suggest checking the status of the HealthMailbox on each of servers.
    Also try to re-create the mailbox. You can safely delete and recreate health mailboxes.
    Be aware that any local Managed Availability probes that are using the these mailboxes will fail until the Microsoft Exchange Health Manager is restarted.  Once that service is restarted, it will recreate any mailboxes that it needs. 
    More details in the following similar thread, just for your reference:
    BSOD after creating DAG
    http://social.technet.microsoft.com/Forums/exchange/en-US/44d1cd98-cba1-4ed0-b0e7-8aa76ee3eabc/bsod-after-creating-dag
    Thanks
    Mavis
    Mavis Huang
    TechNet Community Support

  • Windows server 2012 R2 randomly BSOD's

    Dear all,
    Since recently we suffering from random BSOD's on a Windows 2012 R2 terminal server. We already checked if there has been any changes, updates, new drivers installed, etc. around the time we receive the first one, but we cannot find anything. The server
    is a virtual server on Hyper-V but the Hyper-V host doesn't suffer from BSOD's and is working properly. We updated the servers with newest windows updates. Could someone please help me debugging this minidump:
    Loading Dump File [C:\Users\admtem\Desktop\031915-48906-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    ************* Symbol Path validation summary **************
    Response Time (ms) Location
    Deferred srv*c:\cache*http://msdl.microsoft.com/download/symbols
    Symbol search path is: srv*c:\cache*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows 8 Kernel Version 9600 MP (16 procs) Free x64
    Product: Server, suite: TerminalServer
    Built by: 9600.17668.amd64fre.winblue_r8.150127-1500
    Machine Name:
    Kernel base = 0xfffff801`f4489000 PsLoadedModuleList = 0xfffff801`f4762250
    Debug session time: Thu Mar 19 01:55:51.856 2015 (UTC + 1:00)
    System Uptime: 0 days 2:21:59.525
    Loading Kernel Symbols
    Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
    Run !sym noisy before .reload to track down problems loading symbols.
    Loading User Symbols
    Loading unloaded module list
    * Bugcheck Analysis *
    Use !analyze -v to get detailed debugging information.
    BugCheck A, {fffff90140599000, 2, 0, fffff801f45280ab}
    Probably caused by : ntkrnlmp.exe ( nt!KeSetEvent+3fb )
    Followup: MachineOwner
    6: kd> !analyze -v
    * Bugcheck Analysis *
    IRQL_NOT_LESS_OR_EQUAL (a)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high. This is usually
    caused by drivers using improper addresses.
    If a kernel debugger is available get the stack backtrace.
    Arguments:
    Arg1: fffff90140599000, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
    Arg4: fffff801f45280ab, address which referenced memory
    Debugging Details:
    READ_ADDRESS: GetPointerFromAddress: unable to read from fffff801f47ec138
    unable to get nt!MmNonPagedPoolStart
    unable to get nt!MmSizeOfNonPagedPoolInBytes
    fffff90140599000
    CURRENT_IRQL: 2
    FAULTING_IP:
    nt!KeSetEvent+3fb
    fffff801`f45280ab 488b09 mov rcx,qword ptr [rcx]
    CUSTOMER_CRASH_COUNT: 1
    DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
    BUGCHECK_STR: AV
    PROCESS_NAME: System
    ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre
    TRAP_FRAME: ffffd00142686900 -- (.trap 0xffffd00142686900)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=ffffd001475bc4e8 rbx=0000000000000000 rcx=fffff90140599000
    rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff801f45280ab rsp=ffffd00142686a90 rbp=0000000000000000
    r8=0000000000000000 r9=fffff801f492c628 r10=fffff90140599000
    r11=ffffd00142686b00 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0 nv up ei pl nz ac po nc
    nt!KeSetEvent+0x3fb:
    fffff801`f45280ab 488b09 mov rcx,qword ptr [rcx] ds:fffff901`40599000=????????????????
    Resetting default scope
    LAST_CONTROL_TRANSFER: from fffff801f45e54e9 to fffff801f45d99a0
    STACK_TEXT:
    ffffd001`426867b8 fffff801`f45e54e9 : 00000000`0000000a fffff901`40599000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
    ffffd001`426867c0 fffff801`f45e3d3a : 00000000`00000000 ffffd001`475bc4e0 ffffe001`26538900 ffffcf81`0df3afa0 : nt!KiBugCheckDispatch+0x69
    ffffd001`42686900 fffff801`f45280ab : 00000000`00002608 00000000`00000000 00000000`00000030 00000000`00000000 : nt!KiPageFault+0x23a
    ffffd001`42686a90 fffff801`f45343ac : fffff901`40599000 ffffe001`00000000 ffffe001`25f34800 fffff801`00000000 : nt!KeSetEvent+0x3fb
    ffffd001`42686b50 fffff801`f4561280 : 13131313`13131313 ffffe001`25f34880 00000000`00000080 ffffe001`25f34880 : nt!ExpWorkerThread+0x28c
    ffffd001`42686c00 fffff801`f45dffc6 : ffffd001`42040180 ffffe001`25f34880 ffffd001`4204c5c0 13131313`13131313 : nt!PspSystemThreadStartup+0x58
    ffffd001`42686c60 00000000`00000000 : ffffd001`42687000 ffffd001`42681000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
    STACK_COMMAND: kb
    FOLLOWUP_IP:
    nt!KeSetEvent+3fb
    fffff801`f45280ab 488b09 mov rcx,qword ptr [rcx]
    SYMBOL_STACK_INDEX: 3
    SYMBOL_NAME: nt!KeSetEvent+3fb
    FOLLOWUP_NAME: MachineOwner
    MODULE_NAME: nt
    IMAGE_NAME: ntkrnlmp.exe
    DEBUG_FLR_IMAGE_TIMESTAMP: 54c832b2
    IMAGE_VERSION: 6.3.9600.17668
    BUCKET_ID_FUNC_OFFSET: 3fb
    FAILURE_BUCKET_ID: AV_VRF_nt!KeSetEvent
    BUCKET_ID: AV_VRF_nt!KeSetEvent
    ANALYSIS_SOURCE: KM
    FAILURE_ID_HASH_STRING: km:av_vrf_nt!kesetevent
    FAILURE_ID_HASH: {3ff99d47-0a85-0b19-f59a-c152651b9c12}
    Followup: MachineOwner
    Any help would be much appriciated!
    Kind Regards,
    Thijs

    Hi Thijs,
    Just addition, please also check if all necessary windows updates were installed in this problematic server. Please check if drivers need to be updated.
    Please also refer to following thread and check if can help you.
    Blue Screen Error (Probably caused by : ntkrnlmp.exe)
    If this issues is a state of emergency for you. Please contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
    To obtain the phone numbers for specific technology request, please refer to the web site listed below:
    http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
    Best regards,
    Justin Gu
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • BSOD terminal server 2008 r2 after user logoff

    Hi there,
    We have a serieus problem with users that logoff on a terminal server. When a user logoff of the terminal server we'll get a bsod. Win32k.sys crashes.
    Our terminal server is a Windows 2008 r2  sp1 based on VMWare 5.0. We have installed al the available updates on this Windows Server.
    Any idea how to solve this problem?
    This topic first appeared in the Spiceworks Community

    Ok, I think I found the issue.
    I installed JRE 7 Update 51 for 64-bit.  And Chrome does not have a 64-bit for Windows.
    I went back and uninstalled this JRE version and instead installed the 32-bit version and now the Chrome plugin is working.

  • BSOD Error Windows 2008 R2 Terminal Server

    Hi guys
    I have a unique issue on a Windows 2008 R2 Enterprise Terminal Server where it keeps blue screening every so often (from every 2 or 3 days to some times once a week) with the exact same BSOD error. After countless hours Googling and researching I am simply
    at a dead end and desperately require some guidance if possible. I have ran malware bytes and other tools and the TS does not have any malware or viruses. I have ran a chkdsk and everything is also okay with that.
    It has happened about 5 times now with the same errors every time:
    29/05/2014 09:42:18
    Bug Check String: CRITICAL_OBJECT_TERMINATION
    Bug Check Code: 0x000000f4
    Parameter 1: 00000000`00000003
    2: fffffa80`243c5060
    3: fffffa80`243c5340
    4: fffff800`01bc70d0
    Caused by driver: ntoskrnl.exe
    Caused by address: ntoskrnl.exe+75b80
    Processor: x64
    I have uploaded the DMP to OneDrive: edit: it won't let me post a link until my account is verified?
    Thanks
    Dan

    Hi,
    Thank you for posting in Windows Server Forum.
    The problem which you are facing seems to be due to ntoskrnl.exe. There might be some corruption in ntoskrnl.exe file.It’s responsible for various system services such as hardware virtualization, process and memory management, thus making it a fundamental part
    of the system. It contains the cache manager, the executive, the kernel, the security reference monitor, the memory manager, and the scheduler.
    Please check below articles to fix the issue of ntoskrnl.exe.
    1. NTOSKRNL.EXE is missing or corrupt
    2. How to Fix Ntoskrnl.exe Missing or Corrupt Error
    Hope it helps!
    Thanks.
    Dharmesh Solanki

Maybe you are looking for

  • Getting ORA-06512/ORA-00972 ERROR WHILE EXECUTING THE PROCEDURE????

    Hi , while executing this procedure , I am getting follwoing errors: Create or Replace procedure ADD_CUSTOM_INDEX is INDX_NOT_EXIST Number; CREATE_SQL_STATMENT VARCHAR2(1500); ALTER_SQL_STATMENT VARCHAR2(150); CURSOR C1 IS select INDEX_NAME,CREATE_DD

  • Ghost32 image on my X61s = error message with winload.exe and 0xc000000f

    hi scuse my poor english. i have a deployment to do with 200 notebooks : r61 & x61s. i create a WDS server with a boot.wim and a Ghost Solution Suite Server 2.5 with images of R61 & X61s on the same server 2003. i start my R61, boot on the F12, start

  • Videos won't play in Safari

    Running Safari 5.0.2 on Mac OS 10.5.8 (Mac G5 quad) just installed Flash Player Plugin 10.1 r82. can't view streaming video in Safari -- "an error occurred, please try later" is the typical warning. (same result in current Firefox) I also installed F

  • Searching for iTunes 4.9 or 5.1

    Does any one know where I can get iTunes 4.9 or 5.1? as iTunes 6.0 won't work on my computer and i want to dowlad podcasts

  • Safari keeps crashing, why?

    Ever since yesterday Safari keeps crashing. I keep getting the same error code listed below. I can be on Safari for about 10-15 then it crashes. I have deleted the plist files and ran repair disk still keep getting the same result. Please help, its q