Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+b8 )
I am debugging a minidump file but I am not able to make out if the problem is related to hardware or software? The possible culprit could be “ntkrnlmp.exe” but which thread or process faulted is beyond my understanding. Please can someone help a newbie
debugger.
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64 Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\Items\Mini030413-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*f:\symbols\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (16 procs) Free x64
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 6002.18607.amd64fre.vistasp2_gdr.120402-0336
Machine Name:
Kernel base = 0xfffff800`01e08000 PsLoadedModuleList = 0xfffff800`01fccdd0
Debug session time: Mon Mar 4 07:23:36.821 2013 (UTC + 13:00)
System Uptime: 49 days 13:51:33.653
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
* Bugcheck Analysis
Use !analyze -v to get detailed debugging information.
BugCheck 7F, {8, 80050033, 6f8, fffff80001e8b4af}
Unable to load image spep.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for spep.sys
*** ERROR: Module load completed but symbols could not be loaded for spep.sys
Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+b8 )
Followup: MachineOwner
6: kd> !analyze -v
* Bugcheck Analysis
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050033
Arg3: 00000000000006f8
Arg4: fffff80001e8b4af
Debugging Details:
BUGCHECK_STR: 0x7f_8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
PROCESS_NAME: w3wp.exe
CURRENT_IRQL: 1
EXCEPTION_RECORD: fffffa60122c30a8 -- (.exr 0xfffffa60122c30a8)
ExceptionAddress: fffff80001e8767d (nt!RtlVirtualUnwind+0x000000000000016d)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 00000000000000d8
Attempt to read from address 00000000000000d8
TRAP_FRAME: fffffa60122c2080 -- (.trap 0xfffffa60122c2080)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000005 rbx=0000000000000000 rcx=0000000000000000
rdx=00000000000000d8 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80001e8767d rsp=fffffa60122c2210 rbp=fffffa60122c2450
r8=0000000000000005 r9=fffff80001e08000 r10=ffffffffffffff80
r11=fffff80002006000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!RtlVirtualUnwind+0x16d:
fffff800`01e8767d 488b02 mov rax,qword ptr [rdx] ds:00000000`000000d8=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80001e5f86e to fffff80001e5fad0
STACK_TEXT:
fffffa60`01f1da68 fffff800`01e5f86e : 00000000`0000007f 00000000`00000008 00000000`80050033 00000000`000006f8 : nt!KeBugCheckEx
fffffa60`01f1da70 fffff800`01e5e0b8 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x6e
fffffa60`01f1dbb0 fffff800`01e8b4af : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb8
fffffa60`122bdf40 fffff800`01e98d32 : fffffa60`122bed68 fffffa60`122bee90 fffffa60`122bee10 00000000`00000000 : nt!RtlDispatchException+0x2f
fffffa60`122be630 fffff800`01e5f929 : fffffa60`122bed68 00000000`00000003 fffffa60`122bee10 00000000`00000114 : nt!KiDispatchException+0xc2
fffffa60`122bec30 fffff800`01e5e725 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000003 : nt!KiExceptionDispatch+0xa9
fffffa60`122bee10 fffff800`01e8767d : 00000000`00059d17 fffffa60`122bf078 fffff800`01e08000 fffff800`01e08000 : nt!KiPageFault+0x1e5
fffffa60`122befa0 fffff800`01e8b598 : fffffa60`00000001 00000000`00000000 00000000`00000000 ffffffff`ffffff80 : nt!RtlVirtualUnwind+0x16d
fffffa60`122bf010 fffff800`01e98d32 : fffffa60`122bfe38 fffffa60`122bf810 fffffa60`00000000 00000000`00000000 : nt!RtlDispatchException+0x118
fffffa60`122bf700 fffff800`01e5f929 : fffffa60`122bfe38 00000000`00000003 fffffa60`122bfee0 00000000`00000114 : nt!KiDispatchException+0xc2
fffffa60`122bfd00 fffff800`01e5e725 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000003 : nt!KiExceptionDispatch+0xa9
fffffa60`122bfee0 fffff800`01e8767d : 00000000`00059d17 fffffa60`122c0148 fffff800`01e08000 fffff800`01e08000 : nt!KiPageFault+0x1e5
fffffa60`122c0070 fffff800`01e8b598 : fffffa60`00000001 00000000`00000000 00000000`00000000 ffffffff`ffffff80 : nt!RtlVirtualUnwind+0x16d
fffffa60`122c00e0 fffff800`01e98d32 : fffffa60`122c0f08 fffffa60`122c08e0 fffffa60`00000000 00000000`00000000 : nt!RtlDispatchException+0x118
fffffa60`122c07d0 fffff800`01e5f929 : fffffa60`122c0f08 00000000`00000003 fffffa60`122c0fb0 00000000`00000114 : nt!KiDispatchException+0xc2
fffffa60`122c0dd0 fffff800`01e5e725 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000003 : nt!KiExceptionDispatch+0xa9
fffffa60`122c0fb0 fffff800`01e8767d : 00000000`00059d17 fffffa60`122c1218 fffff800`01e08000 fffff800`01e08000 : nt!KiPageFault+0x1e5
fffffa60`122c1140 fffff800`01e8b598 : fffffa60`00000001 00000000`00000000 00000000`00000000 ffffffff`ffffff80 : nt!RtlVirtualUnwind+0x16d
fffffa60`122c11b0 fffff800`01e98d32 : fffffa60`122c1fd8 fffffa60`122c19b0 fffffa60`00000000 00000000`00000000 : nt!RtlDispatchException+0x118
fffffa60`122c18a0 fffff800`01e5f929 : fffffa60`122c1fd8 00000000`00000003 fffffa60`122c2080 00000000`00000114 : nt!KiDispatchException+0xc2
fffffa60`122c1ea0 fffff800`01e5e725 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000003 : nt!KiExceptionDispatch+0xa9
fffffa60`122c2080 fffff800`01e8767d : 00000000`00059d17 fffffa60`122c22e8 fffff800`01e08000 fffff800`01e08000 : nt!KiPageFault+0x1e5
fffffa60`122c2210 fffff800`01e8b598 : fffffa60`00000001 00000000`00000000 00000000`00000000 ffffffff`ffffff80 : nt!RtlVirtualUnwind+0x16d
fffffa60`122c2280 fffff800`01e98d32 : fffffa60`122c30a8 fffffa60`122c2a80 fffffa60`00000000 00000000`00000000 : nt!RtlDispatchException+0x118
fffffa60`122c2970 fffff800`01e5f929 : fffffa60`122c30a8 00000000`00000003 fffffa60`122c3150 00000000`00000114 : nt!KiDispatchException+0xc2
fffffa60`122c2f70 fffff800`01e5e725 : 00000000`00000000 fffffa60`122c31a0 fffffa80`69d06800 00000000`00000003 : nt!KiExceptionDispatch+0xa9
fffffa60`122c3150 fffff800`01e8767d : 00000000`00059d17 fffffa60`122c33b8 fffff800`01e08000 fffffa60`122c3c80 : nt!KiPageFault+0x1e5
fffffa60`122c32e0 fffff800`01e8b598 : fffffa60`00000001 00000000`00000000 fffffa60`00000000 ffffffff`ffffff80 : nt!RtlVirtualUnwind+0x16d
fffffa60`122c3350 fffff800`01e98d32 : fffffa60`122c4178 fffffa60`122c3b50 fffffa60`00000000 fffffa60`0160a000 : nt!RtlDispatchException+0x118
fffffa60`122c3a40 fffff800`01e5f929 : fffffa60`122c4178 00000000`00000003 fffffa60`122c4220 00000000`00000114 : nt!KiDispatchException+0xc2
fffffa60`122c4040 fffff800`01e5e725 : 00000000`00000000 fffffa80`1cff1010 fffffa80`2340ae00 00000000`00000003 : nt!KiExceptionDispatch+0xa9
fffffa60`122c4220 fffff800`01e8767d : 00000000`00059d17 fffffa60`122c4970 fffff800`01e08000 62206465`00000000 : nt!KiPageFault+0x1e5
fffffa60`122c43b0 fffff800`020ec4b2 : fffff800`00000001 fffffa60`10893500 fffff880`00000000 ffffffff`ffffff80 : nt!RtlVirtualUnwind+0x16d
fffffa60`122c4420 fffff800`01e8cf4d : ffffffff`ffffff80 fffffa80`695fe060 fffffa60`10893570 fffff800`01e08000 : nt!PspGetSetContextInternal+0x36a
fffffa60`122c4970 fffff800`01e811ce : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PspGetSetContextSpecialApc+0x9d
fffffa60`122c4a80 fffff800`01e61faf : fffffa80`695fe310 00000000`00000000 00000000`00000000 fffffa80`695fe060 : nt!KiDeliverApc+0x19e
fffffa60`122c4b20 fffff800`01e569bb : 00000000`00000007 fffffa60`0161e424 fffffa80`00000005 00000000`00000000 : nt!KiSwapThread+0x3ef
fffffa60`122c4b90 fffff800`01e94dad : ffff0050`00000000 fffffa60`00000005 fffffa80`122c0000 fffffa60`00000000 : nt!KeWaitForSingleObject+0x2cb
fffffa60`122c4c20 fffff800`01e81307 : 00000000`00000000 fffff880`082f6448 fffffa80`3ecdf064 00000000`00000000 : nt!KiSuspendThread+0x29
fffffa60`122c4c60 fffff800`01e84c23 : fffffa60`122c4d80 00000000`00000000 fffff800`01e94d84 00000000`00000000 : nt!KiDeliverApc+0x2d7
fffffa60`122c4d00 fffffa60`00c43093 : fffffa80`1ce4a180 fffffa60`01617601 fffffa80`5c527c40 fffff880`082f0100 : nt!KiApcInterrupt+0x103
fffffa60`122c4e90 fffffa80`1ce4a180 : fffffa60`01617601 fffffa80`5c527c40 fffff880`082f0100 fffffa60`122c5390 : spep+0x40093
fffffa60`122c4e98 fffffa60`01617601 : fffffa80`5c527c40 fffff880`082f0100 fffffa60`122c5390 fffffa80`1c000000 : 0xfffffa80`1ce4a180
fffffa60`122c4ea0 fffff880`082f6140 : fffff880`082f6390 fffff800`01e6dc7c 00000000`00000000 fffffa80`69ae8110 : Ntfs!NtfsCleanupIrpContext+0xd1
fffffa60`122c4ef0 fffff880`082f6390 : fffff800`01e6dc7c 00000000`00000000 fffffa80`69ae8110 fffffa80`69ae8420 : 0xfffff880`082f6140
fffffa60`122c4ef8 fffff800`01e6dc7c : 00000000`00000000 fffffa80`69ae8110 fffffa80`69ae8420 fffffa80`67000d00 : 0xfffff880`082f6390
fffffa60`122c4f00 fffff800`01e649a4 : fffffa80`1bf27000 fffffa60`122c4f68 fffffa80`1ce4a030 00000000`00000000 : nt!KiIpiProcessRequests+0x21c
fffffa60`122c4f50 fffffa60`122c5220 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiIpiInterrupt+0x114
fffffa80`69ae8110 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffa60`122c5220
STACK_COMMAND: kb
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
FOLLOWUP_NAME: MachineOwner
DEBUG_FLR_IMAGE_TIMESTAMP: 4f79ae26
FOLLOWUP_IP:
nt!KiDoubleFaultAbort+b8
fffff800`01e5e0b8 90 nop
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiDoubleFaultAbort+b8
FAILURE_BUCKET_ID: X64_TRAP_FRAME_RECURSION
BUCKET_ID: X64_TRAP_FRAME_RECURSION
Followup: MachineOwner
6: kd> .trap 0xfffffa60122c2080
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000005 rbx=0000000000000000 rcx=0000000000000000
rdx=00000000000000d8 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80001e8767d rsp=fffffa60122c2210 rbp=fffffa60122c2450
r8=0000000000000005 r9=fffff80001e08000 r10=ffffffffffffff80
r11=fffff80002006000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!RtlVirtualUnwind+0x16d:
fffff800`01e8767d 488b02 mov rax,qword ptr [rdx] ds:00000000`000000d8=????????????????
Please understand that debugging is not officially supported in Technet forum, please contact Microsoft Customer Support Service (CSS) if you need any help on dump file debugging. To obtain the phone numbers for specific technology request, please refer
to the website listed below:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS
If you are outside the US, please refer to
http://support.microsoft.com for regional support phone numbers.
For your reference, you can start by implementing the following troubleshooting steps
Run a chkdsk /r with elevated privilege against the system drives to find out any filesystem corruption
Run sfc /scannow to verify the protected Windows files from an administrative command prompt
Do RAM test or use a third-party tool like MemTest86+
Update BIOS and devices drivers.
Similar Messages
-
Probably caused by : ntoskrnl.exe ( nt+72f40 )
Dear Friend,
I have a windows server 2008R2 running on Hyper v .The host machine is running windows server2012.on this server,Exchange application is running.This server is getting rebooted itself on every 15-20 days.the mini blue dumb for the issue is as below.Please
help me for the solution.
Microsoft (R) Windows Debugger Version 6.2.9200.20512 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Administrator\Desktop\032214-16718-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
Executable search path is:
* Symbols can not be loaded because symbol path is not initialized. *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 7601.22411.amd64fre.win7sp1_ldr.130801-1934
Machine Name:
Kernel base = 0xfffff800`01a07000 PsLoadedModuleList = 0xfffff800`01c4b6d0
Debug session time: Sat Mar 22 18:41:25.076 2014 (UTC + 5:30)
System Uptime: 38 days 7:36:33.296
* Symbols can not be loaded because symbol path is not initialized. *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
* Bugcheck Analysis
Use !analyze -v to get detailed debugging information.
BugCheck 4A, {7773132a, 2, 0, fffff88002594b60}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
*** Type referenced: nt!_KPRCB
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
*** Type referenced: nt!KPRCB
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
*** Type referenced: nt!_KPRCB
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
*** Type referenced: nt!KPRCB
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
*** Type referenced: nt!_KPRCB
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
*** Type referenced: nt!_KPRCB
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
*** Type referenced: nt!_KPRCB
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
*** Type referenced: nt!_KPRCB
Probably caused by : ntoskrnl.exe ( nt+72f40 )
Followup: MachineOwner
---------Hi,
Before you start to use WinDbg you also need to configure the symbol path – just go to file->symbol file path and the path you need to enter for the Microsoft public symbol
server is:
http://msdl.microsoft.com/download/symbols
The related article:
Setting up WinDbg and Using Symbols
http://blogs.msdn.com/b/emeadaxsupport/archive/2011/04/10/setting-up-windbg-and-using-symbols.aspx
Hope this helps.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Hello,
One of our clients has an annoying problem with BSODS almost daily cause by ntkrnlmp.exe and I couldn't manage to find what REALLY was the cause. Symbols were properly configure and still no clear infos. If someone can have a look over the Minidumps and/or
Memory.DMP here are both:
https://onedrive.live.com/?cid=E0FCDAC93086F976&id=E0FCDAC93086F976%21123
Thank you,
CozminHi Cozmin V,
This is excessive paged pool usage, this error may occur due to user-mode graphics driver crossing over and passing bad data to the kernel code.
1: kd> !analyze -v
* Bugcheck Analysis
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff800030a5aae, Address of the instruction which caused the bugcheck
Arg3: fffff8800864c790, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!ExEnterCriticalRegionAndAcquireFastMutexUnsafe+26
fffff800`030a5aae f00fba3100 lock btr dword ptr [rcx],0
CONTEXT: fffff8800864c790 -- (.cxr 0xfffff8800864c790)
rax=fffffa80082d63c0 rbx=0000000000000000 rcx=0000000000000000
rdx=fffffa80082d63c0 rsi=00000000ffffffff rdi=fffffa80082d63c0
rip=fffff800030a5aae rsp=fffff8800864d170 rbp=0000000000000001
r8=0000000000000000 r9=fffff96000365ab8 r10=000000000002fcc7
r11=fffff8800864d1c0 r12=0000000000000000 r13=0000000000000001
r14=0000000000000000 r15=fffff900caf4dd30
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
nt!ExEnterCriticalRegionAndAcquireFastMutexUnsafe+0x26:
fffff800`030a5aae f00fba3100 lock btr dword ptr [rcx],0 ds:002b:00000000`00000000=????????
Resetting default scope
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: csrss.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff9600060dce0 to fffff800030a5aae
STACK_TEXT:
fffff880`0864d170 fffff960`0060dce0 : 00000000`00000000 000001c4`00000000 0000feed`52052bed 00001f80`00000000 : nt!ExEnterCriticalRegionAndAcquireFastMutexUnsafe+0x26
fffff880`0864d1a0 fffff960`00177748 : 00000000`00000001 fffff900`c00b7010 00000000`00000001 fffff900`caf3c370 : cdd!CddBitmapHw::Release+0xc0
fffff880`0864d1e0 fffff960`002b86b4 : 00000000`00000000 00000000`00000000 fffff900`caf3c370 00000000`00000000 : win32k!SURFACE::bDeleteSurface+0x358
fffff880`0864d330 fffff960`002b8757 : fffff900`c00b7010 00000000`00000001 fffff900`c00b7010 00000000`00000001 : win32k!vDynamicConvertNewSurfaceDCs+0xd8
fffff880`0864d360 fffff960`002b8ff2 : fffff900`c00b7010 00000000`00000001 fffff900`c8e35280 fffff900`c00b7010 : win32k!bDynamicRemoveAllDriverRealizations+0x6f
FOLLOWUP_IP:
cdd!CddBitmapHw::Release+c0
fffff960`0060dce0 488b4738 mov rax,qword ptr [rdi+38h]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: cdd!CddBitmapHw::Release+c0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: cdd
IMAGE_NAME: cdd.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7c546
STACK_COMMAND: .cxr 0xfffff8800864c790 ; kb
FAILURE_BUCKET_ID: X64_0x3B_cdd!CddBitmapHw::Release+c0
BUCKET_ID: X64_0x3B_cdd!CddBitmapHw::Release+c0
Followup: MachineOwner
1: kd> lmvm cdd
start end module name
fffff960`00600000 fffff960`00627000 cdd (pdb symbols) c:\symbols\cdd.pdb\88BFB882815849F88656925A7675F2BA1\cdd.pdb
Loaded symbol image file: cdd.dll
Mapped memory image file: c:\symbols\cdd.dll\4CE7C54627000\cdd.dll
Image path: \SystemRoot\System32\cdd.dll
Image name: cdd.dll
Timestamp: Sat Nov 20 20:55:34 2010 (4CE7C546)
CheckSum: 0002D4F0
ImageSize: 00027000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
1: kd> lmtsmn
start end module name
fffff880`00f18000 fffff880`00f6f000 ACPI ACPI.sys Sat Nov 20 17:19:16 2010 (4CE79294)
fffff880`068fd000 fffff880`0697d000 ADIHdAud ADIHdAud.sys Wed Jun 16 03:36:52 2010 (4C17D654)
fffff880`048df000 fffff880`04968000 afd afd.sys Sat Nov 20 17:23:27 2010 (4CE7938F)
fffff880`04a39000 fffff880`04a4f000 AgileVpn AgileVpn.sys Tue Jul 14 08:10:24 2009 (4A5BCCF0)
fffff880`02ec4000 fffff880`02ed7180 aksdf aksdf.sys Mon Nov 21 19:09:56 2011 (4ECA3184)
fffff880`032da000 fffff880`032fae00 aksfridge aksfridge.sys Tue Aug 07 18:34:40 2012 (5020EF40)
fffff880`017f2000 fffff880`017fd000 amdxata amdxata.sys Sat Mar 20 00:18:18 2010 (4BA3A3CA)
fffff880`01e50000 fffff880`01e65000 appid appid.sys Sat Nov 20 18:14:37 2010 (4CE79F8D)
fffff880`078fb000 fffff880`07906000 asyncmac asyncmac.sys Tue Jul 14 08:10:13 2009 (4A5BCCE5)
fffff880`013b2000 fffff880`013bb000 atapi atapi.sys Tue Jul 14 07:19:47 2009 (4A5BC113)
fffff880`013bb000 fffff880`013e5000 ataport ataport.SYS Sat Nov 20 17:19:15 2010 (4CE79293)
fffff960`00870000 fffff960`008d1000 ATMFD ATMFD.DLL Sat Nov 20 17:49:28 2010 (4CE799A8)
fffff880`00fe0000 fffff880`00fec000 BATTC BATTC.SYS Tue Jul 14 07:31:01 2009 (4A5BC3B5)
fffff880`04409000 fffff880`04410000 Beep Beep.SYS Tue Jul 14 08:00:13 2009 (4A5BCA8D)
fffff880`04b76000 fffff880`04b87000 blbdrive blbdrive.sys Tue Jul 14 07:35:59 2009 (4A5BC4DF)
fffff880`02fb1000 fffff880`02fcf000 bowser bowser.sys Wed Feb 23 12:55:04 2011 (4D649328)
fffff960`00600000 fffff960`00627000 cdd cdd.dll Sat Nov 20 20:55:34 2010 (4CE7C546)
Unloaded modules:
fffff880`078b6000 fffff880`078c4000 monitor.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000E000
fffff880`078a8000 fffff880`078b6000 monitor.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000E000
fffff880`0789a000 fffff880`078a8000 monitor.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000E000
fffff880`0788c000 fffff880`0789a000 monitor.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000E000
fffff880`0787e000 fffff880`0788c000 monitor.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000E000
By checking your DMP file, we also found it related to cdd.dll which is the Canonical Display Driver from Microsoft, it's a system file. You could refer to this link for more information about cdd and bitmap
http://answers.microsoft.com/en-us/windows/forum/windows_7-system/bluescreen-error-when-alttabbing-out-of-full/267be931-70b1-482f-8164-c3cd8084def0
We suggest you replace your graphic/display driver and keep them up to date, then check the issue again.
Also you have a lot of outdated drivers on your system including cdd.dll. Please update these drivers for good measure.
If you're still crashing after all of the above, enable Driver Verifier to look for further corruption:
Driver Verifier:
What is Driver Verifier?
Driver Verifier is included in Windows 8, 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows 2000, Windows XP, and Windows Server 2003 to promote stability and reliability; you can use this tool to troubleshoot driver issues. Windows
kernel-mode components can cause system corruption or system failures as a result of an improperly written driver, such as an earlier version of a Windows Driver Model (WDM) driver.
Essentially, if there's a 3rd party driver believed to be at issue, enabling Driver Verifier will help flush out the rogue driver if it detects a violation.
Note: Before enabling Driver Verifier, it is recommended to create a System Restore Point
For more information about Driver Verifier
https://msdn.microsoft.com/en-us/library/windows/hardware/ff545448(v=vs.85).aspx -
Ntkrnlmp.exe causing BSOD randomly
Recently we have been having random reboots and BSODs on our TS box
Background:
Windows Server 2012 R2 - RDS/Print/File - VM on Hyper-V Host (Windows server 2012 r2)
https://onedrive.live.com/redir?resid=AF339BCAC63CB706!228&authkey=!AG-5gWy6tUwoAiE&ithint=folder%2c
Attached are the dump files^^^
Ran ran memtest86 on the host with no errors
Ran Windows memory diags on host and VM with no errors
Updated all firmware and drivers for our HP Proliant ML350 gen8 server
Ran Driver Verifier and pointed it towards the problem child (ntoskrnl.exe) and the server bsod twice in a matter of ten minutes with, of course "Driver Verifier detected a Violation"
Checked the version number Ntoskrnl.exe version 6.3.9600.16452 - Removed
Windows Update Rollup - KB2903939
Double checked and verified removed.
Rebooted and ran Driver verifier after update removal - BSOD twice with same scenario as above. Disabled Driver verifier for now.
I'm hoping to find a fix for this as this is the main RDS server.
I appreciate your time. If you need anything else, please let me know.
Thanks!
*Going to add another DUMP that happened today Below*
Microsoft (R) Windows Debugger Version 6.3.9600.17029 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Only kernel address space is available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred .sympath SRV*f:\localsymbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: .sympath SRV*f:\localsymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Windows 8 Kernel Version 9600 MP (6 procs) Free x64
Product: Server, suite: TerminalServer
Built by: 9600.16422.amd64fre.winblue_gdr.131006-1505
Machine Name:
Kernel base = 0xfffff802`1f286000 PsLoadedModuleList = 0xfffff802`1f54a990
Debug session time: Fri Apr 4 16:32:20.197 2014 (UTC - 4:00)
System Uptime: 0 days 6:36:23.236
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Loading Kernel Symbols
Loading User Symbols
PEB is paged out (Peb.Ldr = 00007ff6`35f58018). Type ".hh dbgerr001" for details
Loading unloaded module list
************* Symbol Loading Error Summary **************
Module name Error
ntkrnlmp The system cannot find the file specified
You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
You should also verify that your symbol search path (.sympath) is correct.
* Bugcheck Analysis *
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff8021f2cc740, ffffd000276e0eb0, 0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!_KPRCB ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!KPRCB ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!_KPRCB ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!KPRCB ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!_KPRCB ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!_KPRCB ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!_KPRCB ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!_KPRCB ***
Probably caused by : ntkrnlmp.exe ( nt!RtlAvlRemoveNode+478 )
Followup: MachineOwnerThanks for the information.
In case you do need to enable Driver Verifier, refer to the following:
Driver Verifier:
What is Driver Verifier?
Driver Verifier is included in Windows 8/8.1, 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows 2000, Windows XP, and Windows Server 2003 to promote stability and reliability; you can use this tool to troubleshoot driver issues. Windows
kernel-mode components can cause system corruption or system failures as a result of an improperly written driver, such as an earlier version of a Windows Driver Model (WDM) driver.
Essentially, if there's a 3rd party driver believed to be at issue, enabling Driver Verifier will help flush out the rogue driver if it detects a violation.
Before enabling Driver Verifier, it is recommended to create a System Restore Point:
Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8/8.1 -
http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html
How to enable Driver Verifier:
Start > type "verifier" without the quotes > Select the following options -
1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (Windows 7 & 8)
- DDI compliance checking (Windows 8)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is NOT provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.
Important information regarding Driver Verifier:
- If Driver Verifier finds a violation, the system will BSOD. To expand on this a bit more for the interested, specifically what Driver Verifier actually does is it looks for any driver making illegal function calls, causing memory leaks, etc. When and/if this
happens, system corruption occurs if allowed to continue. When Driver Verifier is enabled, it is monitoring
all 3rd party drivers (as we have it set that way) and when it catches a driver attempting to do this, it will quickly flag that driver as being a troublemaker, and bring down the system safely before any corruption can occur.
- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will detect it in violation almost straight away, and
as stated above, that will cause / force a BSOD.
If this happens, do not panic, do the following:
- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.
- Once in Safe Mode - Start > Search > type "cmd" without the quotes.
- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
・ Restart and boot into normal Windows.
If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:
- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.
- Once in Safe Mode - Start > type "system restore" without the quotes.
- Choose the restore point you created earlier.
-- Note that Safe Mode for Windows 8/8.1 is a bit different, and you may need to try different methods:
5 Ways to Boot into Safe Mode in Windows 8 & Windows 8.1
How long should I keep Driver Verifier enabled for?
I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier. I will usually say whether or not I'd like for you to keep it enabled any longer.
My system BSOD'd with Driver Verifier enabled, where can I find the crash dumps?
They will be located in %systemroot%\Minidump
Any other questions can most likely be answered by this article:
http://support.microsoft.com/kb/244617
Regards,
Patrick -
Ntkrnlmp.exe causing BSOD intermittently (DUMP Attached)
Recently we have been having random reboots and BSODs on our TS box
Background:
Windows Server 2012 R2 - RDS/Print/File - VM on Hyper-V Host (Windows server 2012 r2
https://onedrive.live.com/redir?resid=AF339BCAC63CB706!228&authkey=!AG-5gWy6tUwoAiE&ithint=folder%2c
Attached are the dump files^^^
Ran ran memtest86 on the host with no errors
Ran Windows memory diags on host and VM with no errors
Updated all firmware and drivers for our HP Proliant ML350 gen8 server
Ran Driver Verifier and pointed it towards the problem child (ntoskrnl.exe) and the server bsod twice in a matter of ten minutes with, of course "Driver Verifier detected a Violation"
Checked the version number Ntoskrnl.exe version 6.3.9600.16452 - Removed
Windows Update Rollup - KB2903939
Double checked and verified removed.
Rebooted and ran Driver verifier after update removal - BSOD twice with same scenario as above. Disabled Driver verifier for now.
I'm hoping to find a fix for this as this is the main RDS server.
I appreciate your time. If you need anything else, please let me know.
Thanks!
*Going to add another DUMP that happened today Below*
Microsoft (R) Windows Debugger Version 6.3.9600.17029 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Only kernel address space is available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred .sympath SRV*f:\localsymbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: .sympath SRV*f:\localsymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Windows 8 Kernel Version 9600 MP (6 procs) Free x64
Product: Server, suite: TerminalServer
Built by: 9600.16422.amd64fre.winblue_gdr.131006-1505
Machine Name:
Kernel base = 0xfffff802`1f286000 PsLoadedModuleList = 0xfffff802`1f54a990
Debug session time: Fri Apr 4 16:32:20.197 2014 (UTC - 4:00)
System Uptime: 0 days 6:36:23.236
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Loading Kernel Symbols
Loading User Symbols
PEB is paged out (Peb.Ldr = 00007ff6`35f58018). Type ".hh dbgerr001" for details
Loading unloaded module list
************* Symbol Loading Error Summary **************
Module name Error
ntkrnlmp The system cannot find the file specified
You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
You should also verify that your symbol search path (.sympath) is correct.
* Bugcheck Analysis *
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff8021f2cc740, ffffd000276e0eb0, 0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!_KPRCB ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!KPRCB ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!_KPRCB ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!KPRCB ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!_KPRCB ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!_KPRCB ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!_KPRCB ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!_KPRCB ***
Probably caused by : ntkrnlmp.exe ( nt!RtlAvlRemoveNode+478 )
Followup: MachineOwnerPlease understand that this forum is meant for general windows server queries and we dont really analyze the crash dumps here.
Please
contact Microsoft Customer Service directly so that the memory dump file can be analyzed and this issue can be resolved efficiently.
You
may obtain the phone numbers for specific technology request please take a look at the web site listed below:
https://support.microsoft.com/common/international.aspx?iid=174859&iguid=56907522-6886-4238-a70f-a1d06a4473c7_2_2&rdpath=1
http://www.arabitpro.com -
Thinkpad T60 Blue Screening when Idle. CSRSS.exe probable cause
Hi All,
I have a customer who leaves his computer on at work overnight and has received blue screens every night when he leaves his laptop. Once he reboots, the laptop is fine until he leaves it idle again.
The bugcheck is BugCheck F4, {3, 86b9cab8, 86b9cc2c, 805d164c} and the probable cause is csrss.exe as noted in the minidump ( I still have to load symbols for the debug).
I have updated bios and all necessary drivers and it still blue screens. Any idea why this BSOD is still occurring?
Any information is appreciated.
Thanks,
Phil -
Randomly BSODs caused by ntoskrnl.exe
I have random BSODs, this is the dump file... any ideas? I tried to update all drivers, but I solved nothing.
Microsoft (R) Windows Debugger Version 6.3.9600.17029 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\061114-29937-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Error: Attempts to access '061114-29937-01.dmp' failed: 0x0 - The operation completed successfully.
************* Symbol Path validation summary **************
Response Time (ms) Location
Error 061114-29937-01.dmp
Symbol search path is: 061114-29937-01.dmp
Executable search path is:
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 8 Kernel Version 9600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9600.17085.amd64fre.winblue_gdr.140330-1035
Machine Name:
Kernel base = 0xfffff800`6e28e000 PsLoadedModuleList = 0xfffff800`6e5582d0
Debug session time: Wed Jun 11 20:29:12.062 2014 (UTC + 2:00)
System Uptime: 0 days 0:22:21.219
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
************* Symbol Loading Error Summary **************
Module name Error
ntoskrnl The system cannot find the file specified
You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
You should also verify that your symbol search path (.sympath) is correct.
* Bugcheck Analysis
Use !analyze -v to get detailed debugging information.
BugCheck 133, {1, 1e00, 0, 0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
*** Type referenced: nt!_KPRCB
5 times more...
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
*** Type referenced: nt!_KPRCB
Probably caused by : ntoskrnl.exe ( nt+153fa0 )
Followup: MachineOwner
Systeminfo:
OS Name: Microsoft Windows 8.1 Pro
OS Version: 6.3.9600 N/A Build 9600
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Original Install Date: 30/10/2013, 13:43:05
System Boot Time: 11/06/2014, 20:29:52
System Manufacturer: TOSHIBA
System Model: Satellite L500
System Type: x64-based PC
Processor(s): 1 Processor(s) Installed.
[01]: Intel64 Family 6 Model 37 Stepping 2 GenuineIntel ~2261 Mhz
BIOS Version: TOSHIBA 2.10, 17/05/2011
Windows Directory: C:\WINDOWS
System Directory: C:\WINDOWS\system32
Boot Device: \Device\HarddiskVolume2
Total Physical Memory: 3.958 MB
Available Physical Memory: 1.792 MB
Virtual Memory: Max Size: 7.926 MB
Virtual Memory: Available: 5.492 MB
Virtual Memory: In Use: 2.434 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server:
\\MicrosoftAccount
Hotfix(s): 56 Hotfix(s) Installed.
[01]: KB2899189_Microsoft-Windows-CameraCodec-Package
[02]: KB2843630
[03]: KB2868626
[04]: KB2883200
[05]: KB2887595
[06]: KB2889543
[07]: KB2891214
[08]: KB2893294
[09]: KB2894029
[10]: KB2894179
[11]: KB2898868
[12]: KB2900986
[13]: KB2901125
[14]: KB2901128
[15]: KB2903939
[16]: KB2904440
[17]: KB2911106
[18]: KB2912390
[19]: KB2913152
[20]: KB2916036
[21]: KB2919355
[22]: KB2919394
[23]: KB2919442
[24]: KB2920189
[25]: KB2923528
[26]: KB2923768
[27]: KB2926765
[28]: KB2928680
[29]: KB2931358
[30]: KB2931366
[31]: KB2939153
[32]: KB2939576
[33]: KB2950153
[34]: KB2953522
[35]: KB2954879
[36]: KB2955164
[37]: KB2956575
[38]: KB2957151
[39]: KB2957189
[40]: KB2957689
[41]: KB2958262
[42]: KB2959977
[43]: KB2961908
[44]: KB2962140
[45]: KB2964718
[46]: KB2964736
[47]: KB2965065
[48]: KB2965142
[49]: KB2965500
[50]: KB2965699
[51]: KB2965788
[52]: KB2966072
[53]: KB2966407
[54]: KB2966804
[55]: KB2969817
[56]: KB976002
Network Card(s): 10 NIC(s) Installed.
[01]: Realtek PCIe FE Family Controller
Connection Name: Ethernet
DHCP Enabled: Yes
DHCP Server: N/A
IP address(es)
[02]: Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
Connection Name: Wi-Fi
Status: Hardware
not present
[03]: Hyper-V Virtual Ethernet Adapter
Connection Name: Ethernet 6
Status: Media
disconnected
[04]: Hyper-V Virtual Ethernet Adapter
Connection Name: Ethernet 3
Status: Media
disconnected
[05]: Hyper-V Virtual Ethernet Adapter
Connection Name: Ethernet 5
DHCP Enabled: Yes
DHCP Server: 192.168.1.1
IP address(es)
[01]: 192.168.1.129
[02]: fe80::1513:f368:3c1e:c173
[06]: Hyper-V Virtual Ethernet Adapter
Connection Name: Ethernet 4
DHCP Enabled: No
IP address(es)
[01]: 169.254.80.80
[02]: fe80::4892:9cb3:7a80:2057
[07]: VMware Virtual Ethernet Adapter for VMnet1
Connection Name: VMware Network Adapter VMnet1
DHCP Enabled: No
IP address(es)
[01]: 192.168.223.1
[02]: fe80::a11c:f4d5:c02f:9fcf
[08]: VMware Virtual Ethernet Adapter for VMnet8
Connection Name: VMware Network Adapter VMnet8
DHCP Enabled: No
IP address(es)
[01]: 192.168.132.1
[02]: fe80::fc9a:9075:a71e:776c
[09]: TAP-Windows Adapter V9
Connection Name: Local Area Connection 3
Status: Media
disconnected
[10]: Hyper-V Virtual Ethernet Adapter
Connection Name: vEthernet (TAP-Windows Adapter V9 Virtual Switch)
Status: Media
disconnected
Hyper-V Requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.Hi,
In order to assist you, we will need the .DMP files to analyze what exactly occurred at the time of the crash, etc.
If you don't know where .DMP files are located, here's how to get to them:
1. Navigate to the %systemroot%\Minidump folder.
2. Copy any and all DMP files in the Minidump folder to your Desktop and then zip up these files.
3. Upload the zip containing the .DMP files to Onedrive or a hosting site of your choice and paste in your reply. Preferred sites: Onedrive, Mediafire, Dropbox, etc. Nothing with wait-timers, download managers, etc.
4 (optional): The type of .DMP files located in the Minidump folder are known as Small Memory Dumps. In %systemroot% there will be what is known as a Kernel-Dump (if your system is set to generate). It is labeled MEMORY.DMP. The difference
between Small Memory Dumps and Kernel-Dumps in the simplest definition is a Kernel-Dump contains
much more information at the time of the crash, therefore allowing further debugging of your issue. If your upload speed permits it, and you aren't going against any strict bandwidth and/or usage caps, etc, the Kernel-Dump is the best
choice. Do note that Kernel-Dumps are much larger in size due to containing much more info, which is why I mentioned upload speed, etc.
If you are going to use Onedrive but don't know how to upload to it, please visit the following:
Upload photos and files to Onedrive.
After doing that, to learn how to share the link to the file if you are unaware, please visit the following link -
Share files and folders and change permissions and view 'Get a link'.
Please note that any "cleaner" programs such as TuneUpUtilities, CCleaner, etc, by default will delete .DMP files upon use. With this said, if you've run such software, you will need to allow the system to crash once again to generate a crash dump.
If your computer is not generating .DMP files, please do the following:
1. Start > type %systemroot% which should show the Windows folder, click on it. Once inside that folder, ensure there is a Minidump folder created. If not, CTRL-SHIFT-N to make a New Folder and name it Minidump.
2. Windows key + Pause key. This should bring up System. Click Advanced System Settings on the left > Advanced > Performance > Settings > Advanced > Ensure there's a check-mark for 'Automatically manage paging file size for all
drives'.
3. Windows key + Pause key. This should bring up System. Click Advanced System Settings on the left > Advanced > Startup and Recovery > Settings > System Failure > ensure there is a check mark next to 'Write an event to the system
log'.
Ensure Small Memory Dump is selected and ensure the path is %systemroot%\Minidump.
4. Double check that the WERS is ENABLED:
Start > Search > type services.msc > Under the name tab, find Windows Error Reporting Service > If the status of the service is not Started then right click it and select Start. Also ensure that under Startup Type it is set to Automatic rather than
Manual. You can do this by right clicking it, selecting properties, and under General selecting startup type to 'Automatic', and then click Apply.
If you cannot get into normal mode to do any of this, please do this via Safe Mode.
Regards,
Patrick
“Be kind whenever possible. It is always possible.” - Dalai Lama -
Blue Screen crash in Windows 7: culprit is ntkrnlmp.exe
Hi, I've been, with increasingly frequency, getting crashes on my Windows 7-run Gateway. Here's what I see when I run the WhoCrashed program (I'm very computer illiterate, sorry!):
On Wed 1/22/2014 11:34:06 PM GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module:
ntkrnlmp.exe (nt!PsIsProtectedProcess+0x2A0)
Bugcheck code: 0xD1 (0x18, 0x2, 0x0, 0xFFFFF8800188AC49)
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.
Can anyone help? Thanks a bunch!!!Hi Ray,
Just additional. Troubleshoot this kind of kernel crash issue, we need to analyze the crash dump file to narrow down the root cause of the issue. Actually, it is not effective
for us to debug the crash dump file here in the forum. If this issues is a state of emergency for you. Please contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
To obtain the phone numbers for specific technology request, please refer to the web site listed below:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
Hope this helps.
Best regards,
Justin Gu -
Tdx.sys ntkrnlmp.exe BSOD after P2V Windows 2008 R2 Standard
Hi all,
We ran a P2V against a Server 2008 R2 Standard (SBS) DC on the weekend. Given that VMware hasn't released a cold clone ISO for a while, we used ShadowProtect Recovery Environment and Hardware Independent Restore. It worked a treat, stripped the old physical
NICs out.
Monday morning it threw a BSOD, then again at 10 am that day.
We immediately patched to remove the http.sys BSOD vulnerability to be safe.
We also patched 2008 R2 to SP1 x64 latest versions.
It crashed again last night, then again at 10 am today and every day since.
The BSOD dumps mention ntkrnlmp.exe and tdx.sys
vSphere is a new Intel server S2600CP2 running vSphere 5.5 Update 2.
The VM is running a VMXnet3 NIC, we've had issues before. RAID controller is Intel RMS25PB040.
The server runs AD/DNS, Exchange, File Shares and Printers.
We're combing through tasks, as it may be falling over at the same time every couple of days.
We've disabled Kaspersky Endpoint protection.
We will be planning to swap over the VMXnet3 NIC to E1000 later today, once we have a full backup that runs to USB.
After extensive researching we are leaning towards the NIC/network being a problem under load causing the BSOD.
Anyone else have any other suggestions we can try to resolve the BSOD issues?
Screenshot of the BSOD error codes: http://imgur.com/xRwZcKf
Here is an output of the minidump file:
Debugging Details:
TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
BUGCHECK_STR: 0x7f_8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT_SERVER
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80001e911a9 to fffff80001e91c00
STACK_TEXT:
fffff80001d22d28 fffff80001e911a9 : 000000000000007f 0000000000000008 0000000080050031 00000000000406f8 : nt!KeBugCheckEx fffff80001d22d30 fffff80001e8f672 : 0000000000000000 0000000000000000
0000000000000000 0000000000000000 : nt!KiBugCheckDispatch+0x69 fffff80001d22e70 fffff88003413a0c : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiDoubleFaultAbort+0xb2
fffff88002b02f90 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : tdx!TdxIssueQueryAddressRequest+0x5c
STACK_COMMAND: kb
FOLLOWUP_IP: tdx!TdxIssueQueryAddressRequest+5c fffff88003413a0c ff1576370100 call qword ptr [tdx!_imp_ExAllocatePoolWithTag (fffff88003427188)]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: tdx!TdxIssueQueryAddressRequest+5c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: tdx
IMAGE_NAME: tdx.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce79332
FAILURE_BUCKET_ID: X64_0x7f_8_tdx!TdxIssueQueryAddressRequest+5c
BUCKET_ID: X64_0x7f_8_tdx!TdxIssueQueryAddressRequest+5c
Followup: MachineOwnerHi Sir,
>>We ran a P2V against a Server 2008 R2 Standard (SBS) DC on the weekend. Given that VMware hasn't released a cold clone ISO for a while
It seems that you have performed WMware P2V , it is beyond what we can support . You may need to post this issue into WMware forum :
https://communities.vmware.com/welcome
In windows hyper-v , there is a tool " disk2VHD" can help us to perform P2V :
https://technet.microsoft.com/en-us/library/ee656415.aspx?f=255&MSPPError=-2147217396
Best Regards,
Elton Ji
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] . -
Hi Guys,
Has anyone come across this BSOD error and found a fix, as I'm at a lost as to what is causing the BSOD
Please see Windows Debugger output below:-
Microsoft (R) Windows Debugger Version 6.2.9200.16384 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Transfer\Minidumps\Mini051414-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (8 procs) Free x64
Product: Server, suite: Enterprise TerminalServer
Built by: 6002.23154.amd64fre.vistasp2_ldr.130707-1535
Machine Name:
Kernel base = 0xfffff800`01c18000 PsLoadedModuleList = 0xfffff800`01dd7e30
Debug session time: Wed May 14 12:01:16.178 2014 (UTC + 1:00)
System Uptime: 3 days 7:15:01.532
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
* Bugcheck Analysis
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff9600030271e, fffffa603d967ec0, 0}
Probably caused by : win32k.sys ( win32k!PFFOBJ::pPvtDataMatch+12 )
Followup: MachineOwner
7: kd> !analyze -v
* Bugcheck Analysis
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff9600030271e, Address of the instruction which caused the bugcheck
Arg3: fffffa603d967ec0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
win32k!PFFOBJ::pPvtDataMatch+12
fffff960`0030271e f6430804 test byte ptr [rbx+8],4
CONTEXT: fffffa603d967ec0 -- (.cxr 0xfffffa603d967ec0)
rax=fffff900c277dd10 rbx=6364735523080013 rcx=fffffa603d968790
rdx=fffff900c2cc92a0 rsi=fffff900c2ade350 rdi=fffffa80369f6680
rip=fffff9600030271e rsp=fffffa603d968720 rbp=0000000000000000
r8=0000000000000000 r9=fffffa80369f6680 r10=fffffa803b6cdc48
r11=fffffa603d9687c8 r12=fffffa603d968810 r13=0000000000000000
r14=000000000000301f r15=0000000000000001
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
win32k!PFFOBJ::pPvtDataMatch+0x12:
fffff960`0030271e f6430804 test byte ptr [rbx+8],4 ds:002b:63647355`2308001b=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT_SERVER
BUGCHECK_STR: 0x3B
PROCESS_NAME: chrome.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff960003009b1 to fffff9600030271e
STACK_TEXT:
fffffa60`3d968720 fffff960`003009b1 : 00000000`0000301f 00000000`00004fbc 00000000`00000000 fffffa80`3b6cdbb0 : win32k!PFFOBJ::pPvtDataMatch+0x12
fffffa60`3d968750 fffff960`001aacb6 : fffff900`c2ade350 fffff900`c3fa59e0 00000000`00000000 fffffa80`369f6680 : win32k!PFTOBJ::bUnloadWorkhorse+0x55
fffffa60`3d9687d0 fffff960`001ab8d8 : fffff900`c2ade2d0 00000000`00000000 00000000`00000001 00000000`00000001 : win32k!vCleanupPrivateFonts+0x72
fffffa60`3d968810 fffff960`0019fbc0 : 00000000`00000000 fffff800`01ebfe00 fffff900`c277dd10 fffffa80`38d5b800 : win32k!NtGdiCloseProcess+0x4a8
fffffa60`3d968870 fffff960`0019f423 : 00000000`00000000 fffff900`c277dd10 00000000`00000000 fffff800`01ebfe48 : win32k!GdiProcessCallout+0x1f4
fffffa60`3d9688f0 fffff800`01ecc924 : 00000000`00000000 00000000`00000000 fffff800`01db6ec0 00000000`00000000 : win32k!W32pProcessCallout+0x6f
fffffa60`3d968920 fffff800`01ebfe65 : fffffa60`00000000 fffff800`01c89701 fffffa80`57c73810 00000000`78457350 : nt!PspExitThread+0x41c
fffffa60`3d968a10 fffff800`01c89881 : fffffa60`3d968ad8 00000000`00000000 fffffa80`382fe430 00000000`00000000 : nt!PsExitSpecialApc+0x1d
fffffa60`3d968a40 fffff800`01c8d935 : fffffa60`3d968ca0 fffffa60`3d968ae0 fffff800`01ebfe74 00000000`00000001 : nt!KiDeliverApc+0x441
fffffa60`3d968ae0 fffff800`01c6721d : fffffa80`3b6cdbb0 00000000`0038f2f4 fffffa60`3d968bf8 fffffa80`597301e0 : nt!KiInitiateUserApc+0x75
fffffa60`3d968c20 00000000`74c93d09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0xa2
00000000`000eebd8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x74c93d09
FOLLOWUP_IP:
win32k!PFFOBJ::pPvtDataMatch+12
fffff960`0030271e f6430804 test byte ptr [rbx+8],4
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!PFFOBJ::pPvtDataMatch+12
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 52f4cf4d
STACK_COMMAND: .cxr 0xfffffa603d967ec0 ; kb
FAILURE_BUCKET_ID: X64_0x3B_win32k!PFFOBJ::pPvtDataMatch+12
BUCKET_ID: X64_0x3B_win32k!PFFOBJ::pPvtDataMatch+12
Followup: MachineOwner
7: kd> lmvm win32k
start end module name
fffff960`000e0000 fffff960`0039a000 win32k (pdb symbols) c:\symbols\win32k.pdb\E3E9D4C3813E470A90F52FAEC6461A252\win32k.pdb
Loaded symbol image file: win32k.sys
Mapped memory image file: c:\symbols\win32k.sys\52F4CF4D2ba000\win32k.sys
Image path: win32k.sys
Image name: win32k.sys
Timestamp: Fri Feb 07 12:19:25 2014 (52F4CF4D)
CheckSum: 002AD344
ImageSize: 002BA000
File version: 6.0.6002.23325
Product version: 6.0.6002.23325
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: win32k.sys
OriginalFilename: win32k.sys
ProductVersion: 6.0.6002.23325
FileVersion: 6.0.6002.23325 (vistasp2_ldr.140207-0038)
FileDescription: Multi-User Win32 Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
7: kd> .cxr 0xfffffa603d967ec0
rax=fffff900c277dd10 rbx=6364735523080013 rcx=fffffa603d968790
rdx=fffff900c2cc92a0 rsi=fffff900c2ade350 rdi=fffffa80369f6680
rip=fffff9600030271e rsp=fffffa603d968720 rbp=0000000000000000
r8=0000000000000000 r9=fffffa80369f6680 r10=fffffa803b6cdc48
r11=fffffa603d9687c8 r12=fffffa603d968810 r13=0000000000000000
r14=000000000000301f r15=0000000000000001
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
win32k!PFFOBJ::pPvtDataMatch+0x12:
fffff960`0030271e f6430804 test byte ptr [rbx+8],4 ds:002b:63647355`2308001b=??
Thanks
JTGetting BSOD's pointing to this dll also. Started at around the same date as Jitinder's post. Maybe a new issue introduced has been introduced?
7: kd> !analyze -v
* Bugcheck Analysis *
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff9600011fda0, Address of the instruction which caused the bugcheck
Arg3: fffffa6027acd1d0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
"kernel32.dll" was not found in the image list.
Debugger will attempt to load "kernel32.dll" at given base 00000000`00000000.
Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=<base>,<size>.
Unable to add module at 00000000`00000000
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
win32k!PFEOBJ::vFreepfdg+e8
fffff960`0011fda0 0fba60300f bt dword ptr [rax+30h],0Fh
CONTEXT: fffffa6027acd1d0 -- (.cxr 0xfffffa6027acd1d0)
rax=00000000014c0000 rbx=0000000000000000 rcx=fffff900c009c2a0
rdx=fffffa802735ab80 rsi=fffff900c0b9b010 rdi=fffffa6027acda80
rip=fffff9600011fda0 rsp=fffffa6027acda30 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000000 r10=fffffa802800a288
r11=fffffa802800a060 r12=0000000000000000 r13=0000000000000000
r14=000000001539ed50 r15=0000000000000001
iopl=0 nv up ei pl nz na po cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010207
win32k!PFEOBJ::vFreepfdg+0xe8:
fffff960`0011fda0 0fba60300f bt dword ptr [rax+30h],0Fh ds:002b:00000000`014c0030=????????
Resetting default scope
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: iexplore.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff960002e66d4 to fffff9600011fda0
STACK_TEXT:
fffffa60`27acda30 fffff960`002e66d4 : 00000000`00000000 fffffa80`2735ab50 00000000`00000001 00000000`746e6647 : win32k!PFEOBJ::vFreepfdg+0xe8
fffffa60`27acda60 fffff960`002f0cb7 : 00000000`00000000 fffff900`c008f000 fffff900`c0010000 00000000`00000000 : win32k!RFONTOBJ::vDeleteRFONT+0x210
fffffa60`27acdac0 fffff960`002f0926 : 00000000`00000000 fffff900`c2bfcca0 fffff900`c0ae4010 00000000`00000000 : win32k!vRestartKillRFONTList+0xab
fffffa60`27acdb10 fffff960`00275c79 : 00000000`00000000 00000000`00000001 fffffa80`235762b0 fffff900`00000002 : win32k!PFTOBJ::bUnloadWorkhorse+0x196
fffffa60`27acdb90 fffff960`002978e2 : fffffa80`2800a060 fffff900`c0b932a0 fffffa60`27acdca0 00000000`7457c444 : win32k!GreRemoveFontMemResourceEx+0xad
fffffa60`27acdbf0 fffff800`01a64173 : fffffa80`2800a060 fffffa60`27acdca0 00000000`7ee9f000 fffffa80`25803040 : win32k!NtGdiRemoveFontMemResourceEx+0x12
fffffa60`27acdc20 00000000`74513d09 : 00000000`74513cc5 00000023`77300682 00000000`00000023 00000000`00000202 : nt!KiSystemServiceCopyEnd+0x13
00000000`1539ed48 00000000`74513cc5 : 00000023`77300682 00000000`00000023 00000000`00000202 00000000`1767d5e0 : wow64cpu!CpupSyscallStub+0x9
00000000`1539ed50 00000000`7457ab36 : 00000000`77120000 00000000`1539fd20 00000000`60c8f022 00000000`1539f450 : wow64cpu!Thunk0Arg+0x5
00000000`1539edc0 00000000`7457a13a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : wow64!RunCpuSimulation+0xa
00000000`1539edf0 00000000`771847c8 : 00000000`00000000 00000000`00000000 00000000`7efdf000 00000000`00000000 : wow64!Wow64LdrpInitialize+0x4b6
00000000`1539f350 00000000`771461be : 00000000`1539f450 00000000`00000000 00000000`7efdf000 00000000`00000000 : ntdll! ?? ::FNODOBFM::`string'+0x1fba1
00000000`1539f400 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!LdrInitializeThunk+0xe
FOLLOWUP_IP:
win32k!PFEOBJ::vFreepfdg+e8
fffff960`0011fda0 0fba60300f bt dword ptr [rax+30h],0Fh
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!PFEOBJ::vFreepfdg+e8
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5202fc4d
STACK_COMMAND: .cxr 0xfffffa6027acd1d0 ; kb
FAILURE_BUCKET_ID: X64_0x3B_win32k!PFEOBJ::vFreepfdg+e8
BUCKET_ID: X64_0x3B_win32k!PFEOBJ::vFreepfdg+e8
Followup: MachineOwner
7: kd> lmv m win32k
start end module name
fffff960`000d0000 fffff960`00389000 win32k (pdb symbols) c:\symcache\win32k.pdb\54B8C53009264F08A9D8CF1B4B56BCDC2\win32k.pdb
Loaded symbol image file: win32k.sys
Image path: \SystemRoot\System32\win32k.sys
Image name: win32k.sys
Timestamp: Thu Aug 08 04:02:53 2013 (5202FC4D)
CheckSum: 002B126B
ImageSize: 002B9000
File version: 6.0.6002.18912
Product version: 6.0.6002.18912
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: win32k.sys
OriginalFilename: win32k.sys
ProductVersion: 6.0.6002.18912
FileVersion: 6.0.6002.18912 (vistasp2_gdr.130807-1537)
FileDescription: Multi-User Win32 Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
7: kd> .cxr 0xfffffa6027acd1d0
rax=00000000014c0000 rbx=0000000000000000 rcx=fffff900c009c2a0
rdx=fffffa802735ab80 rsi=fffff900c0b9b010 rdi=fffffa6027acda80
rip=fffff9600011fda0 rsp=fffffa6027acda30 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000000 r10=fffffa802800a288
r11=fffffa802800a060 r12=0000000000000000 r13=0000000000000000
r14=000000001539ed50 r15=0000000000000001
iopl=0 nv up ei pl nz na po cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010207
win32k!PFEOBJ::vFreepfdg+0xe8:
fffff960`0011fda0 0fba60300f bt dword ptr [rax+30h],0Fh ds:002b:00000000`014c0030=???????? -
An error occurred during olap API metadata retrieval. This is probably caus
this is what i have done so far. i really nead some help asap!!!
1. Install Oracle 9i Release 2 (9.2.0.1) Enterprise Edition with the General purpose database configuration (Data warehouse works as well). At the end of the installation I chose the password management button to change passwords for the few necessary accounts: SYS, SYSTEM, OLAPSYS, SH.
2. Download the p3948480_9206_WINNT.zip from metalink, the 9.2.0.6 patchset
3. Shut down any existing Oracle9i database instances with normal or immediate priority. Stop all listener and other services running in the Oracle home directory where you want to install the patch set.
4. unzip the content of thepatch to a temp directory
5. start setup.exe under the temp directory (it will start the Oracle Universal installer 10.1.0.3)
6. install the patchset to your Oracle home, selecting the source in the temp_dir\stage\products.jar file
7. review carefully the post-installation tasks for the patchset:
Review the following sections before upgrading a database (quote from the patchset html readme):
8.2.1.1If JServer is part of the installation ensure that there is at least 10 MB of free space allocated to the SYSTEM tablespace.
8.2.1.2 Check XDB Tablespace Size
For RAC installations, ensure that there is at least 50 MB of free space allocated to the XDB tablespace.
8.2.1.3 Set the SHARED_POOL_SIZE and JAVA_POOL_SIZE Initialization Parameters
Set the value of the SHARED_POOL_SIZE and the JAVA_POOL_SIZE initialization parameters as follows:
Start the database:
SQL> STARTUP
If necessary, enter the following command to determine whether the system uses an initialization parameter file (initsid.ora) or a server parameter file (spfiledbname.ora):
SQL> SHOW PARAMETER PFILE;
This command displays the name and location of the server parameter file or the initialization parameter file.
Determine the current values of these parameters:
SQL> SHOW PARAMETER SHARED_POOL_SIZE
SQL> SHOW PARAMETER JAVA_POOL_SIZE
If the system is using a server parameter file:
If necessary, set the value of the SHARED_POOL_SIZE initialization parameter to at least 150 MB:
SQL> ALTER SYSTEM SET SHARED_POOL_SIZE='150M' SCOPE=spfile;
If necessary, set the value of the JAVA_POOL_SIZE initialization parameter to at least 150 MB:
SQL> ALTER SYSTEM SET JAVA_POOL_SIZE='150M' SCOPE=spfile;
If the system uses an initialization parameter file, if necessary, change the values of the SHARED_POOL_SIZE and the JAVA_POOL_SIZE initialization parameters to at least 150 MB in the initialization parameter file (initsid.ora).
Shut down the database:
SQL> SHUTDOWN
8.2.2 Upgrade the Database
After you install the patch set, you must complete the following steps on every database associated with the upgraded Oracle home:
Log on as a member of the Administrators group to the computer where the Oracle components are installed.
Use SQL*Plus to login to the database as the SYS user with SYSDBA privileges:
sqlplus /NOLOG
CONNECT SYS/password AS SYSDBA
Enter the following SQL*Plus commands:
SQL> STARTUP MIGRATE
SQL> SPOOL patch.log
SQL> @ORACLE_BASE\ORACLE_HOME\rdbms\admin\catpatch.sql
SQL> SPOOL OFF
Restart the database:
SQL> SHUTDOWN
SQL> STARTUP
Run the utlrp.sql script to recompile all invalid PL/SQL packages now instead of when the packages are accessed for the first time. This step is optional but recommended.
SQL> @ORACLE_BASE\ORACLE_HOME\rdbms\admin\utlrp.sql
12. Install JDeveloper 9.0.4 (download it from OTN and just unzip it in a directory ... it doesn't require an oracle home)
13. Install BI Beans 9.0.4 (download it from OTN as well), run the setup.exe that comes with it and in the destination oracle home select the directory where you installed JDeveloper and give an oracle home name to it)
14. Install the BIBDEMO schema:
Create a directory on the computer that is running the Oracle9i database. This install_home directory is the location to which you will upload the data files that are required to build the BIBDEMO schema.
On the computer where BI Beans is installed, locate the bibeans_home\bibdemo_schema folder (where bibeans_home is the root folder of your BI Beans installation). Copy all of the files found in this folder to the install_home folder on your server machine.
Open a DOS prompt and navigate to the install_home folder.
Run bibdemo.bat to install the schema, using the following syntax:
bibdemo.bat <path to Oracle database files >
For example, for an instance named my9iService, enter the following:
bibdemo.bat D:\OraHome1\oradata\my9iService
You are prompted for the password for the sys as sysdba user.
The script takes approximately 15 minutes to run, depending on the machine specifications. It is normal to see some error messages while the script is running. In addition, when materialized views are being created in the database, the script will appear to stop; this is also normal. A clear message will tell you when the script has completed.
The log files (*.log) that are generated by the installation script are stored in the folder from which you ran the script.
Here's what
bi_checkconfig.bat -h ana -po 1521 -sid proiect -u bibdemo -p bibdemo -q
returned:
BI Beans Diagnostics(v1.0.2.0) 2/28/05
===============================================================================
JDEV_ORACLE_HOME .......................... = E:\OraDS
JAVA_HOME ................................. = E:\OraDS\jdk
JDeveloper version ........................ = 9.0.4.1.1.1436
BI Beans release description .............. = BI Beans 9.0.4 Production Release
BI Beans component number ................. = 9.0.4.23.0
BI Beans internal version ................. = 2.7.5.32
Connect to database ....................... = Successful
JDBC driver version ....................... = 9.2.0.4.0
JDBC JAR file location .................... = E:\OraDS\jdev\lib\patches
Database version .......................... = 9.2.0.6.0
OLAP Catalog version ...................... = 9.2.0.1.0
OLAP AW Engine version .................... = 9.2.0.1.0
OLAP API Server version ................... = 9.2.0.1.0
BI Beans Catalog version .................. = N/A; not installed in bibdemo
OLAP API JAR file version ................. = 9.2
OLAP API JAR file location ................ = E:\OraDS\jdev\lib\ext
Load OLAP API metadata .................... = Successful
Number of metadata folders ................ = 2
Number of metadata measures ............... = 12
Number of metadata dimensions ............. = 8
Testing sample query for measures and dimensions
(S=Schema, C=Cube, M=Measure, D=Dimension)
1/21) Measure Budget ................... = Successful
S=BIBDEMO, C=BIBDEMO_BUDGET_CUBE, M=BUDGET
2/21) Measure Actual ................... = Successful
S=BIBDEMO, C=BIBDEMO_ACTUAL_CUBE, M=ACTUAL
3/21) Measure Close Price .............. = Successful
S=BIBDEMO, C=BIBDEMO_STKPRICE_CUBE, M=STKPRICE_CLOSE
4/21) Measure Open Price ............... = Successful
S=BIBDEMO, C=BIBDEMO_STKPRICE_CUBE, M=STKPRICE_OPEN
5/21) Measure Low Price ................ = Successful
S=BIBDEMO, C=BIBDEMO_STKPRICE_CUBE, M=STKPRICE_LOW
6/21) Measure High Price ............... = Successful
S=BIBDEMO, C=BIBDEMO_STKPRICE_CUBE, M=STKPRICE_HIGH
7/21) Measure Stock Volume ............. = Successful
S=BIBDEMO, C=BIBDEMO_STKPRICE_CUBE, M=STKPRICE_VOLUME
8/21) Dimension Division ............... = Successful
S=BIBDEMO, D=DIVISION
9/21) Dimension Line Items ............. = Successful
S=BIBDEMO, D=LINE
10/21) Dimension Time ................... = Successful
S=BIBDEMO, D=TIME
11/21) Dimension Day .................... = Successful
S=BIBDEMO, D=DAY
12/21) Dimension Stock .................. = Successful
S=BIBDEMO, D=STOCK
13/21) Measure Costs .................... = Successful
S=BIBDEMO, C=ANALYTIC_CUBE, M=F.COSTS
14/21) Measure Promotion ................ = Successful
S=BIBDEMO, C=ANALYTIC_CUBE, M=F.PROMO
15/21) Measure Quota .................... = Successful
S=BIBDEMO, C=ANALYTIC_CUBE, M=F.QUOTA
16/21) Measure Units .................... = Successful
S=BIBDEMO, C=ANALYTIC_CUBE, M=F.UNITS
17/21) Measure Sales .................... = Successful
S=BIBDEMO, C=ANALYTIC_CUBE, M=F.SALES
18/21) Dimension Channel ................ = Successful
S=BIBDEMO, D=CHANNEL
19/21) Dimension Geography .............. = Successful
S=BIBDEMO, D=GEOGRAPHY
20/21) Dimension Product ................ = Successful
S=BIBDEMO, D=PRODUCT
21/21) Dimension Time ................... = Successful
S=BIBDEMO, D=TIME
Metadata output location .................. = E:\OraDS\bibeans\bi_checkconfig\bi
_metadata.txt
To interpret this output, see the "Displaying Information about your Oracle9i Bu
siness Intelligence Beans Client Configuration" technical note, whose file name
is bi_checkconfig_tn.html
These diagnostics are captured in: E:\OraDS\bibeans\bi_checkconfig\bi_checkconfi
g.xml
now: i have created some new stuff:
1). user ana with roles:
-dba
-olap_dba
-connect
-resource
(same roles as bibdemo)
2).schema ana; tablespace ana (permanent), tablespace anatemp (temporary)
3).i have created some relational tables and i have inserted some data in them:
agent, aparat (cofee machines), beneficiar (clients), locatii (city), raport (REPORT), timp (time), tipaparat (types of cofee machines), tipbautura (products : types of cofee made by all the cofee machines), zone (state)
4). one fact table with:
- sold cantity (measure)
- id_bautura (id_product) primary key
- id_timp(id_time) primary key
- id_beneficiar (id_client) primary key
- id_agent primary key
- id_locatie (id_city) primary key
- id_aparat (id_cofee_machine)primary key
i have inserted some data also
5).dimensions:
AGENT_DIM :levels: codag(id_agent), numeag (agent name), telefag (agent phone number)from relational table agent
BENEFICIAR_DIM :levels: codben (id_client), denumire (client name), adresa (adress) ,codl (id_city) etc from relatinal table beneficiar (clients)
TIMP_DIM :levels: id, year, month from relational table timp (time)
TIPBAUTURA_DIM :levels: codbautura (id_product), numebautura (product name)from relational table tipbautura (products)
ZONA_DIM :levels: codzona (id state), numezona (state name), codoras (id city), numeoras (city name) with ierarhy id_state---id_city FROM 2 RELATINAL TABLES CITY AND STATE!!!!!!!! AM I ALOUD TO DO THAT?????
DO I NEED TO CREATE A DIMENSION FROM ONLY ONE TABLE???????
APARAT_DIM :LEVELS: codben (id client), codtip (id machine type), denumireap (machine type name), matricolap ((machine id) (FROM 2 RELATIONAL TABLES ALSO!!!!!!! FROM TYPES OF COFEE MACHINES AND COFEE MACHINES!!!!!
6). I HAVE NOW CREATED THE CUBE FROM THE FACT TABLE AND WITH ALL THE DIMENSIONS
7). summary advisor wizard NOT WORKING! IT NEVER STOPS!
8). I HAVE CREATED ALSO ONE materialized view FOR THE CUBE
IF I COMPILE IT... NO ERRORS
9). CUBE VIEWER NOT WORKING!!!!!!! IT ONLY APEARS A BELL!!!
NOW IF I RUN BI_CHECK CONFIG ON ANA AND ALSO ON BIBDEMO!!!!!!!!!!!!
IT SAYS:
1) An error occurred during olap API metadata retrieval. This is probably caused by inconsistent metadata.
============================================================================
oracle.express.ExpressServerExceptionError class: Unknown Error
Server error descriptions:
INI: System failure, Generic at TxsOqConnection::getDefaultDatabase
at oracle.express.olapi.data.full.ExpressDataProvider.getMetadataProviderInterface(ExpressDataProvider.java:1003)
at oracle.olapi.metadata.MetadataFetcher.initialize(MetadataFetcher.java:73)
at oracle.olapi.metadata.MetadataFetcher.<init>(MetadataFetcher.java:45)
at oracle.olapi.metadata.BaseMetadataProvider.<init>(BaseMetadataProvider.java:47)
at oracle.olapi.metadata.mdm.MdmMetadataProvider.<init>(MdmMetadataProvider.java:130)
at oracle.express.olapi.data.full.ExpressDataProvider.getDefaultMetadataProvider(ExpressDataProvider.java:964)
at oracle.dss.metadataManager.server.drivers.mdm._92.MDMMetadataDriverImpl_92.getMdmMetadataProvider(MDMMetadataDriverImpl_92.java:1133)
at oracle.dss.metadataManager.server.drivers.mdm._92.MDMMetadataDriverImpl_92.attach(MDMMetadataDriverImpl_92.java:810)
at oracle.dss.metadataManager.server.drivers.mdm.MDMMetadataDriverImpl.attach(MDMMetadataDriverImpl.java:125)
at oracle.dss.metadataManager.server.MetadataManagerImpl.buildObjectModel(MetadataManagerImpl.java:1092)
at oracle.dss.metadataManager.server.MetadataManagerImpl.attach(MetadataManagerImpl.java:969)
at oracle.dss.metadataManager.client.MetadataManager.attach(MetadataManager.java:876)
at oracle.dss.metadataManager.client.MetadataManager.attach(MetadataManager.java:799)
at BICheckConfig.checkConnection(BICheckConfig.java:277)
at BICheckConfig.main(BICheckConfig.java:1348)
I TRYED ALSO WITH USER ANA WITH ROLES:
- DBA
- CONNECT
-RESOURCE
- OLAP_USER
NOT WORKING! AND ALSO BIBDEMO NOT WORKING!
WHAT AM I MISSING? SHOULD I USE AW MANAGER? OR DO I NEED TO CREATE AN AMNALITIC WORKSPACE???
WHAT ARE THE STEPS TO CREATE A GOOD METADATA????Hi,
The issue here is if the whole catalog is corrupt or just one schema. So to try and determine the status of the catalog I would try:
1) Using OEM remove all the objects you created
2) I presume you created your database using the Database Configuration Assistant? You should have used the warehouse template
3) Make sure the following accounts are unlocked and also not expired : SH, OLAPSYS
4) Make sure the password for the SH schema is SH
5) Make sure the password for the OLAPSYS account is manager
6) Install the BIBDEMO schema that is shipped with BI Beans. This in the jdev_home/bibeans/bibdemo_schema
The installation process will remove SH schema from the OLAP catalog.
7)Once this is installed use JDeveloper to see if you can create a crosstab or graph.
8) If the BIBDEMO schema works try creating your new schemas one at a time.
9) Make sure the if you define the a dimension as type time it has END_DATE (column type DATE) and TIME_SPAN (column type number) defined. Otherwise don't define the dimension as type time.
Hope this helps
Keith Laker
Product Manager
Oracle Business Intelligence Beans -
Windows 8.1 BSOD and the culprit is ntkrnlmp.exe
Here is the log of dump file
0: kd> !analyze -v
* Bugcheck Analysis *
DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
The IO manager has caught a misbehaving driver.
Arguments:
Arg1: 0000000000000221, An IRP dispatch handler for a PDO has deleted its device object, but the
hardware has not been reported as missing in a bus relations query.
Arg2: fffff8021aa88a78, The address in the driver's code where the error was detected.
Arg3: ffffcf8164f18af0, IRP address.
Arg4: ffffe0008738a8c0, Device object address.
Debugging Details:
BUGCHECK_STR: 0xc9_221
DRIVER_VERIFIER_IO_VIOLATION_TYPE: 221
FAULTING_IP:
nt!ViGenericPnp+0
fffff802`1aa88a78 4c8b05d12dc8ff mov r8,qword ptr [nt!pXdvIRP_MJ_PNP (fffff802`1a70b850)]
FOLLOWUP_IP:
nt!ViGenericPnp+0
fffff802`1aa88a78 4c8b05d12dc8ff mov r8,qword ptr [nt!pXdvIRP_MJ_PNP (fffff802`1a70b850)]
IRP_ADDRESS: ffffcf8164f18af0
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre
LAST_CONTROL_TRANSFER: from fffff8021aa786b0 to fffff8021a556fa0
STACK_TEXT:
ffffd001`279861a8 fffff802`1aa786b0 : 00000000`000000c9 00000000`00000221 fffff802`1aa88a78 ffffcf81`64f18af0 : nt!KeBugCheckEx
ffffd001`279861b0 fffff802`1aa7b171 : fffff802`1aa6b470 fffff802`1aa88a78 ffffcf81`64f18af0 ffffe000`8738a8c0 : nt!VerifierBugCheckIfAppropriate+0x3c
ffffd001`279861f0 fffff802`1aa719f0 : ffffe000`899daca0 ffffd001`27986350 ffffe000`83fbdd40 00000000`00000000 : nt!ViErrorFinishReport+0x10d
ffffd001`27986250 fffff802`1aa77bd5 : 00000000`00000000 fffff802`1a7b4f4e ffffe000`899daca0 00000000`00020000 : nt!IovpCallDriver2+0x15c
ffffd001`27986620 fffff802`1aa6c928 : ffffcf81`64f18af0 00000000`00000002 ffffcf81`64f18af0 fffff802`1aa78471 : nt!VfAfterCallDriver+0x289
ffffd001`279866b0 fffff802`1a7b4f4e : ffffe000`8738a8c0 00000000`00000000 ffffd001`279867b0 ffffe000`899daca0 : nt!IovCallDriver+0x3e4
ffffd001`27986700 fffff802`1a8cde24 : 00000000`00000002 ffffd001`279867c9 ffffe000`861fe770 ffffe000`8738a8c0 : nt!IopSynchronousCall+0xfe
ffffd001`27986770 fffff802`1a51e6bb : ffffc000`bea120d0 00000000`0000000a ffffe000`861fe770 00000000`0000000a : nt!IopRemoveDevice+0xe0
ffffd001`27986830 fffff802`1a8cd771 : ffffe000`8738a8c0 ffffe000`861fe770 ffffc000`bd6e0990 fffff802`1a994e36 : nt!PnpRemoveLockedDeviceNode+0x1a7
ffffd001`27986890 fffff802`1a8cd6ea : 00000000`00000000 ffffc000`bd6e0990 ffffe000`861fe770 00000000`3f051397 : nt!PnpDeleteLockedDeviceNode+0x4d
ffffd001`279868d0 fffff802`1a8cc7f3 : ffffe000`861043b0 ffffd001`00000002 00000000`00000000 00000000`00000000 : nt!PnpDeleteLockedDeviceNodes+0x9a
ffffd001`27986950 fffff802`1a7a7139 : ffffc000`bea12000 00000000`00000007 ffffc000`00000000 ffffe000`ffffffff : nt!PnpProcessQueryRemoveAndEject+0x4ef
ffffd001`27986ab0 fffff802`1a7a7571 : ffffc000`bea120d0 00000000`00000000 00000000`00000000 fffff802`1a7a7260 : nt!PnpProcessTargetDeviceEvent+0x9d
ffffd001`27986af0 fffff802`1a456adb : fffff802`1a7a7260 ffffc000`be661440 ffffd001`27986bd0 ffffe000`889c1ab0 : nt!PnpDeviceEventWorker+0x311
ffffd001`27986b50 fffff802`1a4d2794 : 00000000`00000000 ffffe000`832d7880 ffffe000`832d7880 ffffe000`8328c040 : nt!ExpWorkerThread+0x293
ffffd001`27986c00 fffff802`1a55d5c6 : ffffd001`2c3dc180 ffffe000`832d7880 ffffd001`2c3e83c0 00000000`00000000 : nt!PspSystemThreadStartup+0x58
ffffd001`27986c60 00000000`00000000 : ffffd001`27987000 ffffd001`27981000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
STACK_COMMAND: .bugcheck ; kb
SYMBOL_NAME: nt!ViGenericPnp+0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5318053f
BUCKET_ID_FUNC_OFFSET: 0
FAILURE_BUCKET_ID: 0xc9_221_VRF_nt!ViGenericPnp
BUCKET_ID: 0xc9_221_VRF_nt!ViGenericPnp
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xc9_221_vrf_nt!vigenericpnp
FAILURE_ID_HASH: {9b03958c-18ab-732a-2c41-f92dcd519377}
Followup: MachineOwner
Could anyone give me a fever for finding the root cause?Hi,
In order to assist you, we will need the .DMP files to analyze what exactly occurred at the time of the crash, etc.
If you don't know where .DMP files are located, here's how to get to them:
1. Navigate to the %systemroot%\Minidump folder.
-- %systemroot% is the environment variable for your Windows directory. For example, C:\Windows.
2. Copy any and all .DMP files in the Minidump folder to your Desktop, create a new folder on the Desktop to put these .DMP files in, and then zip the folder. You can then either use a 3rd party tool such as 7-Zip/Winrar, or you can use Windows'
default method of zipping folders.
Compress and uncompress files (zip files).
Please note that any "cleaner" programs such as TuneUpUtilities, CCleaner, etc, by default will delete .DMP files upon use. With this said, if you've run such software, and your Minidump folder is empty, you will need
to allow the system to crash once again to generate a crash dump.
3. Upload the .ZIP containing the .DMP files to Onedrive or a hosting site of your choice and paste in your reply.
Preferred sites: Onedrive, Mediafire, Dropbox, etc. Nothing with wait-timers, download managers, etc.
4 (optional): The type of .DMP files located in the Minidump folder are known as Small Memory Dumps. In %systemroot% there will be what is known as a Kernel Memory Dump (if your system is set to generate). It is labeled MEMORY.DMP. The difference
between Small Memory Dumps and Kernel Memory Dumps in the simplest definition is a Kernel Memory Dump contains
much more information at the time of the crash, therefore allowing further debugging of your issue. If your upload speed permits it, and you aren't going against any strict bandwidth and/or usage caps, etc, the Kernel Memory Dump is
the best choice. Do note that Kernel Memory Dumps are much larger
in size due to containing much more info, which is why I mentioned upload speed, etc.
If you are going to use Onedrive but don't know how to upload to it, please visit the following:
Upload photos and files to Onedrive.
After doing that, to learn how to share the link to the file if you are unaware, please visit the following link -
Share files and folders and change permissions and view 'Get a link'.
If your computer is not generating .DMP files, please do the following:
1. Start > type %systemroot% which should show the Windows folder, click on it. Once inside that folder, ensure there is a Minidump folder created. If not, CTRL-SHIFT-N to make a New Folder and name it Minidump.
2. Windows key + Pause key. This should bring up System. Click Advanced System Settings on the left > Advanced > Performance > Settings > Advanced > Ensure there's a check-mark for 'Automatically manage paging file size for
all drives'.
3. Windows key + Pause key. This should bring up System. Click Advanced System Settings on the left > Advanced > Startup and Recovery > Settings > System Failure > ensure there is a check mark next to 'Write an event to the
system log'.
Ensure Small Memory Dump is selected and ensure the path is %systemroot%\Minidump.
4. Double check that the WERS is ENABLED:
Start > Search > type services.msc > Under the name tab, find Windows Error Reporting Service > If the status of the service is not Started then right click it and select Start. Also ensure that under Startup Type it is set to Automatic rather than
Manual. You can do this by right clicking it, selecting properties, and under General selecting startup type to 'Automatic', and then click Apply.
If you cannot get into normal mode to do any of this, please do this via Safe Mode.
Regards,
Patrick
“Be kind whenever possible. It is always possible.” - Dalai Lama -
I keep getting the following dialogue box when I start Firefox " Could not initialise the application's security component. The most probable cause is problems with files in your browser's profile directory. Please check that this directory has no read/write restrictions." I am not sure how to find or change the profile directory. I have gone to the Options: General: Save files to ...box but it wont allow me to browse to another file and the box remains blank. ideas please!
See [[Could not initialize the browser security component]]
Continue here: [/questions/780717] -
The full alert is " Could not initialise the application's security component. The most probable cause is problems with files in your browser's profile directory. Please check that this directory has no read/write restrictions and your hard drive is not full or close to full. It is recommended that you exit the browser and fix the problem. If you continue to use this browser session, you might see incorrect browser behaviour when accessing security features."
This is just started three/four days ago. I need assistance quickly as I can't access any secure sites e.g bank accounts/homepage etc.See [[Could not initialize the browser security component]]
-
iPhone 4s will not boot after trying to install ios7 beta 4. Stops at apple logo with progress line under it. how can I reset it or get it back up to do a restore then try the iOS 7 beta 4 install again. Issue was probably caused by disconnection
Obviously since you have iOS 7 you're a developer. As a developer, you signed a NDA with Apple not to discuss the iOS on a public forum. Please log in to the Developer Forum using your credentials and ask for help there, lest you risk having your credentials terminated.
Thanks, and best of luck to you.
GDG
Maybe you are looking for
-
How do I use CreateBookmarksFromGroupTree and NOT guid in the name for my top level?
Post Author: Barbdcg CA Forum: Deployment I have a report that I have created that uses uses groups and I wanted export a PDF using the CreateBookmarksFromGroupTree option. While that works, I get an ugly top level bookmark name that starts with the
-
URGENT: Opening JInternalFrame upon click of a button
Hi can somebody help me, Im a newbie in JDeveloper IDE and have no proper training. Im using Oracle Jdeveloper 10.1.3.3.0. My project is an ADF Swing Application. Let me explain what I'm trying to do.. I like to open another JinternalFrame upon click
-
WKT Contains Scientific Notation
I have a table with an SDO geometry column. Our data is stored in Web Mercator to simplify displaying maps on a web page. My team's preferred way of shuffling geometries around is via its WKT since this is human readable and widely used. So we are fe
-
I am trying to install things to mac, will not allow me to install anything. The installer comes up, then stops and say error message no bill of material. I close that and it returns to the installer and the only option is close. May have trashed ist
-
Portal Content Objects - Dropdown for "ID Prefix".
Hello experts, It's been a long time since I took TEP10 Academy, but I still remember when doing the exercises at SAP's Trainning Facilities that the ID Prefixes of all PCD Objects were not in an input field as the standard SAP Portal delivery does.