Windows 8.1 x64 BSOD on shutdown - ntoskrnl.exe
This has been happening for several months to me, where in Windows 8.1 x64 when I go to shut down to install any Windows updates, I get a BSOD that says REFERENCE_BY_POINTER. I've uploaded the minidump files here:
https://skydrive.live.com/redir?resid=A0FE33D78854B45A!3350&authkey=!AEZUfKou1Y7rQWQ&ithint=folder%2c.dmp
Can someone help me sort out which driver might be causing the problem? Thanks!
actiprosoftware.com - Professional WPF, WinRT, Silverlight, and WinForms UI controls and components
Hi,
The Ntkrnlmp.exe Bluescreen error may be caused by following factors.
Fail to load drivers.
Require a microcode update that is not applied by the computer's basic input/output system (BIOS).
Are damaged or defective.
Are operating outside their specified ranges for temperature, power, or other conditions.
First, I suggest we disable fast boot for Windows 8.1 to check the issue (below steps are ok for Windows 8.1):
Please refer to this article: Disable Windows 8 fast startup (hibernate file)
http://nvidia.custhelp.com/app/answers/detail/a_id/3152/~/disable-windows-8-fast-startup-(hibernate-file)
If the issue persists, to determine the possible cause, I suggest we test the issue in Clean boot mode and Device clean boot mode:
How to perform a clean boot to troubleshoot a problem in Windows 8, Windows 7, or Windows Vista
http://support.microsoft.com/kb/929135
If the issue doesn’t appear, you can determine which one can be the cause by using dichotomy in MSconfig. Checking on half of Non-Microsoft service and restart, determining which half of the services cause the issue and repeating to check half of the problematic
half services.
Device Clean Boot
=================
1. Type "devmgmt.msc" (without quotation marks) in the Search bar and press Enter.
2. Expand "Sound, video and game controllers".
3. Right click on your sound card and then click "Properties.
4. In the dropdown menu of Device Usage, please choose "Do not use this device (disable)" and click OK.
5. Please use the same method to disable other dubious hardware such as: internal modem, network card and CD-R drive. Please note some devices such as video adapter are not available to be disabled.
Let me know the results after performing my previous suggestions.
If the issue still persist, please post back the latest dump file and system information here for further research.
Kate Li
TechNet Community Support
Similar Messages
-
Randomly BSODs caused by ntoskrnl.exe
I have random BSODs, this is the dump file... any ideas? I tried to update all drivers, but I solved nothing.
Microsoft (R) Windows Debugger Version 6.3.9600.17029 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\061114-29937-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Error: Attempts to access '061114-29937-01.dmp' failed: 0x0 - The operation completed successfully.
************* Symbol Path validation summary **************
Response Time (ms) Location
Error 061114-29937-01.dmp
Symbol search path is: 061114-29937-01.dmp
Executable search path is:
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 8 Kernel Version 9600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9600.17085.amd64fre.winblue_gdr.140330-1035
Machine Name:
Kernel base = 0xfffff800`6e28e000 PsLoadedModuleList = 0xfffff800`6e5582d0
Debug session time: Wed Jun 11 20:29:12.062 2014 (UTC + 2:00)
System Uptime: 0 days 0:22:21.219
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
************* Symbol Loading Error Summary **************
Module name Error
ntoskrnl The system cannot find the file specified
You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
You should also verify that your symbol search path (.sympath) is correct.
* Bugcheck Analysis
Use !analyze -v to get detailed debugging information.
BugCheck 133, {1, 1e00, 0, 0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
*** Type referenced: nt!_KPRCB
5 times more...
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
*** Type referenced: nt!_KPRCB
Probably caused by : ntoskrnl.exe ( nt+153fa0 )
Followup: MachineOwner
Systeminfo:
OS Name: Microsoft Windows 8.1 Pro
OS Version: 6.3.9600 N/A Build 9600
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Original Install Date: 30/10/2013, 13:43:05
System Boot Time: 11/06/2014, 20:29:52
System Manufacturer: TOSHIBA
System Model: Satellite L500
System Type: x64-based PC
Processor(s): 1 Processor(s) Installed.
[01]: Intel64 Family 6 Model 37 Stepping 2 GenuineIntel ~2261 Mhz
BIOS Version: TOSHIBA 2.10, 17/05/2011
Windows Directory: C:\WINDOWS
System Directory: C:\WINDOWS\system32
Boot Device: \Device\HarddiskVolume2
Total Physical Memory: 3.958 MB
Available Physical Memory: 1.792 MB
Virtual Memory: Max Size: 7.926 MB
Virtual Memory: Available: 5.492 MB
Virtual Memory: In Use: 2.434 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server:
\\MicrosoftAccount
Hotfix(s): 56 Hotfix(s) Installed.
[01]: KB2899189_Microsoft-Windows-CameraCodec-Package
[02]: KB2843630
[03]: KB2868626
[04]: KB2883200
[05]: KB2887595
[06]: KB2889543
[07]: KB2891214
[08]: KB2893294
[09]: KB2894029
[10]: KB2894179
[11]: KB2898868
[12]: KB2900986
[13]: KB2901125
[14]: KB2901128
[15]: KB2903939
[16]: KB2904440
[17]: KB2911106
[18]: KB2912390
[19]: KB2913152
[20]: KB2916036
[21]: KB2919355
[22]: KB2919394
[23]: KB2919442
[24]: KB2920189
[25]: KB2923528
[26]: KB2923768
[27]: KB2926765
[28]: KB2928680
[29]: KB2931358
[30]: KB2931366
[31]: KB2939153
[32]: KB2939576
[33]: KB2950153
[34]: KB2953522
[35]: KB2954879
[36]: KB2955164
[37]: KB2956575
[38]: KB2957151
[39]: KB2957189
[40]: KB2957689
[41]: KB2958262
[42]: KB2959977
[43]: KB2961908
[44]: KB2962140
[45]: KB2964718
[46]: KB2964736
[47]: KB2965065
[48]: KB2965142
[49]: KB2965500
[50]: KB2965699
[51]: KB2965788
[52]: KB2966072
[53]: KB2966407
[54]: KB2966804
[55]: KB2969817
[56]: KB976002
Network Card(s): 10 NIC(s) Installed.
[01]: Realtek PCIe FE Family Controller
Connection Name: Ethernet
DHCP Enabled: Yes
DHCP Server: N/A
IP address(es)
[02]: Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
Connection Name: Wi-Fi
Status: Hardware
not present
[03]: Hyper-V Virtual Ethernet Adapter
Connection Name: Ethernet 6
Status: Media
disconnected
[04]: Hyper-V Virtual Ethernet Adapter
Connection Name: Ethernet 3
Status: Media
disconnected
[05]: Hyper-V Virtual Ethernet Adapter
Connection Name: Ethernet 5
DHCP Enabled: Yes
DHCP Server: 192.168.1.1
IP address(es)
[01]: 192.168.1.129
[02]: fe80::1513:f368:3c1e:c173
[06]: Hyper-V Virtual Ethernet Adapter
Connection Name: Ethernet 4
DHCP Enabled: No
IP address(es)
[01]: 169.254.80.80
[02]: fe80::4892:9cb3:7a80:2057
[07]: VMware Virtual Ethernet Adapter for VMnet1
Connection Name: VMware Network Adapter VMnet1
DHCP Enabled: No
IP address(es)
[01]: 192.168.223.1
[02]: fe80::a11c:f4d5:c02f:9fcf
[08]: VMware Virtual Ethernet Adapter for VMnet8
Connection Name: VMware Network Adapter VMnet8
DHCP Enabled: No
IP address(es)
[01]: 192.168.132.1
[02]: fe80::fc9a:9075:a71e:776c
[09]: TAP-Windows Adapter V9
Connection Name: Local Area Connection 3
Status: Media
disconnected
[10]: Hyper-V Virtual Ethernet Adapter
Connection Name: vEthernet (TAP-Windows Adapter V9 Virtual Switch)
Status: Media
disconnected
Hyper-V Requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.Hi,
In order to assist you, we will need the .DMP files to analyze what exactly occurred at the time of the crash, etc.
If you don't know where .DMP files are located, here's how to get to them:
1. Navigate to the %systemroot%\Minidump folder.
2. Copy any and all DMP files in the Minidump folder to your Desktop and then zip up these files.
3. Upload the zip containing the .DMP files to Onedrive or a hosting site of your choice and paste in your reply. Preferred sites: Onedrive, Mediafire, Dropbox, etc. Nothing with wait-timers, download managers, etc.
4 (optional): The type of .DMP files located in the Minidump folder are known as Small Memory Dumps. In %systemroot% there will be what is known as a Kernel-Dump (if your system is set to generate). It is labeled MEMORY.DMP. The difference
between Small Memory Dumps and Kernel-Dumps in the simplest definition is a Kernel-Dump contains
much more information at the time of the crash, therefore allowing further debugging of your issue. If your upload speed permits it, and you aren't going against any strict bandwidth and/or usage caps, etc, the Kernel-Dump is the best
choice. Do note that Kernel-Dumps are much larger in size due to containing much more info, which is why I mentioned upload speed, etc.
If you are going to use Onedrive but don't know how to upload to it, please visit the following:
Upload photos and files to Onedrive.
After doing that, to learn how to share the link to the file if you are unaware, please visit the following link -
Share files and folders and change permissions and view 'Get a link'.
Please note that any "cleaner" programs such as TuneUpUtilities, CCleaner, etc, by default will delete .DMP files upon use. With this said, if you've run such software, you will need to allow the system to crash once again to generate a crash dump.
If your computer is not generating .DMP files, please do the following:
1. Start > type %systemroot% which should show the Windows folder, click on it. Once inside that folder, ensure there is a Minidump folder created. If not, CTRL-SHIFT-N to make a New Folder and name it Minidump.
2. Windows key + Pause key. This should bring up System. Click Advanced System Settings on the left > Advanced > Performance > Settings > Advanced > Ensure there's a check-mark for 'Automatically manage paging file size for all
drives'.
3. Windows key + Pause key. This should bring up System. Click Advanced System Settings on the left > Advanced > Startup and Recovery > Settings > System Failure > ensure there is a check mark next to 'Write an event to the system
log'.
Ensure Small Memory Dump is selected and ensure the path is %systemroot%\Minidump.
4. Double check that the WERS is ENABLED:
Start > Search > type services.msc > Under the name tab, find Windows Error Reporting Service > If the status of the service is not Started then right click it and select Start. Also ensure that under Startup Type it is set to Automatic rather than
Manual. You can do this by right clicking it, selecting properties, and under General selecting startup type to 'Automatic', and then click Apply.
If you cannot get into normal mode to do any of this, please do this via Safe Mode.
Regards,
Patrick
“Be kind whenever possible. It is always possible.” - Dalai Lama -
Touchsmart 310-1110uk - BSoD caused by ntoskrnl.exe
I have had seemingly random Blue Screens of Death when shutting down on my HP Touchsmart 310-1110uk over the last few months. Sometimes when shutting down, the "Shutting down..." message is displayed for a long time and then the BSoD appears. This only happens occasionally and most of the time it shuts down fine. The blue screen only ever appears when shutting down.
It seemed to happen when Connectify was running but after looking into Connectify BSoD problems it seems that this bug was fixed after version 3, and I am running 3.3.0.23104 Pro. Therefore I don't think Connectify is the problem.
I have uploaded the a .zip of the dump files from "C:\Windows\Minidumps" to Dropbox here:
http://dl.dropbox.com/u/9154836/Minidump.zip
I have also downloaded BlueScreenView to try and analyse the error logs. Most of the crashes seem to be the same with the following:
Bug Check String: DRIVER_POWER_STATE_FAILURE
Bug Check Code: 0x0000009f
Caused By Driver: ntoskrnl.exe
Caused By Address: [mostly "ntoskrnl.exe+7cd40" or "ntoskrnl.exe+7cc40"]
I have uploaded the full HTML BlueScreenView report here:
http://dl.dropbox.com/u/9154836/report.html
I haven't installed many programs which might have caused the problem. This has been happening since November 2011 and the only thing I installed around then was Connectify.
From what I can tell it seems to be a driver issue, but because this only happens occasionally (at seemingly random times when shutting down) it's almost impossible to troubleshoot by disabling individual drivers (i.e. trial and error).
I would appreciate some help on this, if you could provide some guidance on fixing this or ask for more specific information.I have had seemingly random Blue Screens of Death when shutting down on my HP Touchsmart 310-1110uk over the last few months. Sometimes when shutting down, the "Shutting down..." message is displayed for a long time and then the BSoD appears. This only happens occasionally and most of the time it shuts down fine. The blue screen only ever appears when shutting down.
It seemed to happen when Connectify was running but after looking into Connectify BSoD problems it seems that this bug was fixed after version 3, and I am running 3.3.0.23104 Pro. Therefore I don't think Connectify is the problem.
I have uploaded the a .zip of the dump files from "C:\Windows\Minidumps" to Dropbox here:
http://dl.dropbox.com/u/9154836/Minidump.zip
I have also downloaded BlueScreenView to try and analyse the error logs. Most of the crashes seem to be the same with the following:
Bug Check String: DRIVER_POWER_STATE_FAILURE
Bug Check Code: 0x0000009f
Caused By Driver: ntoskrnl.exe
Caused By Address: [mostly "ntoskrnl.exe+7cd40" or "ntoskrnl.exe+7cc40"]
I have uploaded the full HTML BlueScreenView report here:
http://dl.dropbox.com/u/9154836/report.html
I haven't installed many programs which might have caused the problem. This has been happening since November 2011 and the only thing I installed around then was Connectify.
From what I can tell it seems to be a driver issue, but because this only happens occasionally (at seemingly random times when shutting down) it's almost impossible to troubleshoot by disabling individual drivers (i.e. trial and error).
I would appreciate some help on this, if you could provide some guidance on fixing this or ask for more specific information. -
Windows 8.1 installation first reboot 0xc000007b ntoskrnl.exe missing or contains errors
I'm trying to install Windows 8.1 (with updata 1) using UEFI on my Intel DP45SG.
Starting up the installation by using UEFI works fine, but after the files have been copied and the system reboots I get the following error code: 0xc000007b ntoskrnl.exe missing or contains errors
I've tried reformatting my USB stick and recopying the files, as well as re downloading the installation files but this hasn't resolved the problem.
Is there anything I can try to fix this? Perhaps give some commands in the commands prompt?Hi Gi,
It might be caused by changes in Windows 8 PnP in which Boot Start Drivers are not installed by default.
Please try following
the instructions as mentioned in the KB aticle.
https://support.microsoft.com/en-us/kb/2751461?wa=wsignin1.0
Regards,
D. Wu
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Windows 7 Ult 64 memory mgmt errors ntoskrnl.exe nt+75BC0
Using WhoCrashed I get this error once in a while. Where should I post this question?
On Mon 4/14/2014 3:41:15
PM GMT your computer crashed
crash dump file:
C:\Windows\Minidump\041414-5584-01.dmp
This was probably caused by the
following module: ntoskrnl.exe (nt+0x75BC0)
Bugcheck code: 0x1A
(0x411, 0xFFFFF6800014DFF8, 0xF86000032C9C8886, 0xFFFFF8A025364283)
Error:
MEMORY_MANAGEMENT
file path:
C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel &
System
Bug check description: This indicates that a severe memory management
error occurred.
This might be a case of memory corruption. More often memory
corruption happens because of software errors in buggy drivers, not because of
faulty RAM modules.
The crash took place in the Windows kernel. Possibly
this problem is caused by another driver that cannot be identified at this time.
I got this two days earlier.
On Sat 4/12/2014 12:36:47
AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\041114-6115-01.dmp
This was probably caused by the
following module: ntoskrnl.exe (nt+0x75BC0)
Bugcheck code: 0x1A
(0x5003, 0xFFFFF70001080000, 0x161, 0x163000000C2)
Error: MEMORY_MANAGEMENT
file path:
C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel &
System
Bug check description: This indicates that a severe memory management
error occurred.
This might be a case of memory corruption. More often memory
corruption happens because of software errors in buggy drivers, not because of
faulty RAM modules.
The crash took place in the Windows kernel. Possibly
this problem is caused by another driver that cannot be identified at this time.We do need the actual DMP file as they contain the only record of the sequence of events leading up to the crash, what drivers were loaded, and what was responsible.
We prefer at least 2 DMP files to spot trends and confirm the cause.
Please follow our instructions for finding and uploading the files we need to help you fix your computer. They can be found here
If you have any questions about the procedure please ask
If you are using Blue screen view, who crashed, or a similar application don't. They are wrong at least as often as they are correct
Wanikiya and Dyami--Team Zigzag -
Windows 8.1 x64 BSOD on occassion
Laptop is Dell Vostro 1500, latest BIOS 4gb RAM 500gb HDD nVidia GeForce 8400GS video Intel 4965agn wifi (everything else is to spec on device, latest versions of all drivers available) I usually keep the laptop on 24/7, but noticed that it would reboot
itself when I am not actively working on it. ONCE, I saw the reboot, caused by a BSOD, caused by netwlv64.sys. Looking in forums, there was a "solution" to disable MSI interrupts via the registry, and that seems to assist with the problem, but the
problem still persists. I have a memory.dmp of occurance. HELP, this is annoying. I moved to Win8.1 because I like the additions and performance (when it's working) is awesome, however, from a stability standpoint, Windows 7 was much better for this device.MM
This was Related to
NETwLv64.sys Wireless WiFi Link Driver from Intel Corporation. I would install the newest driver available
Windows 8 Kernel Version 9600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 9600.16452.amd64fre.winblue_gdr.131030-1505
Machine Name:
Kernel base = 0xfffff801`36000000 PsLoadedModuleList = 0xfffff801`362c4990
Debug session time: Tue Jan 14 23:38:14.819 2014 (UTC - 5:00)
System Uptime: 0 days 3:13:45.761
BugCheck D1, {ffffd00022ce04c0, 2, 0, fffff800026d59d4}
Probably caused by : netwlv64.sys ( netwlv64!prvRfdQueueDispatch+e4 )
STACK_TEXT:
ffffd000`201f8538 fffff801`361597e9 : 00000000`0000000a ffffd000`22ce04c0 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffffd000`201f8540 fffff801`3615803a : 00000000`00000000 ffffe000`01e5ed28 ffffe000`0083df00 ffffd000`201f8680 : nt!KiBugCheckDispatch+0x69
ffffd000`201f8680 fffff800`026d59d4 : ffffd000`22cdd4c4 ffffe000`01e5ed28 ffffd000`22cdd4c4 00000000`ffffffff : nt!KiPageFault+0x23a
ffffd000`201f8810 fffff800`026d541a : ffffe000`01a7e101 00000003`b0c4c56b 00000000`00000025 ffffe000`01e4e890 : netwlv64!prvRfdQueueDispatch+0xe4
ffffd000`201f8880 fffff800`026c9768 : ffffe000`01f8c801 ffffe000`01a7e101 ffffd000`201f89ff fffff800`0258c601 : netwlv64!rfdQueueProcessFragments+0x18a
ffffd000`201f8910 fffff800`029c4142 : 00000000`fe79a000 ffffe000`01a7e1a0 ffffe000`013dac60 fffff800`019bd16c : netwlv64!isrHandlerRoutineInta+0x218
ffffd000`201f8980 fffff800`00af3797 : 00000000`00000000 00000000`00000000 ffffd000`201d3600 fffff801`36057489 : netwlv64!oscHandleInterrupt+0x22
ffffd000`201f89b0 fffff801`3605ad10 : ffffd000`201f8c60 ffffe000`01be53f0 ffffd000`201ce180 ffffe000`01be5000 : ndis!ndisInterruptDpc+0x2a247
ffffd000`201f8ae0 fffff801`3605a9f0 : ffffe000`00000000 00001f80`00000001 ffff030e`02d4f705 00000000`00000002 : nt!KiExecuteAllDpcs+0x1b0
ffffd000`201f8c30 fffff801`361517ea : ffffd000`201ce180 ffffd000`201ce180 00000000`00000000 ffffd000`201da1c0 : nt!KiRetireDpcList+0xd0
ffffd000`201f8da0 00000000`00000000 : ffffd000`201f9000 ffffd000`201f3000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x5a
STACK_COMMAND: kb
FOLLOWUP_IP:
netwlv64!prvRfdQueueDispatch+e4
fffff800`026d59d4 41813c2400005555 cmp dword ptr [r12],55550000h
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: netwlv64!prvRfdQueueDispatch+e4
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: netwlv64
IMAGE_NAME: netwlv64.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4c694a9f
BUCKET_ID_FUNC_OFFSET: e4
FAILURE_BUCKET_ID: AV_netwlv64!prvRfdQueueDispatch
BUCKET_ID: AV_netwlv64!prvRfdQueueDispatch
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_netwlv64!prvrfdqueuedispatch
FAILURE_ID_HASH: {7dcb966c-d4d2-82e2-eeb7-814a1d2b988e
Wanikiya and Dyami--Team Zigzag -
Hello,
We've seen that on our 2008 x64 servers the svchost.exe that holds gpsvc in it takes up alot of CPU-time. Upon further investigation I saw that when it refreshes policies it holds 1 core for 10 minutes. I setup a procmon and filtered it on the pid off the gpsvc-svchost and saw that it logged 8.5 million events.
It keeps looping events where it seems to be checking history-data under "C:\ProgramData\Microsoft\Group Policy\History\<GUIDS>".
We are using GPPreferences. Has anyone seen anything like this before?
I have the .PML-file from procmon, however its 350MB zipped so I dont know how to attach it to case.Hi,
To better understand the issue, please help confirm the following:
1. Do all computers encounter this issue?
2. When did this issue begin to occur? Did it coincide with any events, such as the installation of some software?
Meanwhile, please perform the steps below to see if the issue goes away:
1. Delete the contents in the "C:\ProgramData\Microsoft\Group Policy\History\" folder.
2. Please perform a clean boot on the server:
1) Click Start, type msconfig in the Start Search box, and then press ENTER.
2) On the General tab, click Selective Startup.
3) Under Selective Startup, click to clear the Load Startup Items check box.
4) Click the Services tab, click to select the Hide All Microsoft Services check box, and then click Disable All.
5) Click OK.
6) When you are prompted, click Restart.
If the issue continues, please help collect the following information for further research:
1. Enable gpsvc.log:
Please create the following key in Registry Editor:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
Type: DWORD
Value: GPSvcDebugLevel
Data: 0x30002 (hexadecimal)
2. Please run gpupdate /force to reproduce the issue and then collect MPSReport on the server:
1) Download the MPSReport from the website below:
http://www.microsoft.com/downloads/details.aspx?FamilyID=CEBF3C7C-7CA5-408F-88B7-F9C79B7306C0&displaylang=en
2) Double-click the executable to launch the report gathering tool on the computer.
3) Follow the steps as guided by the Wizard.
4) On the Select the diagnostics you want to run page, select General, Internet and Networking, Business Networks, and Server Components.
3. After that, please zip the gpsvc.log (%windir%\debug\usermode\gpsvc.log), MPSReport and the PML.file and upload to the following space:
https://sftasia.one.microsoft.com/choosetransfer.aspx?key=ef4b8b4e-0e6c-4774-a132-2d072f8b77b0
Password: fQxbhTjUV
More Information about MPSReport:
http://blogs.technet.com/askperf/archive/2009/05/01/two-minute-drill-the-new-mps-reports.aspx
This posting is provided "AS IS" with no warranties, and confers no rights. -
BSOD - appears that ntoskrnl.exe is the cause - a search of my computer for this file shows that I have 27 such files - various sizes but some of the particular file sizes repeat.
1. how many versions of this file should I have - what is the right file size and where should it "live"
Thanks
Oops - yes - happens when Windows Media Center is running (only when)Hi,
This file is a system component file, and system updates or added components will give it updated versions. You can see that this file can be located under winsxs\certain component name folder.
To analyze you BSOD issue, please upload the dump file here for our research.
Kate Li
TechNet Community Support -
Windows 8.1 BSOD - ntoskrnl.exe
Hi, I've been experiencing BSOD's on a daily basis (only when I am away from my computer) and I'd like to know the root cause of the problems. I've attached several minidump files below. Using Windbg (x64) the only problem I can see is ntoskrnl.exe being
unable to load (either corrupted or missing). sfc/scannow has detailed several problems relating to ntoskrnl.exe as well
https://onedrive.live.com/redir?resid=6e6984aa2d967f21%212299
Thanks!
BillYou've recommended the opposite of what I was told last time: "The crashes are being caused by you
NVidia display driver. Please uninstall an "clean" reinstall the current driver version".
Last time I had BSOD problems I was using version 326.19 (at least one year old) and now I have the most recent version. As a result, I do not believe this is the cause of the BSOD's.
Also, I do not see the same thing you do when opening the minidump file, as follows:
Microsoft (R) Windows Debugger Version 6.3.9600.17029 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\040815-36484-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
Executable search path is:
* Symbols can not be loaded because symbol path is not initialized. *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 8 Kernel Version 9600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9600.17668.amd64fre.winblue_r8.150127-1500
Machine Name:
Kernel base = 0xfffff802`0a282000 PsLoadedModuleList = 0xfffff802`0a55b250
Debug session time: Wed Apr 8 14:02:21.387 2015 (UTC - 6:00)
System Uptime: 0 days 20:32:22.558
* Symbols can not be loaded because symbol path is not initialized. *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
************* Symbol Loading Error Summary **************
Module name Error
ntoskrnl The system cannot find the file specified
You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
You should also verify that your symbol search path (.sympath) is correct.
* Bugcheck Analysis *
Use !analyze -v to get detailed debugging information.
BugCheck 9F, {3, ffffe0019c12a760, fffff8020c30e960, ffffe001a1f67680}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: NT!_DEVICE_OBJECT ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!_IRP ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!_IRP ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!TRIAGE_9F_POWER ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!_IRP ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!_IO_STACK_LOCATION ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!_IRP ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!_DEVICE_OBJECT ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!_KPRCB ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!KPRCB ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!_KPRCB ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!KPRCB ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!_KPRCB ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!_KPRCB ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. *** -
Windows 7 Pro x64 now BSOD just as it is starting and Startup Repair has failed
As the title says, a few days ago my Windows 7 Pro x64 started to BSOD just as Windows is starting but the error screen disappears immediately.
Startup Repair fails and has Problem Signature 04: 21199350
I have used the Windows 7 Pro installation DVD and opened its Command Prompt option and then run the chkdsk and sfc programs but no errors were reported. Also, I ran bootrec with /fixmbr then with /fixboot and finally with /rebuildbcd but it made no difference.
After a failure, the next time I turn on the PC I am offered to repair Windows or to start windows normally. Using the repair from here didn't work as also happened when I chose the repair option from the Windows 7 Pro installation DVD.
Holding down the f8 key when Windows is starting doesn't make any difference.
BTW, the crash happens as the 4 small parts of windows are approaching each other on the Windows start screen.
I can access my hard disk by attaching it to my laptop. If the error 21199350 reported by Startup Repair failure is not the BSOD error, will this be recorded in a file each time it happens? If so, which file?
Any help will be greatly appreciated as I dread having to reinstall Windows 7 Pro from scratch again and all the many programs I spent ages installing.
Thanks
PaulSorry for the delay in replying.
This evening I managed to modify the PC registry from the Startup Repair command window so it wouldn't reboot on BSOD.
Used regedit.exe to modify the following in the PC's registry (I followed the 17 July 2011 Terra-byte "Modify the Windows Registry from Startup Repair" article):
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CrashControl] and set AutoReboot to 0x00000000.
and also for ControlSet002.
The BSOD error is: 0x0000007B which seems to be a device driver problem.
Would my problem be caused by my installing 2x 2GB DIMMs that I bought on eBay into my Abit AB9 Pro motherboard's two free slots (the other two slots each have 1GB DIMMs) but on power on nothing happened?
Removing the two new DIMMs the PC powered on but then resulted in BSOD.
Thanks
Paul
Error 0x000000tB is a very often reported error. It means INACCESSIBLE BOOT DEVICE. Either something in your BIOS changed the type of storage device (AHCI -> IDE) or your HDD is experiencing a possible failure.
See info @ 0x0000007B (INACCESSIBLE BOOT DEVICE): Fix for Windows XP, Vista, 7, 8, 8.1
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ” -
Windows Vista Ultimate x64 Random B
This is for Cat, Jason or Dale or anyone that has run into this,
Quick question I booted up my computer and everything loaded fine Sound was great everything again fine! I went to play world of warcraft and the second I clicked on it BAM! Blue Screen of Death, Dump file created, computer restarted haven't gotten if it to repeat though WEIRD! I did decode the dump file so we know where to start looking.
I have a Xi-Fi Xtermegamer card running latest beta drivers.
Here is the dump:
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Randy\Desktop\Mini030707-0.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
Executable search path is:
* Symbols can not be loaded because symbol path is not initialized. *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath+ *
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows Vista Kernel Version 6000 UP Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0xfffff800`02000000 PsLoadedModuleList = 0xfffff800`0299e90
Debug session time: Wed Mar 7 2:50:03.36 2007 (GMT-5)
System Uptime: 0 days 0:04:47.395
* Symbols can not be loaded because symbol path is not initialized. *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath+ *
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
* Bugcheck Analysis *
Use !analyze -v to get detailed debugging information.
BugCheck D, {20, 2, 0, fffff980098d998}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
Unable to load image \SystemRoot\system32\drivers\ha20x2k.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for ha20x2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ha20x2k.sys
*** Your debugger is not using the correct symbols ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: nt!_KPRCB ***
Probably caused by : ha20x2k.sys ( ha20x2k+c9998 )
Followup: MachineOwner
I know the ha20x2k.sys is a creative sound component I right clicked on the file and it said creative labs on it
Any ideas?Same thing with Vista 32 bit. No need for a long note from me just to confirm that we have seen this with various set ups and can turn it off and on by just removing or installing the X-Fi with the present drivers.Yes Vista changes things and I can see why Creative is upset but we all knew that Vista was comming for months. Vista is a fact of life and actually we like it enough that we are changing over well ahead of our original schedule.As for the Creative drivers, just give us basic functions and stability, no BSOD's and communicate and we will be far more patient.
-
Got a bsod with 0x00000124 .
Heard blue screen viewer can be wrong sometimes but it said ntoskrnl.exe was the problem?
Not sure if I'm using this thing correctly but this is the minidump http://1drv.ms/1wvmcmq
Also am running driver verifier and restarted.
It's suppose to take a while right?
And can I continue playing while it runs?Cshn
This was called a BCC124 and it is related to hardware. SInce the DMP references Genuine Intel I would start by running a CPU stress test
Try this free stress test: http://www.mersenne.org/freesoft/
Prime95 Setup;
- extract the contents of the zip file to a location of your choice
- double click on the executable file
- select "Just stress testing"
- select the "Blend" test. If you've already run MemTest overnight you may want to run the "Small FFTs" test instead.
- "Number of torture test threads to run" should equal the number of CPU's times 2 (if you're using hyperthreading).
The easiest way to figure this out is to go to Task Manager...Performance tab - and see the number of boxes under CPU Usage History
Then run the test for 6 to 24 hours - or until you get errors [b](whichever comes first)
The Test selection box and the stress.txt file describes what components that the program stresses.
Stop 0x124 is a hardware error
If you are overclocking try resetting your processor to standard settings and see
if that helps.
If you continue to get BSODs here are some more things you may want to consider.
This is usually heat related, defective hardware, memory or even processor though
it is"possible" that it is driver related (rare).
Stop 0x124 - what it means and what to try
Synopsis:
A "stop 0x124" is fundamentally different to many other types of bluescreens because it stems from a hardware complaint.
Stop 0x124 minidumps contain very little practical information, and it is therefore necessary to approach the problem as a case of hardware in an unknown state of distress.
Generic "Stop 0x124" Troubleshooting Strategy:
1) Ensure that none of the hardware components are overclocked. Hardware that is driven beyond its design specifications - by overclocking - can malfunction in unpredictable
ways.
2) Ensure that the machine is adequately cooled.
If there is any doubt, open up the side of the PC case (be mindful of any relevant warranty conditions!) and point a mains fan squarely at the motherboard. That will rule out most (lack of) cooling issues.
3) Update all hardware-related drivers: video, sound, RAID (if any), NIC... anything that interacts with a piece of hardware.
It is good practice to run the latest drivers anyway.
4) Update the motherboard BIOS according to the manufacturer's instructions and clear the CMOS.
Their website should provide detailed instructions as to the brand and model-specific procedure.
5) Rarely, bugs in the OS may cause "false positive" 0x124 events where the hardware wasn't complaining but Windows thought otherwise (because of the bug).
At the time of writing, Windows 7 is not known to suffer from any such defects, but it is nevertheless important to always keep Windows itself updated.
6) Attempt to (stress) test those hardware components which can be put through their paces artificially.
The most obvious examples are the RAM and HDD(s).
For the RAM, use the 3rd-party memtest86 utility to run many hours worth of testing. (6-8 passes to stress the ram out)
For hard drives, check whether CHKDSK /R finds any problems on the drive(s), notably "bad sectors".
Unreliable RAM, in particular, is deadly as far as software is concerned, and anything other than a 100% clear memory test result is cause for concern. Unfortunately, even a 100% clear result from the diagnostics utilities does not guarantee that the RAM is
free from defects - only that none were encountered during the test passes.
7) As the last of the non-invasive troubleshooting steps, perform a "vanilla" reinstallation of Windows: just the OS itself without any additional applications,
games, utilities, updates, or new drivers - NOTHING AT ALL that is not sourced from the Windows 7 disc.
Should that fail to mitigate the 0x124 problem, jump to the next steps.
If you run the "vanilla" installation long enough to convince yourself that not a single 0x124 crash has occurred, start installing updates and applications slowly, always pausing between successive additions long enough to get a feel for whether
the machine is still free from 0x124 crashes.
Should the crashing resume, obviously the very last software addition(s) may be somehow linked to the root cause.
If stop 0x124 errors persist despite the steps above, and the hardware is under warranty, consider returning it and requesting a replacement which does not suffer periodic MCE events.
Be aware that attempting the subsequent hardware troubleshooting steps may, in some cases, void your warranty:
8) Clean and carefully remove any dust from the inside of the machine.
Reseat all connectors and memory modules.
Use a can of compressed air to clean out the RAM DIMM sockets as much as possible.
9) If all else fails, start removing items of hardware one-by-one in the hope that the culprit is something non-essential which can be removed.
Obviously, this type of testing is a lot easier if you've got access to equivalent components in order to perform swaps.
Should you find yourself in the situation of having performed all of the steps
above without a resolution of the symptom, unfortunately the most likely reason is because the error message is literally correct - something is fundamentally wrong with the machine's hardware.
More advanced reading can be found here from a MS MVP IT PRO
http://captaindbg.com/bug-check-0x124-whea_uncorrectable_error-how-to-troubleshoot/
Microsoft (R) Windows Debugger Version 6.3.9600.17237 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Ken\Desktop\110414-2854-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*D:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*D:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18409.amd64fre.win7sp1_gdr.140303-2144
Machine Name:
Kernel base = 0xfffff800`02c10000 PsLoadedModuleList = 0xfffff800`02e53890
Debug session time: Tue Nov 4 01:05:10.806 2014 (UTC - 5:00)
System Uptime: 0 days 0:26:06.602
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
* Bugcheck Analysis *
Use !analyze -v to get detailed debugging information.
BugCheck 124, {0, fffffa800703c028, ba000000, 58000402}
Probably caused by : GenuineIntel
Followup: MachineOwner
6: kd> !analyze -v
* Bugcheck Analysis *
WHEA_UNCORRECTABLE_ERROR (124)
A fatal hardware error has occurred. Parameter 1 identifies the type of error
source that reported the error. Parameter 2 holds the address of the
WHEA_ERROR_RECORD structure that describes the error conditon.
Arguments:
Arg1: 0000000000000000, Machine Check Exception
Arg2: fffffa800703c028, Address of the WHEA_ERROR_RECORD structure.
Arg3: 00000000ba000000, High order 32-bits of the MCi_STATUS value.
Arg4: 0000000058000402, Low order 32-bits of the MCi_STATUS value.
Debugging Details:
BUGCHECK_STR: 0x124_GenuineIntel
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: chrome.exe
CURRENT_IRQL: f
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre
STACK_TEXT:
fffff880`0310ab58 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: GenuineIntel
IMAGE_NAME: GenuineIntel
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION:
FAILURE_BUCKET_ID: X64_0x124_GenuineIntel_PROCESSOR_MAE
BUCKET_ID: X64_0x124_GenuineIntel_PROCESSOR_MAE
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x124_genuineintel_processor_mae
FAILURE_ID_HASH: {addebe90-d04a-b9c9-a39c-2531fe75dd4e}
Followup: MachineOwner
Wanikiya and Dyami--Team Zigzag -
BSOD "ntoskrnl.exe" - system recovery did not work
Hi, I keep getting BSOD repeatedly whenever i log into windows normally. I can only access my laptop through safe mode w/networking. anyways i have narrowed the problem down to the driver "ntoskrnl.exe" However I dont know what is causing the problem
and how to fix it.
here is the link from my onedrive for kernel dump file:
https://onedrive.live.com/redir?resid=9997264A2CACAA02%21116
Dump File : 082614-111447-01.dmp
Crash Time : 8/26/2014 3:04:11 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`032e1c3f
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18409 (win7sp1_gdr.140303-2144)
Processor : x64
Crash Address : ntoskrnl.exe+75bc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\082614-111447-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 287,608
Dump File Time : 8/26/2014 3:17:08 PMNHJ
These crash was caused by your Symantec killing netio.sys. I would remov Symantec and use MSE in its place
Symantec is a frequent cause of BSOD's.
I would remove and replace it with Microsoft Security Essentials AT LEAST TO TEST
http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN
http://www.microsoft.com/security_essentials/
For Norton 360 use this http://symantec.pcperformancetools.com/norton-360-how-to-uninstall.html
Microsoft (R) Windows Debugger Version 6.3.9600.17029 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Ken\Desktop\082614-111447-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*C:\Symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*C:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.18409.amd64fre.win7sp1_gdr.140303-2144
Machine Name:
Kernel base = 0xfffff800`03263000 PsLoadedModuleList = 0xfffff800`034a6890
Debug session time: Tue Aug 26 15:04:11.347 2014 (UTC - 4:00)
System Uptime: 0 days 0:02:27.283
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
* Bugcheck Analysis *
Use !analyze -v to get detailed debugging information.
BugCheck A, {0, 2, 1, fffff800032e1c3f}
*** WARNING: Unable to verify timestamp for SYMNETS.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMNETS.SYS
Probably caused by : NETIO.SYS ( NETIO!WfpExpireEntryLru+17 )
Followup: MachineOwner
1: kd> !analyze -v
* Bugcheck Analysis *
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800032e1c3f, address which referenced memory
Debugging Details:
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80003510100
GetUlongFromAddress: unable to read from fffff800035101c0
0000000000000000 Nonpaged pool
CURRENT_IRQL: 2
FAULTING_IP:
nt!KeAcquireInStackQueuedSpinLockAtDpcLevel+4f
fffff800`032e1c3f 488713 xchg rdx,qword ptr [rbx]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: System
ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre
TRAP_FRAME: fffff8800a7f3230 -- (.trap 0xfffff8800a7f3230)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa800a138b50 rbx=0000000000000000 rcx=0000000000000000
rdx=fffff8800a7f3430 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800032e1c3f rsp=fffff8800a7f33c0 rbp=0000000000000008
r8=fffff8800a7f3430 r9=fffff88001d8aca0 r10=0000000000000000
r11=0000000000000040 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nt!KeAcquireInStackQueuedSpinLockAtDpcLevel+0x4f:
fffff800`032e1c3f 488713 xchg rdx,qword ptr [rbx] ds:00000000`00000000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800032d8169 to fffff800032d8bc0
STACK_TEXT:
fffff880`0a7f30e8 fffff800`032d8169 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`0a7f30f0 fffff800`032d6de0 : 00000000`00000010 fffff880`0a7f3420 00000000`00000003 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`0a7f3230 fffff800`032e1c3f : 00000000`00000003 00000000`00000002 00000000`00000003 00000000`00000002 : nt!KiPageFault+0x260
fffff880`0a7f33c0 fffff880`01b419c7 : 00000000`00000008 fffff880`0a7f36a0 00000000`00008900 fffffa80`081b47c8 : nt!KeAcquireInStackQueuedSpinLockAtDpcLevel+0x4f
fffff880`0a7f3410 fffff880`01ce608d : fffffa80`0bfe79d0 fffffa80`0c08b8a0 fffff880`0a7f36a0 00000000`00008900 : NETIO!WfpExpireEntryLru+0x17
fffff880`0a7f3460 fffff880`01cad7b7 : 00000000`00000004 fffff880`01b10030 fffffa80`0bfe7a20 00000000`00000001 : tcpip!WfpAleCloseRemoteEndpointConnection+0x2d
fffff880`0a7f3490 fffff880`01d25e5b : fffffa80`0bfe79d0 fffffa80`0b9e2cda 00000000`00000001 fffffa80`0bfe79d0 : tcpip! ?? ::FNODOBFM::`string'+0x20f72
fffff880`0a7f35e0 fffff880`01d261e2 : 00000089`00000000 fffffa80`0b9e2c10 fffffa80`089266a0 00000000`00000001 : tcpip!WfpAleHandleSendCompletion+0xeb
fffff880`0a7f3700 fffff880`01d306b2 : fffff880`0a7f3ba8 00000000`00000001 00000000`00000000 fffffa80`08159f18 : tcpip!WfpAlepAuthorizeSendCompletion+0x32
fffff880`0a7f3750 fffff880`01ba7af2 : fffffa80`00000089 fffff800`00000089 fffffa80`0bc9d370 00000000`00000001 : tcpip!WfpAleCompleteOperation+0x162
fffff880`0a7f37f0 fffff880`076e67bb : 00000000`00000000 00000000`00000000 fffffa80`0bc737c0 00000000`00000030 : fwpkclnt!FwpsCompleteOperation0+0x1e
fffff880`0a7f3820 00000000`00000000 : 00000000`00000000 fffffa80`0bc737c0 00000000`00000030 00000000`00000089 : SYMNETS+0x1e7bb
STACK_COMMAND: kb
FOLLOWUP_IP:
NETIO!WfpExpireEntryLru+17
fffff880`01b419c7 488b4310 mov rax,qword ptr [rbx+10h]
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: NETIO!WfpExpireEntryLru+17
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NETIO
IMAGE_NAME: NETIO.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 5294760d
IMAGE_VERSION: 6.1.7601.18327
FAILURE_BUCKET_ID: X64_0xA_NETIO!WfpExpireEntryLru+17
BUCKET_ID: X64_0xA_NETIO!WfpExpireEntryLru+17
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0xa_netio!wfpexpireentrylru+17
FAILURE_ID_HASH: {fcdee258-ad7b-b100-5f3a-ac9544c5fd1f}
Followup: MachineOwner
Wanikiya and Dyami--Team Zigzag -
BSoD INTERNAL POWER ERROR,ntoskrnl.exe driver issue
Hi,i got brand new computer,every component is new except HDD(ata Maxtor 6L250S0 SCSI disck device) .
i5 4670
Kingston hyperx 8gb 1600
asus z87-c motherboard
asus r9 270x dcIIt
OS Windows 7 64 ultimate
and I got BSoD randomly(7 times) when computer is in standby(just turned on,nothing working on it) and when I download something using yTorrent(this happened once).I never got BSoD when I was using internet or playing games.
Minidump:
122613-38813-01.dmp 26.12.2013 20:25:47 INTERNAL_POWER_ERROR 0x000000a0 00000000`00000009 ffffffff`c0000001 00000000`00000001 00000000`00000000 ntoskrnl.exe ntoskrnl.exe+75bc0 NT Kernel & System Microsoft®
Windows® Operating System Microsoft Corporation 6.1.7601.18247 (win7sp1_gdr.130828-1532) x64 ntoskrnl.exe+75bc0 C:\Windows\Minidump\122613-38813-01.dmp 4 15 7601 276.840 26.12.2013
20:52:35
010114-30435-01.dmp 1.1.2014 4:29:17 INTERNAL_POWER_ERROR 0x000000a0 00000000`00000009 ffffffff`c0000001 00000000`00000001 00000000`00000000 ntoskrnl.exe ntoskrnl.exe+75bc0 NT Kernel & System Microsoft®
Windows® Operating System Microsoft Corporation 6.1.7601.18247 (win7sp1_gdr.130828-1532) x64 ntoskrnl.exe+75bc0 C:\Windows\Minidump\010114-30435-01.dmp 4 15 7601 276.840 1.1.2014
12:52:26
010214-30685-01.dmp 2.1.2014 19:31:32 INTERNAL_POWER_ERROR 0x000000a0 00000000`00000009 ffffffff`c0000001 00000000`00000001 00000000`00000000 ntoskrnl.exe ntoskrnl.exe+75bc0 NT Kernel & System Microsoft®
Windows® Operating System Microsoft Corporation 6.1.7601.18247 (win7sp1_gdr.130828-1532) x64 ntoskrnl.exe+75bc0 C:\Windows\Minidump\010214-30685-01.dmp 4 15 7601 276.840 2.1.2014
19:45:16
010714-30747-01.dmp 7.1.2014 14:57:30 INTERNAL_POWER_ERROR 0x000000a0 00000000`00000009 ffffffff`c0000001 00000000`00000001 00000000`00000000 ntoskrnl.exe ntoskrnl.exe+75bc0 NT Kernel & System Microsoft®
Windows® Operating System Microsoft Corporation 6.1.7601.18247 (win7sp1_gdr.130828-1532) x64 ntoskrnl.exe+75bc0 C:\Windows\Minidump\010714-30747-01.dmp 4 15 7601 276.840 7.1.2014
15:00:33
010714-30498-01.dmp 7.1.2014 16:19:12 INTERNAL_POWER_ERROR 0x000000a0 00000000`00000009 ffffffff`c0000001 00000000`00000001 00000000`00000000 ntoskrnl.exe ntoskrnl.exe+75bc0 NT Kernel & System Microsoft®
Windows® Operating System Microsoft Corporation 6.1.7601.18247 (win7sp1_gdr.130828-1532) x64 ntoskrnl.exe+75bc0 C:\Windows\Minidump\010714-30498-01.dmp 4 15 7601 276.840 7.1.2014
16:39:58
011014-32105-01.dmp 10.1.2014 15:35:46 INTERNAL_POWER_ERROR 0x000000a0 00000000`00000009 ffffffff`c0000001 00000000`00000001 00000000`00000000 ntoskrnl.exe ntoskrnl.exe+75bc0 NT Kernel & System Microsoft®
Windows® Operating System Microsoft Corporation 6.1.7601.18247 (win7sp1_gdr.130828-1532) x64 ntoskrnl.exe+75bc0 C:\Windows\Minidump\011014-32105-01.dmp 4 15 7601 276.840 10.1.2014
15:39:57
I checked ram using windows diagnostic tool,no errors were found.
Plz help to solve this problem!Your problem lies in the implications arising from these details.
[Drives]
Item Value
Drive C:
Description Local Fixed Disk
File System NTFS
Size 59,90 GB (64.319.647.744 bytes)
Free Space 13,51 GB (14.509.522.944 bytes)
Drive D:
Description Local Fixed Disk
File System NTFS
Size 172,88 GB (185.632.550.912 bytes)
Free Space 18,94 GB (20.333.670.400 bytes)
Your C partition (drive) is too small, except there may be solutions that could help without resizing the partition. You need more free disk space on both partitions.
The free disk space on your D partition needs to be increased from 19gb to 50gb. You need to remove files equal to 30gb from the partition either by moving them to external media or by deleting them. Another option might be to
add an extra internal drive, if that is physically feasible. Alternatively buy a larger hard drive and reinstall your system.
To increase your free disk space on C, type Disk CleanUp in the Search Box above the Start Button and press the ENTER key. Click on OK and after the space calculation you will see a window with a list of Files to delete. Use
the scroll bar to the right of the window to see the entries further down the list. Check the boxes before Service Pack BackUp Files and Windows Update CleanUp and click on OK
http://www.sevenforums.com/tutorials/122262-windows-7-sp1-disk-cleanup-tool.html
The Service Pack BackUp Files and Windows Update CleanUp options can produce significant reductions in disk space used. When you have run Disk CleanUp please let me know how much the free disk space has become.
Hope this helps, Gerry -
Wdf01000.sys BSOD on shutdown after imaging
We have SCCM 2012 R2 and Dell. Using the latest combo drivers on Dell, imaging Win7 x86/x64.
I've been seeing BSOD on shutdown on almost all desktops/laptops. They don't BSOD every time, maybe 20-30% of the time on 5-10% of all desktops/laptops.
Dump is below.
Microsoft (R) Windows Debugger Version 6.3.9600.17298 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\katiecc\Downloads\e7440_111214-8330-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18526.amd64fre.win7sp1_gdr.140706-1506
Machine Name:
Kernel base = 0xfffff800`0305f000 PsLoadedModuleList = 0xfffff800`032a2890
Debug session time: Wed Nov 12 13:49:33.070 2014 (UTC - 8:00)
System Uptime: 0 days 0:07:08.907
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
* Bugcheck Analysis *
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, fffff88000ec6cce, fffff8800a993308, fffff8800a992b60}
*** WARNING: Unable to verify timestamp for TeeDriverx64.sys
*** ERROR: Module load completed but symbols could not be loaded for TeeDriverx64.sys
Probably caused by : TeeDriverx64.sys ( TeeDriverx64+fc0d )
Followup: MachineOwner
3: kd> !analyze -v
* Bugcheck Analysis *
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff88000ec6cce, The address that the exception occurred at
Arg3: fffff8800a993308, Exception Record Address
Arg4: fffff8800a992b60, Context Record Address
Debugging Details:
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
Wdf01000!FxIoQueue::CancelForQueue+252
fffff880`00ec6cce 4c897038 mov qword ptr [rax+38h],r14
EXCEPTION_RECORD: fffff8800a993308 -- (.exr 0xfffff8800a993308)
ExceptionAddress: fffff88000ec6cce (Wdf01000!FxIoQueue::CancelForQueue+0x0000000000000252)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: 0000000000000038
Attempt to write to address 0000000000000038
CONTEXT: fffff8800a992b60 -- (.cxr 0xfffff8800a992b60;r)
rax=0000000000000000 rbx=fffffa800cb2de50 rcx=fffffa80109c1500
rdx=0000000075657500 rsi=0000000000000000 rdi=fffffa80109c14a0
rip=fffff88000ec6cce rsp=fffff8800a993540 rbp=fffffa8010a59d30
r8=0000000000001000 r9=fffff88000e45160 r10=000000000000000c
r11=0000000000000000 r12=fffff88000edad40 r13=0000000000000301
r14=0000000000000000 r15=0000000000000001
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
Wdf01000!FxIoQueue::CancelForQueue+0x252:
fffff880`00ec6cce 4c897038 mov qword ptr [rax+38h],r14 ds:002b:00000000`00000038=????????????????
Last set context:
rax=0000000000000000 rbx=fffffa800cb2de50 rcx=fffffa80109c1500
rdx=0000000075657500 rsi=0000000000000000 rdi=fffffa80109c14a0
rip=fffff88000ec6cce rsp=fffff8800a993540 rbp=fffffa8010a59d30
r8=0000000000001000 r9=fffff88000e45160 r10=000000000000000c
r11=0000000000000000 r12=fffff88000edad40 r13=0000000000000301
r14=0000000000000000 r15=0000000000000001
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
Wdf01000!FxIoQueue::CancelForQueue+0x252:
fffff880`00ec6cce 4c897038 mov qword ptr [rax+38h],r14 ds:002b:00000000`00000038=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000001
EXCEPTION_PARAMETER2: 0000000000000038
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff8000330c100
GetUlongFromAddress: unable to read from fffff8000330c1c0
0000000000000038 Nonpaged pool
FOLLOWUP_IP:
TeeDriverx64+fc0d
fffff880`05117c0d ?? ???
BUGCHECK_STR: 0x7E
DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE
ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre
LAST_CONTROL_TRANSFER: from fffff88000ec665b to fffff88000ec6cce
STACK_TEXT:
fffff880`0a993540 fffff880`00ec665b : fffffa80`109c14a0 fffff880`0a993600 00000000`00000000 fffffa80`109c14a0 : Wdf01000!FxIoQueue::CancelForQueue+0x252
fffff880`0a9935b0 fffff880`00eb33d3 : 00000000`00000000 fffffa80`109c14a0 0000057f`ef63eb58 00000000`00001003 : Wdf01000!FxIoQueue::QueuePurge+0x28f
fffff880`0a993630 fffff880`05117c0d : fffffa80`109c14a0 fffffa80`109912d0 fffff880`0511c028 fffff880`0511c028 : Wdf01000!imp_WdfIoQueuePurge+0x10b
fffff880`0a993690 fffffa80`109c14a0 : fffffa80`109912d0 fffff880`0511c028 fffff880`0511c028 fffffa80`109901e0 : TeeDriverx64+0xfc0d
fffff880`0a993698 fffffa80`109912d0 : fffff880`0511c028 fffff880`0511c028 fffffa80`109901e0 fffff880`00e64e1a : 0xfffffa80`109c14a0
fffff880`0a9936a0 fffff880`0511c028 : fffff880`0511c028 fffffa80`109901e0 fffff880`00e64e1a fffffa80`109912d0 : 0xfffffa80`109912d0
fffff880`0a9936a8 fffff880`0511c028 : fffffa80`109901e0 fffff880`00e64e1a fffffa80`109912d0 fffff880`0510f0d8 : TeeDriverx64+0x14028
fffff880`0a9936b0 fffffa80`109901e0 : fffff880`00e64e1a fffffa80`109912d0 fffff880`0510f0d8 fffffa80`109912d0 : TeeDriverx64+0x14028
fffff880`0a9936b8 fffff880`00e64e1a : fffffa80`109912d0 fffff880`0510f0d8 fffffa80`109912d0 00000000`00000000 : 0xfffffa80`109901e0
fffff880`0a9936c0 fffff880`00e58288 : fffffa80`109901e0 00000000`00000000 00000000`00000005 fffff880`0a9937d8 : Wdf01000!FxPkgPnp::NotifyResourceObjectsDx+0x4a
fffff880`0a993730 fffff880`00e64e99 : 00000000`00000000 fffff880`0a9938b0 fffff880`00edb200 fffffa80`109901e0 : Wdf01000!FxPkgPnp::PowerGotoDxIoStopped+0x120
fffff880`0a993780 fffff880`00e5b0f8 : 00000000`0000031c fffff880`0a9938b0 00000000`ffff7fff fffffa80`109901e0 : Wdf01000!FxPkgPnp::PowerGotoDNotZeroIoStopped+0x9
fffff880`0a9937b0 fffff880`00e5ada6 : fffff880`00edb1c0 fffffa80`10990398 fffffa80`109901e0 fffffa80`109901e0 : Wdf01000!FxPkgPnp::PowerEnterNewState+0x1d8
fffff880`0a993910 fffff880`00e5b627 : 00000000`00000000 fffff880`0a9939f0 fffffa80`10990380 fffffa80`109901e0 : Wdf01000!FxPkgPnp::PowerProcessEventInner+0x13e
fffff880`0a993980 fffff880`00e65dd3 : 00000000`00000000 fffffa80`109901e0 00000000`00000000 00000000`00000000 : Wdf01000!FxPkgPnp::PowerProcessEvent+0x1b3
fffff880`0a993a20 fffff880`00e476f2 : 00000000`00000002 0000057f`ef66efd8 fffffa80`109a8bb0 fffffa80`12b46402 : Wdf01000!FxPkgFdo::DispatchDeviceSetPower+0x117
fffff880`0a993a70 fffff880`00e4679a : fffffa80`12b46410 fffffa80`12b46410 fffffa80`12b46410 00000000`00000000 : Wdf01000!FxPkgPnp::Dispatch+0x2aa
fffff880`0a993ad0 fffff880`00e46866 : fffffa80`12b46410 00000000`00000000 fffffa80`109a8bb0 fffffa80`109a8bb0 : Wdf01000!FxDevice::Dispatch+0x19a
fffff880`0a993b10 fffff800`031f0eb5 : 00000000`00000001 00000000`00000000 fffffa80`109a8bb0 fffffa80`12b464b8 : Wdf01000!FxDevice::DispatchWithLock+0xa6
fffff880`0a993b50 fffff800`0337073a : ffffffff`fa0a1f00 fffffa80`1235ab50 00000000`00000080 fffff8a0`00000002 : nt!PopIrpWorker+0x3c5
fffff880`0a993c00 fffff800`030c58e6 : fffff800`0324fe80 fffffa80`1235ab50 fffffa80`13004b50 fffffa80`13b9f010 : nt!PspSystemThreadStartup+0x5a
fffff880`0a993c40 00000000`00000000 : fffff880`0a994000 fffff880`0a98e000 fffff880`0a9932e0 00000000`00000000 : nt!KxStartSystemThread+0x16
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: TeeDriverx64+fc0d
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: TeeDriverx64
IMAGE_NAME: TeeDriverx64.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 51d31e10
STACK_COMMAND: .cxr 0xfffff8800a992b60 ; kb
FAILURE_BUCKET_ID: X64_0x7E_TeeDriverx64+fc0d
BUCKET_ID: X64_0x7E_TeeDriverx64+fc0d
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x7e_teedriverx64+fc0d
FAILURE_ID_HASH: {c079e5d7-83f0-230c-5936-8e6123aa32cd}
Followup: MachineOwnerHi,
>> *** WARNING: Unable to verify timestamp for TeeDriverx64.sys
>> *** ERROR: Module load completed but symbols could not be loaded for TeeDriverx64.sys
>> Probably caused by : TeeDriverx64.sys ( TeeDriverx64+fc0d )
I suspect the BSOD is caused by Intel(R) Management Engine Interface (c:\windows\system32\drivers\teedriverx64.sys).
Uninstall it and make sure TeeDriverx64.sys is deleted.
Restart machine several times.
After restart, windows will auto configure the appropriate native system driver.
Reference:
Please help keep getting BSOD aiming to wdf01000.sys error
http://answers.microsoft.com/en-us/windows/forum/windows_7-system/please-help-keep-getting-bsod-aiming-to/1e5f7c9b-1dd3-4423-8dfb-37d4b37b995a
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.
Maybe you are looking for
-
Wacky WPA Enterprise Issue: iPhone connects, Mac does not
At work where we have wired and wireless networks. My MacBook Pro is connected via ethernet and my iPhone through our WPA2 Enterprise wireless network. Getting the iPhone on the wireless network was easy! Just added my user name and password and conn
-
Play Count / Last Played inconsistencies
I have a smart playlist that simply shows all music that I've never played. I set this up to simply show music where Plays=0. I've noticed recently that music I know I've listened to is still in the playlist, looking at the screenshot below you can s
-
Revision: 4793 Author: [email protected] Date: 2009-02-02 11:20:06 -0800 (Mon, 02 Feb 2009) Log Message: Fix bug SDK-17734 Path with width and height set different than path data has incorrect bounds Fix: When calculating the bounds position we shoul
-
Yosemite and login with iCloud password
If I change my password on https://appleid.apple.com when it should be usable for login on iMac/MacBook? All my systems see that password got changed and System Preferences->iCloud requests new password after while. However after two days I still ha
-
hi, is there a way to find the levels of hierarchy in a generic XML, i mean a way to find root, its children, their children ..... thx in advance