NMir
asked on
Dump file results Analysis for error 0x0000004e
Have Dell PowerEdge 2850, with Windows 2003 Server, Standard Edition with Service Pack 1 Installed. This server is used basically as a File server. Very Frequently the Server restarts by itself.
Last time this happened, captured the Even log entry which is as follows.
Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 28/11/2007
Time: 18:12:36
User: N/A
Computer: FILESVR
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000009a, 0x0000812c, 0x00000006, 0x00000002). A dump was saved in: C:\WINDOWS\MEMORY.DMP.
Executed Dumpchk.exe to do Analysis for the same and now confused what to look for in the output of analysis.
Pl. guide how to locate the error.
thanks for reading and helping out.
Last time this happened, captured the Even log entry which is as follows.
Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 28/11/2007
Time: 18:12:36
User: N/A
Computer: FILESVR
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000009a, 0x0000812c, 0x00000006, 0x00000002). A dump was saved in: C:\WINDOWS\MEMORY.DMP.
Executed Dumpchk.exe to do Analysis for the same and now confused what to look for in the output of analysis.
Pl. guide how to locate the error.
thanks for reading and helping out.
Output of dumpchk Analysis.
----- 32 bit Kernel Summary Dump Analysis
DUMP_HEADER32:
MajorVersion 0000000f
MinorVersion 00000ece
DirectoryTableBase 7fba6020
PfnDataBase 81400000
PsLoadedModuleList 808a6ea8
PsActiveProcessHead 808ad0c8
MachineImageType 0000014c
NumberProcessors 00000004
BugCheckCode 0000004e
BugCheckParameter1 0000009a
BugCheckParameter2 0000812c
BugCheckParameter3 00000006
BugCheckParameter4 00000002
PaeEnabled 00000001
KdDebuggerDataBlock 808943e0
SUMMARY_DUMP32:
DumpOptions 504d4453
HeaderSize 00012000
BitmapSize 0007ffc0
Pages 0000be59
Bitmap.SizeOfBitMap 0007ffc0
KiProcessorBlock at 808a6220
4 KiProcessorBlock entries:
ffdff120 f7727120 f772f120 f7737120
Windows XP Kernel Version 3790 (Service Pack 1) MP (4 procs) Free x86 compatible
Built by: 3790.srv03_sp1_gdr.070304-2232
Kernel base = 0x80800000 PsLoadedModuleList = 0x808a6ea8
Debug session time: Wed Nov 28 18:10:31 2007
System Uptime: 2 days 8:45:12
start end module name
80800000 80a53000 nt Checksum: FFFFFFFF Timestamp: unavailable (FFFFFFFE)
Unloaded modules:
b5818000 b586e000 wlbs.sys Timestamp: Mon Nov 26 09:26:51 2007 (474A915B)
b9b5b000 b9b69000 imapi.sys Timestamp: Mon Nov 26 09:26:34 2007 (474A914A)
b977e000 b9786000 Sfloppy.SYS Timestamp: Mon Nov 26 09:26:34 2007 (474A914A)
Finished dump check
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Running dumpcheck on the dump will not help us determine the cause of the issue. All that it does is verifies the integrity of the dump and that a memory dump file has been created correctly
http://support.microsoft.com/kb/315271 - How to Use Dumpchk.exe to Check a Memory Dump File
http://support.microsoft.com/kb/315271 - How to Use Dumpchk.exe to Check a Memory Dump File
As per Microsoft:
========
This error is typically caused by a driver passing a bad memory descriptor list. For example, the driver might have called MmUnlockPages twice with the same list.
If a kernel debugger is available, examine the stack trace.
=========
In our scenaro, the first parameter of the bugcheck is 0x0000009a which means:
A driver attempted to free a page that is still locked for IO.
Follow the guide in the link that I pointed out earlier to download and configure windbg and that will help you find out the culprit driver.
========
This error is typically caused by a driver passing a bad memory descriptor list. For example, the driver might have called MmUnlockPages twice with the same list.
If a kernel debugger is available, examine the stack trace.
=========
In our scenaro, the first parameter of the bugcheck is 0x0000009a which means:
A driver attempted to free a page that is still locked for IO.
Follow the guide in the link that I pointed out earlier to download and configure windbg and that will help you find out the culprit driver.
http://forums.majorgeeks.com/showthread.php?t=35246 - HOW TO: Debug Memory Dumps (Figure out what is causing a BSOD)
Load the dump in windbg and un the !analyze -v command and paste the results that u get over here.