Question

Windows 2003 Server Enterprise X64 randomly reboots.

Asked by: nstd-sts

We've got a fairly new Dell 2950 running 2003 with SQL 2005 server that's reboots during the day without warning.  It'd going down hard enough that it's not really leaving anything in the event logs before it reboots.  It is doing a save dump though.
-----------------------------------------
Event Type:      Information
Event Source:      Save Dump
Event Category:      None
Event ID:      1001
Date:            4/26/2007
Time:            12:12:13 PM
User:            N/A
Computer:      XXXXXXXXSQL01
Description:
The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000007e (0xffffffffc0000005, 0x0000000000000000, 0xfffffadf23ad0b80, 0xfffffadf23ad0590). A dump was saved in: C:\WINDOWS\MEMORY.DMP.
-----------------------------------------
The only other indication that's something's not right is this.
-----------------------------------------
Event Type:      Error
Event Source:      adpu160m
Event Category:      None
Event ID:      11
Date:            4/26/2007
Time:            12:12:26 PM
User:            N/A
Computer:      NSTDSTLSQL01
Description:
The driver detected a controller error on \Device\Scsi\adpu160m1.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0f 00 10 00 01 00 6a 00   ......j.
0008: 00 00 00 00 0b 00 04 c0   .......À
0010: 24 50 00 c1 00 00 00 00   $P.Á....
0018: 01 00 00 00 00 00 00 00   ........
0020: 00 00 00 00 00 00 00 00   ........
0028: 00 00 00 00 01 00 00 00   ........
0030: 00 00 00 00 05 00 00 00   ........
----------------------------------------------
The system has two PERC 5's, one onboard for the boot drives and one added in to control an MD1000.  The above error is on a 39160 that's hooked to a tape backup library.

The box just went live and we're a bit stumped.

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2007-04-27 at 03:36:40ID22538022
Tags

2003

,

0x0000007e

,

windows

,

server

Topics

Operating Systems Miscellaneous

,

Windows 2003 Server

Participating Experts
3
Points
500
Comments
22

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Backup Exec Tapes are randomly switching to Not appenda…
    Backup Exec Version 10, Server 2003, using DLT Tapes Recently, tapes are getting full, and while the jobs are set up to append media (Infinite, Allow Append). Tapes are registering as full, and won't overwrite. So my backups are failing. I searched the forums here and cou...
  2. New dell array disappearing from drive list (220s with p…
    Ok, I just installed a used powervault 220s with a perc4/dc controller card in a server running 64bit 2003 enterprise. I had a 210s in there as well and it worked fine. I'm not sure which controller card I was using for that array, I think it may have been an adaptec. In a...
  3. Migrating a RAID array from a PERC 4/DC to a PERC 4e/DC
    I have a Dell PE2850 with two PV220s connected to a PERC 4/DC. There are 14 300 GB drives in each PV. I have 4 RAID 5 arrays of 7 drives each. Back up is to an HP LTO-3 tape drive. I would like to use the Dell LTO-4-120 drive, which comes with an SAS PCIe controller card. De...
  4. Perc 5/i and Ultra2 SCSI Tape Drive?
    I'm installing Windows Server 2003 on a Dell PowerEdge 840. It came with an internal Perc 5/i card that has two SFF8484 connectors. One connector controls three SATA drives in a Raid 5 config. I'm trying to re-use a Quantum DAT 72 tape drive that has a SCSI Ultra2 connector....
  5. Computer randomly shutting off
    My computer keeps shutting off randomly. It seems to have been working all week just fine. I didn't install any new software or hardware either so I'm thinking it is a hardware issue. The computer shuts off about 15 mins after I'm using it, especially when I'm playing World...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: mfaisalPosted on 2007-04-27 at 03:48:04ID: 18987787

well had u try the pathc for server restarrt problem from microsoft site
WindowsServer2003-KB889101-SP1-x86-ENU.exe
WindowsServer2003-KB824146-x86-ENU.exe
i think u try to install these pathces.
otherwise. there might be a problem with ur booting harddrive it might had a bad zero sector problem.and i wount be solved by simply chkdsk or scanning,
if the problem is solved then do remove the dmp file from the location where it is saved cause it will slow ur server.
T.C

 

by: mpfisterPosted on 2007-04-27 at 03:49:30ID: 18987792

First of all set the server to "not automatically reboot". This gives you a chance to see more than just the bugcheck code.

Right click "My computer", go to the "Advanced" tab, select settings under "startup and recovery", untick "automatically restart".

Next time your bug hits you'll see some more info. Normally, the first dirver/dll listed is the culprit. If its a device dirver try to upgrade this driver.
If it doesn't help you need to analyze the dump, which is a bit complicated.

 

by: mpfisterPosted on 2007-04-27 at 03:55:50ID: 18987809

You can also switch to use to write just a small memory dump file. It is a bit easier to analyze. See here: http://support.microsoft.com/kb/315263/en-us

 

by: nstd-stsPosted on 2007-04-27 at 03:56:12ID: 18987811

mfaisal: thanks, system is x64 and has sp2 installed

mpfister: thanks, I've forgot about that, I've got it set to not reboot, if history serves us it should drop right around noon.

 

by: dimantePosted on 2007-04-27 at 05:07:16ID: 18988114

You should analyze the memory.dmp with Windows Debugging Tools:

http://www.microsoft.com/whdc/devtools/debugging/default.mspx

This will tell you exactly what is on the stack on shutdown and give you a step in the right direction.  If you are using Symantec Antivirus on the server symevent.sys may be at fault 87)

As far as use of the debugging tool:

You would run WinDbg and select file > open a crash dump.  Point explorer to %systemroot%\MEMORY.DMP

It will process for a bit then you issue the command:

analyze -v

More processing will occur with the end result being what it finds as the most likely cause of the error.  Please post the output here so I can help you further 8)

-D-

 

by: nstd-stsPosted on 2007-04-27 at 05:25:48ID: 18988283

dimante: Didn't like something:

BEGIN------------------------------------------------------------------------------------------
Microsoft (R) Windows Debugger  Version 6.7.0005.0
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\nstd-harmajm1\Desktop\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path.           *
* Use .symfix to have the debugger choose a symbol path.                   *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                   *
* The Symbol Path can be set by:                                    *
*   using the _NT_SYMBOL_PATH environment variable.                 *
*   using the -y <symbol_path> argument when starting the debugger. *
*   using .sympath and .sympath+                                    *
*********************************************************************
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntkrnlmp.exe -
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs) Free x64
Product: Server, suite: Enterprise TerminalServer
Built by: 3790.srv03_sp2_rtm.070216-1710
Kernel base = 0xfffff800`01000000 PsLoadedModuleList = 0xfffff800`011d5100
Debug session time: Thu Apr 26 12:09:33.062 2007 (GMT-4)
System Uptime: 1 days 20:14:42.718
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                   *
* The Symbol Path can be set by:                                    *
*   using the _NT_SYMBOL_PATH environment variable.                 *
*   using the -y <symbol_path> argument when starting the debugger. *
*   using .sympath and .sympath+                                    *
*********************************************************************
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntkrnlmp.exe -
Loading Kernel Symbols
........................................................................................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 000007ff`fffd5018).  Type ".hh dbgerr001" for details
Loading unloaded module list
..........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7E, {ffffffffc0000005, 0, fffffadf23ad0b80, fffffadf23ad0590}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!KPRCB                                      ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!KPRCB                                      ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*** ERROR: Module load completed but symbols could not be loaded for rdpdr.sys
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for termdd.sys -
*** ERROR: Module load completed but symbols could not be loaded for RDPWD.SYS
*** ERROR: Module load completed but symbols could not be loaded for TDTCP.SYS
Probably caused by : rdpdr.sys ( rdpdr+1d6ff )
END--------------------------------------------------------------------------------------------

On ms's site it appeared that I could install the 32 bit version on another system and use it to analyze the 64 bit dumps.  Is that a bad idea?  I can, if necessary install the 64 bit on the problem system and do the debugging there.

 

by: dimantePosted on 2007-04-27 at 05:40:37ID: 18988391

You have to add this.. Sorry, as a programmer I sometimes forget this can be confusing:

In WinDbg go to File > Symbol File Path and put the following in the box:

SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols

Once you add that it should get down to business :-)

-D-

 

by: dimantePosted on 2007-04-27 at 05:41:32ID: 18988395

And you will type:

!analyze -v

Once it gets done with the initial load.

 

by: nstd-stsPosted on 2007-04-27 at 05:47:41ID: 18988441

dimante: yeah, I googled around and told it to get the symbols and put them in c:\symbols.  here's the return

BEGIN-------------------------------------------------------------------------------
Microsoft (R) Windows Debugger  Version 6.7.0005.0
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\nstd-harmajm1\Desktop\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs) Free x64
Product: Server, suite: Enterprise TerminalServer
Built by: 3790.srv03_sp2_rtm.070216-1710
Kernel base = 0xfffff800`01000000 PsLoadedModuleList = 0xfffff800`011d5100
Debug session time: Thu Apr 26 12:09:33.062 2007 (GMT-4)
System Uptime: 1 days 20:14:42.718
Loading Kernel Symbols
........................................................................................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 000007ff`fffd5018).  Type ".hh dbgerr001" for details
Loading unloaded module list
..........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7E, {ffffffffc0000005, 0, fffffadf23ad0b80, fffffadf23ad0590}

Probably caused by : rdpdr.sys ( rdpdr!RxLowIoCompletion+af )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: fffffadf23ad0b80, Exception Record Address
Arg4: fffffadf23ad0590, Context Record Address

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
+0
00000000`00000000 ??              ???

EXCEPTION_RECORD:  fffffadf23ad0b80 -- (.exr 0xfffffadf23ad0b80)
ExceptionAddress: 0000000000000000
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000008
   Parameter[1]: 0000000000000000
Attempt to execute non-executable address 0000000000000000

CONTEXT:  fffffadf23ad0590 -- (.cxr 0xfffffadf23ad0590)
rax=0000000000000000 rbx=fffffadf333bc010 rcx=fffffadf333bc010
rdx=fffffadf2758afc8 rsi=0000000000000000 rdi=fffffadf34952450
rip=0000000000000000 rsp=fffffadf23ad0da8 rbp=0000000000000000
 r8=0000000000000001  r9=0000000000000016 r10=002b241800000000
r11=0000000000000000 r12=fffffadf23ad0f10 r13=fffffadf35469010
r14=0000000000000000 r15=fffffadf34952450
iopl=0         nv up ei ng nz ac pe cy
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010293
00000000`00000000 ??              ???
Resetting default scope

DEFAULT_BUCKET_ID:  DRIVER_FAULT

PROCESS_NAME:  svchost.exe

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

WRITE_ADDRESS:  0000000000000000

FAILED_INSTRUCTION_ADDRESS:
+0
00000000`00000000 ??              ???

BUGCHECK_STR:  0x7E

LAST_CONTROL_TRANSFER:  from fffffadf2757b6ff to 0000000000000000

STACK_TEXT:  
fffffadf`23ad0da8 fffffadf`2757b6ff : 00000000`00000000 00000000`00000000 fffffadf`23ad0fc8 fffff800`011aa8fd : 0x0
fffffadf`23ad0db0 fffffadf`27572cb9 : fffffadf`00000000 fffffadf`333bc010 00000000`00000016 fffffadf`34952450 : rdpdr!RxLowIoCompletion+0xaf
fffffadf`23ad0df0 fffffadf`2756334f : fffffadf`354a27d0 fffffadf`35469010 fffffadf`23ad0f10 00000000`ffffffff : rdpdr!DrDevice::CompleteBusyExchange+0x99
fffffadf`23ad0e40 fffffadf`275731cc : 00000000`00000000 fffffa80`0809e000 00000000`00000016 fffffadf`35469028 : rdpdr!DrDrive::OnQueryFileInfoCompletion+0x46f
fffffadf`23ad0ec0 fffffadf`2756bfd6 : 00000000`00000024 fffffadf`23ad11a0 fffffadf`3653f6b0 00000000`00000000 : rdpdr!DrDevice::OnDeviceIoCompletion+0x28c
fffffadf`23ad0f90 fffffadf`2756df8c : fffffadf`36f36780 00000000`00000000 fffffadf`3653f420 fffffadf`3653f6c0 : rdpdr!DrExchangeManager::OnDeviceIoCompletion+0x116
fffffadf`23ad0ff0 fffffadf`2756dd86 : fffffadf`356aeae3 00000000`00000000 fffffadf`3653f420 fffffadf`356aea10 : rdpdr!DrSession::ReadCompletion+0x13c
fffffadf`23ad1050 fffff800`010251f6 : fffffadf`356aea10 00000000`0000002a 00000000`0000002a fffffadf`356aeae3 : rdpdr!DrSession::ReadCompletionRoutine+0x46
fffffadf`23ad1090 fffffadf`275055a7 : fffffadf`356aea10 00000000`00000002 00000000`00000000 00000000`0000002a : nt!IopfCompleteRequest+0x117
fffffadf`23ad1100 fffffadf`275052be : efcdab89`67452301 00000000`00000005 fffffadf`338aa62e fffffadf`338aa63a : termdd!IcaChannelInputInternal+0x2d7
fffffadf`23ad11b0 fffffadf`2387d03c : fffffadf`338aa63a 00000000`00000032 fffffa80`00d20900 fffffadf`338aa632 : termdd!IcaChannelInput+0x9e
fffffadf`23ad1200 fffffadf`238809af : fffffa80`00d20618 fffffadf`338aa627 00000000`00000032 fffffadf`338aa63a : RDPWD!WDW_OnDataReceived+0x2dc
fffffadf`23ad1260 fffffadf`238a5009 : 73d3d0a7`1125aa1e 0000fadf`238ac5fa fffffa80`00d20000 fffffa80`00d20000 : RDPWD!SM_MCSSendDataCallback+0x23f
fffffadf`23ad12d0 fffffadf`238a3a5b : fffffadf`338aa620 00000000`00000000 00000000`0000004c fffffa80`0ec2f010 : RDPWD!HandleAllSendDataPDUs+0x1e9
fffffadf`23ad1390 fffffadf`238a405d : 00000000`00000000 00000000`00000000 fffffadf`34dd7880 fffffadf`00000045 : RDPWD!MCSIcaRawInputWorker+0x3eb
fffffadf`23ad1410 fffffadf`27509640 : fffffadf`346bd800 00000000`00000000 fffffadf`34dd7880 fffffadf`34dd75a0 : RDPWD!MCSIcaRawInput+0x8d
fffffadf`23ad1470 fffffadf`267a69e5 : 00000000`00000000 fffffadf`338aa3e8 00000000`00000000 fffffadf`34dd75a0 : termdd!IcaRawInput+0x50
fffffadf`23ad14a0 fffffadf`2750a6aa : fffffadf`267a63a0 fffffadf`359126f0 fffffadf`34dd75a0 fffffadf`32965800 : TDTCP!TdInputThread+0x645
fffffadf`23ad1d40 fffff800`0124b972 : fffffadf`35cca530 00000000`00000080 fffffadf`35cca530 fffffadf`29883680 : termdd!IcaDriverThread+0x5a
fffffadf`23ad1d70 fffff800`010202d6 : fffffadf`2987b180 fffffadf`35cca530 fffffadf`29883680 00000000`00000001 : nt!PspSystemThreadStartup+0x3e
fffffadf`23ad1dd0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16


FOLLOWUP_IP:
rdpdr!RxLowIoCompletion+af
fffffadf`2757b6ff 3d160000c0      cmp     eax,0C0000016h

SYMBOL_STACK_INDEX:  1

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: rdpdr

IMAGE_NAME:  rdpdr.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  45d692ff

SYMBOL_NAME:  rdpdr!RxLowIoCompletion+af

STACK_COMMAND:  .cxr 0xfffffadf23ad0590 ; kb

FAILURE_BUCKET_ID:  X64_0x7E_NULL_IP_rdpdr!RxLowIoCompletion+af

BUCKET_ID:  X64_0x7E_NULL_IP_rdpdr!RxLowIoCompletion+af

Followup: MachineOwner
---------

END---------------------------------------------------------------------------------------

This is all new to me.

 

by: dimantePosted on 2007-04-27 at 05:55:24ID: 18988525

What service pack is installed of this server?
The file rdpdr.sys is a legitimate Windows file...  However Malware can hide itself as this file.  Are you using Antivirus Software on this system with updated definitions?

Also, have you run the Malicious software removal tool that MS sends out in updates?

Please let me know the answers to the above questions.  We are close to solving this issue.

-D-

 

by: nstd-stsPosted on 2007-04-27 at 06:02:48ID: 18988577

It's running symantec av 10.2.0.244, updates are 042207

I'm assuming that tool is on there (it's completely patched) but I've never used it.  Do you know where it lives?

 

by: dimantePosted on 2007-04-27 at 06:07:45ID: 18988610

Well with Symantec AV (I run it here too :-D) there are some things that don't get updated with the versions like symevent.sys But let's not start there.

Are you running SP2 on this server?

 

by: dimantePosted on 2007-04-27 at 06:08:18ID: 18988615

And what SQL service pack do you have installed?

 

by: nstd-stsPosted on 2007-04-27 at 06:15:11ID: 18988654

Server 2003 x64 sp2
I don't see a service pack listed in add/remove programs for sql so I assume it's at base level.

After looking around it looks like rpdr.sys is the resource redirector for remote desktop, I wonder if it's it's trying to force a kernel mode printer driver from one of the xp workstations onto the system.  Just a thought.

 

by: dimantePosted on 2007-04-27 at 06:38:16ID: 18988833

That is very possible. Is this server an application terminal server as well as a SQL server?  Or are you just administering it remotely?  SQL 2005 SP2 is out:

http://www.microsoft.com/downloads/details.aspx?FamilyId=d07219b2-1e23-49c8-8f0c-63fa18f26d3a&DisplayLang=en

I would suggest downloading that as well.  Take a look in the even logs for filed printer mapping attempts.  Let me know your findings.

If that indeed is what's happening block the installations entirely with this:

http://technet2.microsoft.com/windowsserver/en/library/447dad75-28f5-4e99-80f8-17ad2359ba661033.mspx?mfr=true


Hope this helps!

-D-

 

by: mpfisterPosted on 2007-04-27 at 06:42:52ID: 18988864

There is a good chance this is a bug introduced by SP2, so I think the next step is to call MS support and let them analyze the memory dump.

 

by: dimantePosted on 2007-04-27 at 07:05:03ID: 18989054

There is a remote possibility...  But that begs the question:

How long has the service pack been installed in relation to this issue.  If M$ will open a grace case because of the relation to the service pack, great.  But the main thing I hate about M$ is that they want $250 for a case to be opened, when in my 7 years of experience have never paid for an incident once (Because of refunds).  Anyway I am off my soapbox now.....  If you call M$ they will analyze your crash dump and as soon as you tell them SAV is installed they will immediately blame it, so you will have to stand strong on the fact that you think the service pack is to blame.  Let me know if you found any printer errors in the event viewer 8)

-D-

 

by: mpfisterPosted on 2007-04-27 at 07:22:33ID: 18989211

I agree, dimante. It doesn't really matter what 3rd party software is on the system. If there is a chance to blame it, MS will do it. On the other hand, if the system worked fine with SP1 and patches and shows this behaviour since SP2 got installed, I'd open a case.
My experience is that if the problem is a MS problem, the will not charge for it. Sometimes you have to insist a bit that your not going to pay for a MS problem ...

But of course if disabling printer mapping for terminal sessions solves the problem, fine!

 

by: nstd-stsPosted on 2007-04-27 at 07:32:59ID: 18989306

We're just remotely admin'ing it.  

We do see a huge swath of failed printer drivers at each remote login but I thought that was expected since it's a 64bit system being accessed by a 32bit xp box.

We did disable all local resource mapping except storage.

This system was built in late 2006, and server 2003 sp2 was added 033007, the system went production a few weeks ago, and it started faulting on 042407 and it's consistently failed each day since.

 

by: dimantePosted on 2007-04-27 at 08:38:59ID: 18989934

At this point I would make sure that the most recent symevent.sys file is installed then reboot and if the problem persists call MS since the server was not in production until after the SP was installed.  The symevent.sys will insure that sav is not contributing to your problems.

How to update symevent:

http://entkb.symantec.com/security/output/n1998092408260848.html

-D-

 

by: nstd-stsPosted on 2007-05-31 at 04:53:29ID: 19187157

Wow, I was out of the country for a few weeks and the box was fine while I was gone.  But yesterday it blew up again.  

thanks for the info dimante

 

by: dimantePosted on 2007-05-31 at 05:41:37ID: 19187459

Let me know if we can assist further.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...