Sedgwick_County
asked on
Debugging Print Spooler Crash
I have a 2008 R2 terminal server that's part of an RDS farm. All 3 servers match including the print drivers. However, I was experiencing issues with a print driver crashing the print spooler multiple times. I've removed all of the drivers on this server except for Window Easy Print driver and the spooler is now stable again.
I would like to see which driver was causing the spooler to crash from the mini dump file that was created. However, I don't believe my symbols are set correctly in WinDBG. I get the following message when opening my:
Any help would be greatly appreciated.
I would like to see which driver was causing the spooler to crash from the mini dump file that was created. However, I don't believe my symbols are set correctly in WinDBG. I get the following message when opening my:
Microsoft (R) Windows Debugger Version 6.2.9200.20512 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\sbrant\Desktop\appcrash\Ap pCrash_spo olsv.exe_1 29078eb3aa a9307adeaa eabe608a68 3638f64_ca b_86c8a83d \WERA064.t mp.mdmp]
User Mini Dump File: Only registers, stack and portions of memory are available
Symbol search path is: SRV*c:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Version 7601 (Service Pack 1) MP (24 procs) Free x64
Product: Server, suite: Enterprise TerminalServer
Machine Name:
Debug session time: Wed Aug 7 15:47:02.000 2013 (UTC - 5:00)
System Uptime: 1 days 16:43:01.567
Process Uptime: 0 days 0:55:44.000
.................................... .......... .......... ........
.................................... .......... .........
Loading unloaded module list
.................................... .......... .......... ........
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(7e18.13cc): Access violation - code c0000005 (first/second chance not available)
ntdll!NtWaitForMultipleObjects+0xa:
00000000`77c718ca c3 ret
Any help would be greatly appreciated.
Upload the dmp file for analysis
Ded9
Ded9
One of the best and full proof TechNet article for Print spooler troubleshooting :
http://blogs.technet.com/b/perfguru/archive/2008/08/06/print-spooler-crash-troubleshooting-steps.aspx
This article include print hive cleaning which is a process of removing all the 3rd party print driver ,monitor and processor.
The basic error of c0000005 is called as access violation error which means in the virtual memory address your spooler services has exceeded its limit or memory manager some how provided the virtual memory address of spooler to any other process.
Did you tried "Print driver Isolation" , this feature is available in Windows 7 and Windows2008 R2 , which gives a privilege to each driver can either run in isolated manner or in shared mode as well . So if any this spooler service is crashing because of a driver than in this it will crash the Printisolationhost.exe rather than spooler and the driver used by the printer will not work at that time however your spooler service will cater other printers request.
Details regarding this can be found at the following link :-
http://blogs.technet.com/b/askperf/archive/2009/10/08/windows-7-windows-server-2008-r2-print-driver-isolation.aspx
http://blogs.technet.com/b/perfguru/archive/2008/08/06/print-spooler-crash-troubleshooting-steps.aspx
This article include print hive cleaning which is a process of removing all the 3rd party print driver ,monitor and processor.
The basic error of c0000005 is called as access violation error which means in the virtual memory address your spooler services has exceeded its limit or memory manager some how provided the virtual memory address of spooler to any other process.
Did you tried "Print driver Isolation" , this feature is available in Windows 7 and Windows2008 R2 , which gives a privilege to each driver can either run in isolated manner or in shared mode as well . So if any this spooler service is crashing because of a driver than in this it will crash the Printisolationhost.exe rather than spooler and the driver used by the printer will not work at that time however your spooler service will cater other printers request.
Details regarding this can be found at the following link :-
http://blogs.technet.com/b/askperf/archive/2009/10/08/windows-7-windows-server-2008-r2-print-driver-isolation.aspx
ASKER
RustyMusty, thanks for the links. I hadn't seen the first one you posted in regards to spooler troubleshooting.
I did however see the last one you mention.
As part of my troubleshooting prior to me deleting all of the non-standard Microsoft drivers, processors, and monitors, I setup print driver isolation on my terminals servers through a domain GPO per the steps in this document. It seemed to slow down the spooler crashing on this one server but it still continued to occur. I made sure the policies were being applied and I could see the print isolation happening in the task manager so I know it was working. But after it continued to crash I decided to delete all the non-standard Microsoft drivers on there and let users just go through the Windows Easy Print driver. It's been stable since but some desktop printers won't work through the Easy Print driver. It looks like these desktop printers were never meant to work in an Enterprise environment on a terminal server so I'm not worried about them. I'm going to force those users to get new printers.
I've never used WinDBG before. Do you think that it's reading the mini dump file correctly with the symbols it has? I used the following symbol path in WinDBG to download the current symbols:
I did however see the last one you mention.
As part of my troubleshooting prior to me deleting all of the non-standard Microsoft drivers, processors, and monitors, I setup print driver isolation on my terminals servers through a domain GPO per the steps in this document. It seemed to slow down the spooler crashing on this one server but it still continued to occur. I made sure the policies were being applied and I could see the print isolation happening in the task manager so I know it was working. But after it continued to crash I decided to delete all the non-standard Microsoft drivers on there and let users just go through the Windows Easy Print driver. It's been stable since but some desktop printers won't work through the Easy Print driver. It looks like these desktop printers were never meant to work in an Enterprise environment on a terminal server so I'm not worried about them. I'm going to force those users to get new printers.
I've never used WinDBG before. Do you think that it's reading the mini dump file correctly with the symbols it has? I used the following symbol path in WinDBG to download the current symbols:
SRV*c:\Symbols*http://msdl.microsoft.com/download/symbols
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I know the windows registry entries will be different on a server but the following may give you an idea of where to look in the registry for these files:
Remove the following registry entries
Click Start, then click Run on Windows XP machines or just start typing. Type Regedit
Win XP 32 bit systems
HKEY_LOCAL_MACHINE/SYSTEM/
Windows 7 64 bit choose Windows x64 instead of Windows NT X86 in the above pathway.
Other registry entries you may delete as well.
HKLM/Sys /CurrentControlSet / Control / Print / Printers / (delete entries for your model of printer)
HK_Users / .Default / Software / (look for your manufacturer of the printer and delete entries)
HKLM /Software / (look for your manufacturer of the printer and delete entries)
Exit out of the regedit application after deleting the registry entries.