We help IT Professionals succeed at work.
Get Started
Inetinfo.exe/IIS random crashes - IISState log included
Hi all,
I'm running a windows 2000 server machine with 40 websites online;
Inetinfo.exe keeps crashing - maybe 1-3 times a day, with no apparent
pattern. IISDebug shows different websites running almost every time
it crashes, so I can't find a pattern there either.
I've just discovered iisstate, and here is the first logfile; could
someone please tell me what I need to do to fix this urgently please?
Many thanks,
Paul
Opened log file 'F:\Admin\iisstate\output\
***********************
Starting new log output
IISState version 3.3.1
Mon Aug 02 05:00:33 2004
OS = Windows 2000
Executable: inetinfo.exe
PID = 2460
Note: Thread times are formatted as HH:MM:SS.ms
***********************
IIS has crashed...
Beginning Analysis
DLL (!FunctionName) that failed: ntdll!RtlpCoalesceFreeBloc
Thread ID: 19
System Thread ID: 8a8
Kernel Time: 0:0:1.843
User Time: 0:0:1.359
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 01c6fdc0 77fcc774 ntdll!RtlpCoalesceFreeBloc
01 01c6fe6c 7c5737b2 ntdll!RtlFreeHeap+0x142
02 01c6feb4 65f2911a KERNEL32!LocalFree+0x43
03 01c6fec0 65f272a9 w3svc!FILTER_POOL_ITEM::`s
destructor'+0x17
04 01c6fed0 65f1b21f w3svc!HTTP_FILTER::Cleanup
05 01c6fee0 65f2fb69 w3svc!HTTP_REQ_BASE::Sessi
06 01c6fee8 65f214b5 w3svc!HTTP_REQUEST::Sessio
07 01c6fefc 65f22230 w3svc!CLIENT_CONN::Reset+0
08 01c6ff08 65f2230c w3svc!CLIENT_CONN::Free+0x
09 01c6ff14 65f27db8 w3svc!W3Completion+0x54
0a 01c6ff3c 65f27afe w3svc!HTTP_FILTER::OnAtqCo
0b 01c6ff4c 6d701a22 w3svc!FilterAtqCompletion+
0c 01c6ff80 6d7029a6 ISATQ!AtqpProcessContext+0
0d 01c6ffb4 7c57438b ISATQ!AtqPoolThread+0x1a8
0e 01c6ffec 00000000 KERNEL32!BaseThreadStart+0
Closing open log file F:\Admin\iisstate\output\I
Opened log file 'F:\Admin\iisstate\output\
***********************
Starting new log output
IISState version 3.3.1
Mon Aug 02 05:00:34 2004
OS = Windows 2000
Executable: inetinfo.exe
PID = 2460
Note: Thread times are formatted as HH:MM:SS.ms
***********************
Thread ID: 0
System Thread ID: 9a0
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
Thread Type: Other
# ChildEBP RetAddr
00 0006f89c 7c5785d1 ntdll!ZwReadFile+0xb
01 0006f910 7c2e4cd9 KERNEL32!ReadFile+0x181
02 0006f93c 7c2e4b5f ADVAPI32!ScGetPipeInput+0x
03 0006f9b8 7c2e6632 ADVAPI32!ScDispatcherLoop+
04 0006fbf4 01002884 ADVAPI32!StartServiceCtrlD
05 0006fd30 01001e94 inetinfo!StartDispatchTabl
06 0006ff70 01002fbf inetinfo!main+0x654
07 0006ffc0 7c581af6 inetinfo!mainCRTStartup+0x
08 0006fff0 00000000 KERNEL32!BaseProcessStart+
Thread ID: 1
System Thread ID: 814
Kernel Time: 0:0:0.0
User Time: 0:0:0.31
Thread Type: Other
# ChildEBP RetAddr
00 0059fd1c 7c573b28 ntdll!ZwWaitForSingleObjec
01 0059fd44 7c573b50 KERNEL32!WaitForSingleObje
02 0059fd54 6e6f1685 KERNEL32!WaitForSingleObje
03 0059fd70 01002440 iisadmin!ServiceEntry+0x15
04 0059ffa4 7c2e4e9b inetinfo!InetinfoStartServ
05 0059ffb4 7c57438b ADVAPI32!ScSvcctrlThreadW+
06 0059ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 2
System Thread ID: 7d0
Kernel Time: 0:0:6.593
User Time: 0:0:4.187
Thread Type: Other
# ChildEBP RetAddr
00 006dfe5c 7c573c23 ntdll!ZwWaitForMultipleObj
01 006dfeac 77e119e6 KERNEL32!WaitForMultipleOb
02 006dff08 77e11ace USER32!MsgWaitForMultipleO
03 006dff24 6e5a5a7c USER32!MsgWaitForMultipleO
04 006dff7c 780085bc IisRTL!SchedulerWorkerThre
05 006dffb4 7c57438b MSVCRT!_endthreadex+0xc1
06 006dffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 3
System Thread ID: 81c
Kernel Time: 0:0:7.484
User Time: 0:0:3.687
Thread Type: Other
# ChildEBP RetAddr
00 0071fe5c 7c573c23 ntdll!ZwWaitForMultipleObj
01 0071feac 77e119e6 KERNEL32!WaitForMultipleOb
02 0071ff08 77e11ace USER32!MsgWaitForMultipleO
03 0071ff24 6e5a5a7c USER32!MsgWaitForMultipleO
04 0071ff7c 780085bc IisRTL!SchedulerWorkerThre
05 0071ffb4 7c57438b MSVCRT!_endthreadex+0xc1
06 0071ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 4
System Thread ID: 8c0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
No remote call being made
# ChildEBP RetAddr
00 0ab9ff74 77d359a3 ntdll!NtDelayExecution+0xb
01 0ab9ffa8 77d358d6 RPCRT4!BaseCachedThreadRou
02 0ab9ffb4 7c57438b RPCRT4!ThreadStartRoutine+
03 0ab9ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 5
System Thread ID: 360
Kernel Time: 0:0:0.140
User Time: 0:0:0.203
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
No remote call being made
# ChildEBP RetAddr
00 00e4fe24 77d37ba7 ntdll!ZwReplyWaitReceivePo
01 00e4ff74 77d37b4c RPCRT4!LRPC_ADDRESS::Recei
02 00e4ff78 77d359c3 RPCRT4!RecvLotsaCallsWrapp
03 00e4ffa8 77d358d6 RPCRT4!BaseCachedThreadRou
04 00e4ffb4 7c57438b RPCRT4!ThreadStartRoutine+
05 00e4ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 6
System Thread ID: 4e8
Kernel Time: 0:0:0.265
User Time: 0:0:0.187
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
No remote call being made
# ChildEBP RetAddr
00 00e8fe24 77d37ba7 ntdll!ZwReplyWaitReceivePo
01 00e8ff74 77d37b4c RPCRT4!LRPC_ADDRESS::Recei
02 00e8ff78 77d359c3 RPCRT4!RecvLotsaCallsWrapp
03 00e8ffa8 77d358d6 RPCRT4!BaseCachedThreadRou
04 00e8ffb4 7c57438b RPCRT4!ThreadStartRoutine+
05 00e8ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 7
System Thread ID: 8c4
Kernel Time: 0:0:0.625
User Time: 0:0:0.281
Thread Type: Other
# ChildEBP RetAddr
00 00ecfc1c 7c573c23 ntdll!ZwWaitForMultipleObj
01 00ecfc6c 77e119e6 KERNEL32!WaitForMultipleOb
02 00ecfcc8 77e11ace USER32!MsgWaitForMultipleO
03 00ecfce4 769c71e0 USER32!MsgWaitForMultipleO
04 00ecfd30 65f0cfd8 INFOCOMM!IIS_SERVICE::Star
05 00ecfd70 01002440 w3svc!ServiceEntry+0x1b5
06 00ecffa4 7c2e4e9b inetinfo!InetinfoStartServ
07 00ecffb4 7c57438b ADVAPI32!ScSvcctrlThreadW+
08 00ecffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 8
System Thread ID: 810
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 00f0fc1c 7c573c23 ntdll!ZwWaitForMultipleObj
01 00f0fc6c 77e119e6 KERNEL32!WaitForMultipleOb
02 00f0fcc8 77e11ace USER32!MsgWaitForMultipleO
03 00f0fce4 769c71e0 USER32!MsgWaitForMultipleO
04 00f0fd30 6fc6b2f0 INFOCOMM!IIS_SERVICE::Star
05 00f0fd70 01002440 ftpsvc2!ServiceEntry+0xc7
06 00f0ffa4 7c2e4e9b inetinfo!InetinfoStartServ
07 00f0ffb4 7c57438b ADVAPI32!ScSvcctrlThreadW+
08 00f0ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 9
System Thread ID: bc0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 00fcff5c 7c573c73 ntdll!ZwRemoveIoCompletion
01 00fcff88 6d7029ef KERNEL32!GetQueuedCompleti
02 00fcffb4 7c57438b ISATQ!I_AtqOplockThreadFun
03 00fcffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 10
System Thread ID: 7fc
Kernel Time: 0:0:0.343
User Time: 0:0:0.281
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 0104ff50 7c573c73 ntdll!ZwRemoveIoCompletion
01 0104ff7c 6d702957 KERNEL32!GetQueuedCompleti
02 0104ffb4 7c57438b ISATQ!AtqPoolThread+0x40
03 0104ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 11
System Thread ID: 430
Kernel Time: 0:0:0.828
User Time: 0:0:0.875
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 0108ff50 7c573c73 ntdll!ZwRemoveIoCompletion
01 0108ff7c 6d702957 KERNEL32!GetQueuedCompleti
02 0108ffb4 7c57438b ISATQ!AtqPoolThread+0x40
03 0108ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 12
System Thread ID: 4dc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
No remote call being made
# ChildEBP RetAddr
00 0134feb8 7c573c73 ntdll!ZwRemoveIoCompletion
01 0134fee4 77d31394 KERNEL32!GetQueuedCompleti
02 0134ff20 77d3e93f RPCRT4!COMMON_ProcessCalls
03 0134ff74 77d3e8c2 RPCRT4!LOADABLE_TRANSPORT:
04 0134ff78 77d35924 RPCRT4!ProcessIOEventsWrap
05 0134ffa8 77d358d6 RPCRT4!BaseCachedThreadRou
06 0134ffb4 7c57438b RPCRT4!ThreadStartRoutine+
07 0134ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 13
System Thread ID: 6e0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0144fd20 7c573c23 ntdll!ZwWaitForMultipleObj
01 0144fd70 7c578f0d KERNEL32!WaitForMultipleOb
02 0144fd88 778322b2 KERNEL32!WaitForMultipleOb
03 0144ffb4 7c57438b RTUTILS!TraceServerThread+
04 0144ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 14
System Thread ID: 870
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0149ff00 7c573c23 ntdll!ZwWaitForMultipleObj
01 0149ff50 75037871 KERNEL32!WaitForMultipleOb
02 0149ff6c 6fc66e80 WS2_32!WSAWaitForMultipleE
03 0149ffb4 7c57438b
ftpsvc2!PASV_ACCEPT_CONTEX
04 0149ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 15
System Thread ID: b7c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for \\?\C:\IISDebugTools\IISCH
Thread Type: Other
# ChildEBP RetAddr
00 018dfed8 7c573c73 ntdll!ZwRemoveIoCompletion
01 018dff04 67306fab KERNEL32!GetQueuedCompleti
WARNING: Stack unwind information not available. Following frames may
be wrong.
02 018dffb4 7c57438b IISCHAgent!ConfigFileMonit
03 018dffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 16
System Thread ID: bb4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 01a1ff18 7c573c23 ntdll!ZwWaitForMultipleObj
01 01a1ff68 7c578f0d KERNEL32!WaitForMultipleOb
02 01a1ff80 6730649c KERNEL32!WaitForMultipleOb
WARNING: Stack unwind information not available. Following frames may
be wrong.
03 01a1ffb4 7c57438b IISCHAgent!MonitorWorkerPr
04 01a1ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 17
System Thread ID: 7f8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 01befce0 74fd1394 ntdll!ZwWaitForSingleObjec
01 01befd1c 74fd3c59 msafd!SockWaitForSingleObj
02 01befe08 750312f5 msafd!WSPSelect+0x24e
03 01befe6c 6e2b3b6e WS2_32!select+0xe7
04 01beffb4 7c57438b inetsloc!SocketListenThrea
05 01beffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 18
System Thread ID: 738
Kernel Time: 0:0:0.671
User Time: 0:0:0.671
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 01c2ff50 7c573c73 ntdll!ZwRemoveIoCompletion
01 01c2ff7c 6d702957 KERNEL32!GetQueuedCompleti
02 01c2ffb4 7c57438b ISATQ!AtqPoolThread+0x40
03 01c2ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 19
System Thread ID: 8a8
Kernel Time: 0:0:1.843
User Time: 0:0:1.359
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 01c6fdc0 77fcc774 ntdll!RtlpCoalesceFreeBloc
01 01c6fe6c 7c5737b2 ntdll!RtlFreeHeap+0x142
02 01c6feb4 65f2911a KERNEL32!LocalFree+0x43
03 01c6fec0 65f272a9 w3svc!FILTER_POOL_ITEM::`s
destructor'+0x17
04 01c6fed0 65f1b21f w3svc!HTTP_FILTER::Cleanup
05 01c6fee0 65f2fb69 w3svc!HTTP_REQ_BASE::Sessi
06 01c6fee8 65f214b5 w3svc!HTTP_REQUEST::Sessio
07 01c6fefc 65f22230 w3svc!CLIENT_CONN::Reset+0
08 01c6ff08 65f2230c w3svc!CLIENT_CONN::Free+0x
09 01c6ff14 65f27db8 w3svc!W3Completion+0x54
0a 01c6ff3c 65f27afe w3svc!HTTP_FILTER::OnAtqCo
0b 01c6ff4c 6d701a22 w3svc!FilterAtqCompletion+
0c 01c6ff80 6d7029a6 ISATQ!AtqpProcessContext+0
0d 01c6ffb4 7c57438b ISATQ!AtqPoolThread+0x1a8
0e 01c6ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 20
System Thread ID: 89c
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 01cafdfc 74fd1394 ntdll!ZwWaitForSingleObjec
01 01cafe38 74fd3c59 msafd!SockWaitForSingleObj
02 01caff24 750312f5 msafd!WSPSelect+0x24e
03 01caff88 6d7075bd WS2_32!select+0xe7
04 01caffb0 6d70791b ISATQ!ATQ_BMON_SET::BmonTh
05 01caffb4 7c57438b ISATQ!BmonThreadFunc+0x9
06 01caffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 21
System Thread ID: aa4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Compression Thread
# ChildEBP RetAddr
00 01eeff5c 7c573b28 ntdll!ZwWaitForSingleObjec
01 01eeff84 7c573b50 KERNEL32!WaitForSingleObje
02 01eeff94 732c3366 KERNEL32!WaitForSingleObje
03 01eeffb4 7c57438b compfilt!CompressionThread
04 01eeffc0 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 22
System Thread ID: 898
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 022dff30 77abbad5 USER32!NtUserGetMessage+0x
01 022dff70 77abba23 ole32!CDllHost::STAWorkerL
02 022dff8c 77abb95e ole32!CDllHost::WorkerThre
03 022dff90 77ab50ee ole32!DLLHostThreadEntry+0
04 022dffa8 77ab5046 ole32!CRpcThread::WorkerLo
05 022dffb4 7c57438b ole32!CRpcThreadCache::Rpc
06 022dffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 23
System Thread ID: 88c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** WARNING: Unable to verify checksum for
C:\WINNT\System32\AuthxDB.
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINNT\System32\AuthxDB.
Thread Type: Other
# ChildEBP RetAddr
00 0231fe54 7c573b28 ntdll!ZwWaitForSingleObjec
01 0231fe7c 7c573b50 KERNEL32!WaitForSingleObje
02 0231fe8c 6c37143a KERNEL32!WaitForSingleObje
03 0231fe98 6c3715b3 MFC42!CSyncObject::Lock+0x
04 0231fea4 02097ba9 MFC42!CSingleLock::Lock+0x
WARNING: Stack unwind information not available. Following frames may
be wrong.
05 0231ff10 6c3bde33 AuthxDB!HouseKeep+0x1c56d
06 0231ff7c 780085bc MFC42!_AfxThreadEntry+0xf0
07 0231ffb4 7c57438b MSVCRT!_endthreadex+0xc1
08 0231ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 24
System Thread ID: 888
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0235fe60 7c573b28 ntdll!ZwWaitForSingleObjec
01 0235fe88 7c573b50 KERNEL32!WaitForSingleObje
02 0235fe98 6c37143a KERNEL32!WaitForSingleObje
03 0235fea4 6c3715b3 MFC42!CSyncObject::Lock+0x
04 0235feb0 02097fec MFC42!CSingleLock::Lock+0x
WARNING: Stack unwind information not available. Following frames may
be wrong.
05 0235ff10 6c3bde33 AuthxDB!HouseKeep+0x1c9b0
06 0235ff7c 780085bc MFC42!_AfxThreadEntry+0xf0
07 0235ffb4 7c57438b MSVCRT!_endthreadex+0xc1
08 0235ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 25
System Thread ID: 884
Kernel Time: 0:0:0.0
User Time: 0:0:0.78
*** WARNING: Unable to verify checksum for
f:\servertools\webquota\au
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for f:\servertools\webquota\au
Thread Type: Other
# ChildEBP RetAddr
00 023dfd88 7c573b28 ntdll!ZwWaitForSingleObjec
01 023dfdb0 7c573b50 KERNEL32!WaitForSingleObje
02 023dfdc0 6c37143a KERNEL32!WaitForSingleObje
03 023dfdcc 6c3715b3 MFC42!CSyncObject::Lock+0x
04 023dfdd8 0201612e MFC42!CSingleLock::Lock+0x
WARNING: Stack unwind information not available. Following frames may
be wrong.
05 023dff10 6c3bde33 authXflt+0x1612e
06 023dff7c 780085bc MFC42!_AfxThreadEntry+0xf0
07 023dffb4 7c57438b MSVCRT!_endthreadex+0xc1
08 023dffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 26
System Thread ID: 880
Kernel Time: 0:0:0.0
User Time: 0:0:0.62
Thread Type: Other
# ChildEBP RetAddr
00 0253fe70 7c573c23 ntdll!ZwWaitForMultipleObj
01 0253fec0 77e119e6 KERNEL32!WaitForMultipleOb
02 0253ff1c 77e11ace USER32!MsgWaitForMultipleO
03 0253ff38 65f09ccb USER32!MsgWaitForMultipleO
04 0253ff7c 78008454 w3svc!CMTACallbackThread::
05 0253ffb4 7c57438b MSVCRT!_endthread+0xc6
06 0253ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 27
System Thread ID: 87c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0257fea8 7c573c23 ntdll!ZwWaitForMultipleObj
01 0257fef8 77e119e6 KERNEL32!WaitForMultipleOb
02 0257ff54 77e11ace USER32!MsgWaitForMultipleO
03 0257ff70 65f09d47 USER32!MsgWaitForMultipleO
04 0257ffb4 7c57438b w3svc!OleHackThread+0x88
05 0257ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 28
System Thread ID: be8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Idle ASP thread
# ChildEBP RetAddr
00 0299ff08 7c573c23 ntdll!ZwWaitForMultipleObj
01 0299ff58 7c578f0d KERNEL32!WaitForMultipleOb
02 0299ff70 787f58ce KERNEL32!WaitForMultipleOb
03 0299ffb4 7c57438b COMSVCS!CEventDispatcher::
04 0299ffc0 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 29
System Thread ID: bec
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
Remote call is either to a MTA object or object not initialized. Also,
possible utility thread.
DCOM call being made to Process ID: 2356
Waiting on thread id: ffffffff
# ChildEBP RetAddr
00 029dfb68 77d4256d ntdll!ZwRequestWaitReplyPo
01 029dfb94 77d3ac56 RPCRT4!LRPC_CCALL::SendRec
02 029dfba0 77b25b87 RPCRT4!I_RpcSendReceive+0x
03 029dfbc0 77b25a52 ole32!ThreadSendReceive+0x
04 029dfbd8 77b22ab6
ole32!CRpcChannelBuffer::S
05 029dfc18 77b258c6 ole32!CRpcChannelBuffer::S
06 029dfc28 77a6cb5d ole32!CRpcChannelBuffer::S
07 029dfc88 77ab74c3 ole32!CAptRpcChnl::SendRec
08 029dfce0 77d94c1a ole32!CCtxComChnl::SendRec
09 029dfcfc 77d9487d RPCRT4!NdrProxySendReceive
0a 029dff44 77d95136 RPCRT4!NdrClientCall2+0x4f
0b 029dff60 77d46e75 RPCRT4!ObjectStublessClien
0c 029dff70 787f5818 RPCRT4!ObjectStubless+0xf
0d 029dffb4 7c57438b
COMSVCS!CEventDispatcher::
0e 029dffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 30
System Thread ID: bf0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
# ChildEBP RetAddr
00 02baff38 7c573a4e ntdll!NtDelayExecution+0xb
01 02baff58 7c573a22 KERNEL32!SleepEx+0x32
02 02baff64 79e8c932 KERNEL32!Sleep+0xb
03 02baffb4 7c57438b aspnet_isapi!ThreadGateThr
04 02baffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 31
System Thread ID: b84
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
No remote call being made
# ChildEBP RetAddr
00 0abdfe24 77d37ba7 ntdll!ZwReplyWaitReceivePo
01 0abdff74 77d37b4c RPCRT4!LRPC_ADDRESS::Recei
02 0abdff78 77d359c3 RPCRT4!RecvLotsaCallsWrapp
03 0abdffa8 77d358d6 RPCRT4!BaseCachedThreadRou
04 0abdffb4 7c57438b RPCRT4!ThreadStartRoutine+
05 0abdffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 32
System Thread ID: c10
Kernel Time: 0:0:0.156
User Time: 0:0:0.0
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
# ChildEBP RetAddr
00 02c2ff44 7c573a4e ntdll!NtDelayExecution+0xb
01 02c2ff64 7c573a22 KERNEL32!SleepEx+0x32
02 02c2ff70 79e7dd5b KERNEL32!Sleep+0xb
03 02c2ff80 01f5940f aspnet_isapi!MonitorHealth
04 02c2ffb4 7c57438b MSVCR71!_endthread+0xaa
05 02c2ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 33
System Thread ID: c14
Kernel Time: 0:0:0.250
User Time: 0:0:0.953
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
# ChildEBP RetAddr
00 02c6ff34 7c573c73 ntdll!ZwRemoveIoCompletion
01 02c6ff60 79e8c820 KERNEL32!GetQueuedCompleti
02 02c6ffb4 7c57438b aspnet_isapi!ThreadPoolThr
03 02c6ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 34
System Thread ID: 744
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
No remote call being made
# ChildEBP RetAddr
00 0ab5ff74 77d359a3 ntdll!NtDelayExecution+0xb
01 0ab5ffa8 77d358d6 RPCRT4!BaseCachedThreadRou
02 0ab5ffb4 7c57438b RPCRT4!ThreadStartRoutine+
03 0ab5ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 35
System Thread ID: 744
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
No remote call being made
# ChildEBP RetAddr
00 0ab5ff74 77d359a3 ntdll!NtDelayExecution+0xb
01 0ab5ffa8 77d358d6 RPCRT4!BaseCachedThreadRou
02 0ab5ffb4 7c57438b RPCRT4!ThreadStartRoutine+
03 0ab5ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 36
System Thread ID: aac
Kernel Time: 0:0:0.15
User Time: 0:0:0.78
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
# ChildEBP RetAddr
00 0802ff34 7c573c73 ntdll!ZwRemoveIoCompletion
01 0802ff60 79e8c820 KERNEL32!GetQueuedCompleti
02 0802ffb4 7c57438b aspnet_isapi!ThreadPoolThr
03 0802ffec 00000000 KERNEL32!BaseThreadStart+0
*****
Dump name is formatted as: PID-Timestamp.dmp
Creating F:\Admin\iisstate\output\2
*****
Closing open log file F:\Admin\iisstate\output\I
I'm running a windows 2000 server machine with 40 websites online;
Inetinfo.exe keeps crashing - maybe 1-3 times a day, with no apparent
pattern. IISDebug shows different websites running almost every time
it crashes, so I can't find a pattern there either.
I've just discovered iisstate, and here is the first logfile; could
someone please tell me what I need to do to fix this urgently please?
Many thanks,
Paul
Opened log file 'F:\Admin\iisstate\output\
***********************
Starting new log output
IISState version 3.3.1
Mon Aug 02 05:00:33 2004
OS = Windows 2000
Executable: inetinfo.exe
PID = 2460
Note: Thread times are formatted as HH:MM:SS.ms
***********************
IIS has crashed...
Beginning Analysis
DLL (!FunctionName) that failed: ntdll!RtlpCoalesceFreeBloc
Thread ID: 19
System Thread ID: 8a8
Kernel Time: 0:0:1.843
User Time: 0:0:1.359
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 01c6fdc0 77fcc774 ntdll!RtlpCoalesceFreeBloc
01 01c6fe6c 7c5737b2 ntdll!RtlFreeHeap+0x142
02 01c6feb4 65f2911a KERNEL32!LocalFree+0x43
03 01c6fec0 65f272a9 w3svc!FILTER_POOL_ITEM::`s
destructor'+0x17
04 01c6fed0 65f1b21f w3svc!HTTP_FILTER::Cleanup
05 01c6fee0 65f2fb69 w3svc!HTTP_REQ_BASE::Sessi
06 01c6fee8 65f214b5 w3svc!HTTP_REQUEST::Sessio
07 01c6fefc 65f22230 w3svc!CLIENT_CONN::Reset+0
08 01c6ff08 65f2230c w3svc!CLIENT_CONN::Free+0x
09 01c6ff14 65f27db8 w3svc!W3Completion+0x54
0a 01c6ff3c 65f27afe w3svc!HTTP_FILTER::OnAtqCo
0b 01c6ff4c 6d701a22 w3svc!FilterAtqCompletion+
0c 01c6ff80 6d7029a6 ISATQ!AtqpProcessContext+0
0d 01c6ffb4 7c57438b ISATQ!AtqPoolThread+0x1a8
0e 01c6ffec 00000000 KERNEL32!BaseThreadStart+0
Closing open log file F:\Admin\iisstate\output\I
Opened log file 'F:\Admin\iisstate\output\
***********************
Starting new log output
IISState version 3.3.1
Mon Aug 02 05:00:34 2004
OS = Windows 2000
Executable: inetinfo.exe
PID = 2460
Note: Thread times are formatted as HH:MM:SS.ms
***********************
Thread ID: 0
System Thread ID: 9a0
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
Thread Type: Other
# ChildEBP RetAddr
00 0006f89c 7c5785d1 ntdll!ZwReadFile+0xb
01 0006f910 7c2e4cd9 KERNEL32!ReadFile+0x181
02 0006f93c 7c2e4b5f ADVAPI32!ScGetPipeInput+0x
03 0006f9b8 7c2e6632 ADVAPI32!ScDispatcherLoop+
04 0006fbf4 01002884 ADVAPI32!StartServiceCtrlD
05 0006fd30 01001e94 inetinfo!StartDispatchTabl
06 0006ff70 01002fbf inetinfo!main+0x654
07 0006ffc0 7c581af6 inetinfo!mainCRTStartup+0x
08 0006fff0 00000000 KERNEL32!BaseProcessStart+
Thread ID: 1
System Thread ID: 814
Kernel Time: 0:0:0.0
User Time: 0:0:0.31
Thread Type: Other
# ChildEBP RetAddr
00 0059fd1c 7c573b28 ntdll!ZwWaitForSingleObjec
01 0059fd44 7c573b50 KERNEL32!WaitForSingleObje
02 0059fd54 6e6f1685 KERNEL32!WaitForSingleObje
03 0059fd70 01002440 iisadmin!ServiceEntry+0x15
04 0059ffa4 7c2e4e9b inetinfo!InetinfoStartServ
05 0059ffb4 7c57438b ADVAPI32!ScSvcctrlThreadW+
06 0059ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 2
System Thread ID: 7d0
Kernel Time: 0:0:6.593
User Time: 0:0:4.187
Thread Type: Other
# ChildEBP RetAddr
00 006dfe5c 7c573c23 ntdll!ZwWaitForMultipleObj
01 006dfeac 77e119e6 KERNEL32!WaitForMultipleOb
02 006dff08 77e11ace USER32!MsgWaitForMultipleO
03 006dff24 6e5a5a7c USER32!MsgWaitForMultipleO
04 006dff7c 780085bc IisRTL!SchedulerWorkerThre
05 006dffb4 7c57438b MSVCRT!_endthreadex+0xc1
06 006dffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 3
System Thread ID: 81c
Kernel Time: 0:0:7.484
User Time: 0:0:3.687
Thread Type: Other
# ChildEBP RetAddr
00 0071fe5c 7c573c23 ntdll!ZwWaitForMultipleObj
01 0071feac 77e119e6 KERNEL32!WaitForMultipleOb
02 0071ff08 77e11ace USER32!MsgWaitForMultipleO
03 0071ff24 6e5a5a7c USER32!MsgWaitForMultipleO
04 0071ff7c 780085bc IisRTL!SchedulerWorkerThre
05 0071ffb4 7c57438b MSVCRT!_endthreadex+0xc1
06 0071ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 4
System Thread ID: 8c0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
No remote call being made
# ChildEBP RetAddr
00 0ab9ff74 77d359a3 ntdll!NtDelayExecution+0xb
01 0ab9ffa8 77d358d6 RPCRT4!BaseCachedThreadRou
02 0ab9ffb4 7c57438b RPCRT4!ThreadStartRoutine+
03 0ab9ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 5
System Thread ID: 360
Kernel Time: 0:0:0.140
User Time: 0:0:0.203
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
No remote call being made
# ChildEBP RetAddr
00 00e4fe24 77d37ba7 ntdll!ZwReplyWaitReceivePo
01 00e4ff74 77d37b4c RPCRT4!LRPC_ADDRESS::Recei
02 00e4ff78 77d359c3 RPCRT4!RecvLotsaCallsWrapp
03 00e4ffa8 77d358d6 RPCRT4!BaseCachedThreadRou
04 00e4ffb4 7c57438b RPCRT4!ThreadStartRoutine+
05 00e4ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 6
System Thread ID: 4e8
Kernel Time: 0:0:0.265
User Time: 0:0:0.187
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
No remote call being made
# ChildEBP RetAddr
00 00e8fe24 77d37ba7 ntdll!ZwReplyWaitReceivePo
01 00e8ff74 77d37b4c RPCRT4!LRPC_ADDRESS::Recei
02 00e8ff78 77d359c3 RPCRT4!RecvLotsaCallsWrapp
03 00e8ffa8 77d358d6 RPCRT4!BaseCachedThreadRou
04 00e8ffb4 7c57438b RPCRT4!ThreadStartRoutine+
05 00e8ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 7
System Thread ID: 8c4
Kernel Time: 0:0:0.625
User Time: 0:0:0.281
Thread Type: Other
# ChildEBP RetAddr
00 00ecfc1c 7c573c23 ntdll!ZwWaitForMultipleObj
01 00ecfc6c 77e119e6 KERNEL32!WaitForMultipleOb
02 00ecfcc8 77e11ace USER32!MsgWaitForMultipleO
03 00ecfce4 769c71e0 USER32!MsgWaitForMultipleO
04 00ecfd30 65f0cfd8 INFOCOMM!IIS_SERVICE::Star
05 00ecfd70 01002440 w3svc!ServiceEntry+0x1b5
06 00ecffa4 7c2e4e9b inetinfo!InetinfoStartServ
07 00ecffb4 7c57438b ADVAPI32!ScSvcctrlThreadW+
08 00ecffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 8
System Thread ID: 810
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 00f0fc1c 7c573c23 ntdll!ZwWaitForMultipleObj
01 00f0fc6c 77e119e6 KERNEL32!WaitForMultipleOb
02 00f0fcc8 77e11ace USER32!MsgWaitForMultipleO
03 00f0fce4 769c71e0 USER32!MsgWaitForMultipleO
04 00f0fd30 6fc6b2f0 INFOCOMM!IIS_SERVICE::Star
05 00f0fd70 01002440 ftpsvc2!ServiceEntry+0xc7
06 00f0ffa4 7c2e4e9b inetinfo!InetinfoStartServ
07 00f0ffb4 7c57438b ADVAPI32!ScSvcctrlThreadW+
08 00f0ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 9
System Thread ID: bc0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 00fcff5c 7c573c73 ntdll!ZwRemoveIoCompletion
01 00fcff88 6d7029ef KERNEL32!GetQueuedCompleti
02 00fcffb4 7c57438b ISATQ!I_AtqOplockThreadFun
03 00fcffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 10
System Thread ID: 7fc
Kernel Time: 0:0:0.343
User Time: 0:0:0.281
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 0104ff50 7c573c73 ntdll!ZwRemoveIoCompletion
01 0104ff7c 6d702957 KERNEL32!GetQueuedCompleti
02 0104ffb4 7c57438b ISATQ!AtqPoolThread+0x40
03 0104ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 11
System Thread ID: 430
Kernel Time: 0:0:0.828
User Time: 0:0:0.875
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 0108ff50 7c573c73 ntdll!ZwRemoveIoCompletion
01 0108ff7c 6d702957 KERNEL32!GetQueuedCompleti
02 0108ffb4 7c57438b ISATQ!AtqPoolThread+0x40
03 0108ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 12
System Thread ID: 4dc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
No remote call being made
# ChildEBP RetAddr
00 0134feb8 7c573c73 ntdll!ZwRemoveIoCompletion
01 0134fee4 77d31394 KERNEL32!GetQueuedCompleti
02 0134ff20 77d3e93f RPCRT4!COMMON_ProcessCalls
03 0134ff74 77d3e8c2 RPCRT4!LOADABLE_TRANSPORT:
04 0134ff78 77d35924 RPCRT4!ProcessIOEventsWrap
05 0134ffa8 77d358d6 RPCRT4!BaseCachedThreadRou
06 0134ffb4 7c57438b RPCRT4!ThreadStartRoutine+
07 0134ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 13
System Thread ID: 6e0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0144fd20 7c573c23 ntdll!ZwWaitForMultipleObj
01 0144fd70 7c578f0d KERNEL32!WaitForMultipleOb
02 0144fd88 778322b2 KERNEL32!WaitForMultipleOb
03 0144ffb4 7c57438b RTUTILS!TraceServerThread+
04 0144ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 14
System Thread ID: 870
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0149ff00 7c573c23 ntdll!ZwWaitForMultipleObj
01 0149ff50 75037871 KERNEL32!WaitForMultipleOb
02 0149ff6c 6fc66e80 WS2_32!WSAWaitForMultipleE
03 0149ffb4 7c57438b
ftpsvc2!PASV_ACCEPT_CONTEX
04 0149ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 15
System Thread ID: b7c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for \\?\C:\IISDebugTools\IISCH
Thread Type: Other
# ChildEBP RetAddr
00 018dfed8 7c573c73 ntdll!ZwRemoveIoCompletion
01 018dff04 67306fab KERNEL32!GetQueuedCompleti
WARNING: Stack unwind information not available. Following frames may
be wrong.
02 018dffb4 7c57438b IISCHAgent!ConfigFileMonit
03 018dffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 16
System Thread ID: bb4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 01a1ff18 7c573c23 ntdll!ZwWaitForMultipleObj
01 01a1ff68 7c578f0d KERNEL32!WaitForMultipleOb
02 01a1ff80 6730649c KERNEL32!WaitForMultipleOb
WARNING: Stack unwind information not available. Following frames may
be wrong.
03 01a1ffb4 7c57438b IISCHAgent!MonitorWorkerPr
04 01a1ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 17
System Thread ID: 7f8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 01befce0 74fd1394 ntdll!ZwWaitForSingleObjec
01 01befd1c 74fd3c59 msafd!SockWaitForSingleObj
02 01befe08 750312f5 msafd!WSPSelect+0x24e
03 01befe6c 6e2b3b6e WS2_32!select+0xe7
04 01beffb4 7c57438b inetsloc!SocketListenThrea
05 01beffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 18
System Thread ID: 738
Kernel Time: 0:0:0.671
User Time: 0:0:0.671
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 01c2ff50 7c573c73 ntdll!ZwRemoveIoCompletion
01 01c2ff7c 6d702957 KERNEL32!GetQueuedCompleti
02 01c2ffb4 7c57438b ISATQ!AtqPoolThread+0x40
03 01c2ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 19
System Thread ID: 8a8
Kernel Time: 0:0:1.843
User Time: 0:0:1.359
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 01c6fdc0 77fcc774 ntdll!RtlpCoalesceFreeBloc
01 01c6fe6c 7c5737b2 ntdll!RtlFreeHeap+0x142
02 01c6feb4 65f2911a KERNEL32!LocalFree+0x43
03 01c6fec0 65f272a9 w3svc!FILTER_POOL_ITEM::`s
destructor'+0x17
04 01c6fed0 65f1b21f w3svc!HTTP_FILTER::Cleanup
05 01c6fee0 65f2fb69 w3svc!HTTP_REQ_BASE::Sessi
06 01c6fee8 65f214b5 w3svc!HTTP_REQUEST::Sessio
07 01c6fefc 65f22230 w3svc!CLIENT_CONN::Reset+0
08 01c6ff08 65f2230c w3svc!CLIENT_CONN::Free+0x
09 01c6ff14 65f27db8 w3svc!W3Completion+0x54
0a 01c6ff3c 65f27afe w3svc!HTTP_FILTER::OnAtqCo
0b 01c6ff4c 6d701a22 w3svc!FilterAtqCompletion+
0c 01c6ff80 6d7029a6 ISATQ!AtqpProcessContext+0
0d 01c6ffb4 7c57438b ISATQ!AtqPoolThread+0x1a8
0e 01c6ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 20
System Thread ID: 89c
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 01cafdfc 74fd1394 ntdll!ZwWaitForSingleObjec
01 01cafe38 74fd3c59 msafd!SockWaitForSingleObj
02 01caff24 750312f5 msafd!WSPSelect+0x24e
03 01caff88 6d7075bd WS2_32!select+0xe7
04 01caffb0 6d70791b ISATQ!ATQ_BMON_SET::BmonTh
05 01caffb4 7c57438b ISATQ!BmonThreadFunc+0x9
06 01caffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 21
System Thread ID: aa4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Compression Thread
# ChildEBP RetAddr
00 01eeff5c 7c573b28 ntdll!ZwWaitForSingleObjec
01 01eeff84 7c573b50 KERNEL32!WaitForSingleObje
02 01eeff94 732c3366 KERNEL32!WaitForSingleObje
03 01eeffb4 7c57438b compfilt!CompressionThread
04 01eeffc0 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 22
System Thread ID: 898
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 022dff30 77abbad5 USER32!NtUserGetMessage+0x
01 022dff70 77abba23 ole32!CDllHost::STAWorkerL
02 022dff8c 77abb95e ole32!CDllHost::WorkerThre
03 022dff90 77ab50ee ole32!DLLHostThreadEntry+0
04 022dffa8 77ab5046 ole32!CRpcThread::WorkerLo
05 022dffb4 7c57438b ole32!CRpcThreadCache::Rpc
06 022dffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 23
System Thread ID: 88c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** WARNING: Unable to verify checksum for
C:\WINNT\System32\AuthxDB.
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINNT\System32\AuthxDB.
Thread Type: Other
# ChildEBP RetAddr
00 0231fe54 7c573b28 ntdll!ZwWaitForSingleObjec
01 0231fe7c 7c573b50 KERNEL32!WaitForSingleObje
02 0231fe8c 6c37143a KERNEL32!WaitForSingleObje
03 0231fe98 6c3715b3 MFC42!CSyncObject::Lock+0x
04 0231fea4 02097ba9 MFC42!CSingleLock::Lock+0x
WARNING: Stack unwind information not available. Following frames may
be wrong.
05 0231ff10 6c3bde33 AuthxDB!HouseKeep+0x1c56d
06 0231ff7c 780085bc MFC42!_AfxThreadEntry+0xf0
07 0231ffb4 7c57438b MSVCRT!_endthreadex+0xc1
08 0231ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 24
System Thread ID: 888
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0235fe60 7c573b28 ntdll!ZwWaitForSingleObjec
01 0235fe88 7c573b50 KERNEL32!WaitForSingleObje
02 0235fe98 6c37143a KERNEL32!WaitForSingleObje
03 0235fea4 6c3715b3 MFC42!CSyncObject::Lock+0x
04 0235feb0 02097fec MFC42!CSingleLock::Lock+0x
WARNING: Stack unwind information not available. Following frames may
be wrong.
05 0235ff10 6c3bde33 AuthxDB!HouseKeep+0x1c9b0
06 0235ff7c 780085bc MFC42!_AfxThreadEntry+0xf0
07 0235ffb4 7c57438b MSVCRT!_endthreadex+0xc1
08 0235ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 25
System Thread ID: 884
Kernel Time: 0:0:0.0
User Time: 0:0:0.78
*** WARNING: Unable to verify checksum for
f:\servertools\webquota\au
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for f:\servertools\webquota\au
Thread Type: Other
# ChildEBP RetAddr
00 023dfd88 7c573b28 ntdll!ZwWaitForSingleObjec
01 023dfdb0 7c573b50 KERNEL32!WaitForSingleObje
02 023dfdc0 6c37143a KERNEL32!WaitForSingleObje
03 023dfdcc 6c3715b3 MFC42!CSyncObject::Lock+0x
04 023dfdd8 0201612e MFC42!CSingleLock::Lock+0x
WARNING: Stack unwind information not available. Following frames may
be wrong.
05 023dff10 6c3bde33 authXflt+0x1612e
06 023dff7c 780085bc MFC42!_AfxThreadEntry+0xf0
07 023dffb4 7c57438b MSVCRT!_endthreadex+0xc1
08 023dffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 26
System Thread ID: 880
Kernel Time: 0:0:0.0
User Time: 0:0:0.62
Thread Type: Other
# ChildEBP RetAddr
00 0253fe70 7c573c23 ntdll!ZwWaitForMultipleObj
01 0253fec0 77e119e6 KERNEL32!WaitForMultipleOb
02 0253ff1c 77e11ace USER32!MsgWaitForMultipleO
03 0253ff38 65f09ccb USER32!MsgWaitForMultipleO
04 0253ff7c 78008454 w3svc!CMTACallbackThread::
05 0253ffb4 7c57438b MSVCRT!_endthread+0xc6
06 0253ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 27
System Thread ID: 87c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0257fea8 7c573c23 ntdll!ZwWaitForMultipleObj
01 0257fef8 77e119e6 KERNEL32!WaitForMultipleOb
02 0257ff54 77e11ace USER32!MsgWaitForMultipleO
03 0257ff70 65f09d47 USER32!MsgWaitForMultipleO
04 0257ffb4 7c57438b w3svc!OleHackThread+0x88
05 0257ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 28
System Thread ID: be8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Idle ASP thread
# ChildEBP RetAddr
00 0299ff08 7c573c23 ntdll!ZwWaitForMultipleObj
01 0299ff58 7c578f0d KERNEL32!WaitForMultipleOb
02 0299ff70 787f58ce KERNEL32!WaitForMultipleOb
03 0299ffb4 7c57438b COMSVCS!CEventDispatcher::
04 0299ffc0 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 29
System Thread ID: bec
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
Remote call is either to a MTA object or object not initialized. Also,
possible utility thread.
DCOM call being made to Process ID: 2356
Waiting on thread id: ffffffff
# ChildEBP RetAddr
00 029dfb68 77d4256d ntdll!ZwRequestWaitReplyPo
01 029dfb94 77d3ac56 RPCRT4!LRPC_CCALL::SendRec
02 029dfba0 77b25b87 RPCRT4!I_RpcSendReceive+0x
03 029dfbc0 77b25a52 ole32!ThreadSendReceive+0x
04 029dfbd8 77b22ab6
ole32!CRpcChannelBuffer::S
05 029dfc18 77b258c6 ole32!CRpcChannelBuffer::S
06 029dfc28 77a6cb5d ole32!CRpcChannelBuffer::S
07 029dfc88 77ab74c3 ole32!CAptRpcChnl::SendRec
08 029dfce0 77d94c1a ole32!CCtxComChnl::SendRec
09 029dfcfc 77d9487d RPCRT4!NdrProxySendReceive
0a 029dff44 77d95136 RPCRT4!NdrClientCall2+0x4f
0b 029dff60 77d46e75 RPCRT4!ObjectStublessClien
0c 029dff70 787f5818 RPCRT4!ObjectStubless+0xf
0d 029dffb4 7c57438b
COMSVCS!CEventDispatcher::
0e 029dffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 30
System Thread ID: bf0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
# ChildEBP RetAddr
00 02baff38 7c573a4e ntdll!NtDelayExecution+0xb
01 02baff58 7c573a22 KERNEL32!SleepEx+0x32
02 02baff64 79e8c932 KERNEL32!Sleep+0xb
03 02baffb4 7c57438b aspnet_isapi!ThreadGateThr
04 02baffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 31
System Thread ID: b84
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
No remote call being made
# ChildEBP RetAddr
00 0abdfe24 77d37ba7 ntdll!ZwReplyWaitReceivePo
01 0abdff74 77d37b4c RPCRT4!LRPC_ADDRESS::Recei
02 0abdff78 77d359c3 RPCRT4!RecvLotsaCallsWrapp
03 0abdffa8 77d358d6 RPCRT4!BaseCachedThreadRou
04 0abdffb4 7c57438b RPCRT4!ThreadStartRoutine+
05 0abdffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 32
System Thread ID: c10
Kernel Time: 0:0:0.156
User Time: 0:0:0.0
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
# ChildEBP RetAddr
00 02c2ff44 7c573a4e ntdll!NtDelayExecution+0xb
01 02c2ff64 7c573a22 KERNEL32!SleepEx+0x32
02 02c2ff70 79e7dd5b KERNEL32!Sleep+0xb
03 02c2ff80 01f5940f aspnet_isapi!MonitorHealth
04 02c2ffb4 7c57438b MSVCR71!_endthread+0xaa
05 02c2ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 33
System Thread ID: c14
Kernel Time: 0:0:0.250
User Time: 0:0:0.953
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
# ChildEBP RetAddr
00 02c6ff34 7c573c73 ntdll!ZwRemoveIoCompletion
01 02c6ff60 79e8c820 KERNEL32!GetQueuedCompleti
02 02c6ffb4 7c57438b aspnet_isapi!ThreadPoolThr
03 02c6ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 34
System Thread ID: 744
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
No remote call being made
# ChildEBP RetAddr
00 0ab5ff74 77d359a3 ntdll!NtDelayExecution+0xb
01 0ab5ffa8 77d358d6 RPCRT4!BaseCachedThreadRou
02 0ab5ffb4 7c57438b RPCRT4!ThreadStartRoutine+
03 0ab5ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 35
System Thread ID: 744
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
No remote call being made
# ChildEBP RetAddr
00 0ab5ff74 77d359a3 ntdll!NtDelayExecution+0xb
01 0ab5ffa8 77d358d6 RPCRT4!BaseCachedThreadRou
02 0ab5ffb4 7c57438b RPCRT4!ThreadStartRoutine+
03 0ab5ffec 00000000 KERNEL32!BaseThreadStart+0
Thread ID: 36
System Thread ID: aac
Kernel Time: 0:0:0.15
User Time: 0:0:0.78
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
# ChildEBP RetAddr
00 0802ff34 7c573c73 ntdll!ZwRemoveIoCompletion
01 0802ff60 79e8c820 KERNEL32!GetQueuedCompleti
02 0802ffb4 7c57438b aspnet_isapi!ThreadPoolThr
03 0802ffec 00000000 KERNEL32!BaseThreadStart+0
*****
Dump name is formatted as: PID-Timestamp.dmp
Creating F:\Admin\iisstate\output\2
*****
Closing open log file F:\Admin\iisstate\output\I
Why Experts Exchange?
Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.
Jim Murphy
Programmer at Smart IT Solutions
When asked, what has been your best career decision?
Deciding to stick with EE.
Mohamed Asif
Technical Department Head
Being involved with EE helped me to grow personally and professionally.
Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question
Connect with Certified Experts to gain insight and support on specific technology challenges including:
- Troubleshooting
- Research
- Professional Opinions
Did You Know?
We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE