Solved

Windows 2000 Server BSOD

Posted on 2004-10-25
1,329 Views
Last Modified: 2008-01-09
My Windows 2000 Server gives BSOD every 2 to 6 weeks. So far no luck on Google, etc. :

"***STOP: 0x000000B8 (0X00000000,0X00000000,0X00000000,0X00000000)
A wait operation, attach process, or yield was attempted from a DPC routine.

Beginning dump of physical memory"

Anyone seen this, have any ideas what is the problem and fix?

George
0
Question by:George46227
    58 Comments
     
    LVL 95

    Expert Comment

    by:Lee W, MVP
    0
     
    LVL 95

    Expert Comment

    by:Lee W, MVP
    When searching for Stop messages on google or at microsoft, drop the leading 0's  - search for STOP 0xB8 in this case
    0
     
    LVL 20

    Expert Comment

    by:Debsyl99
    Hi some general links - some of which may or may not be relevant depending on your setup and/or on which service pack you're on as you didn't say,

    "How to Debug 'Stop 0xC2' or 'Stop 0x000000C2' Error Messages"  
    http://support.microsoft.com?kbid=265879
    "'STOP 0x000000c2' Error Message Appears on a Blue Screen After You Install
    IomegaWare"  
    http://support.microsoft.com?kbid=309155
    "Some Windows 2000 hotfixes may cause a conflict with Service Pack 3 [SP3] for
    Windows 2000"  
    http://support.microsoft.com?kbid=309601
    "'STOP 0x000000C2 BAD_POOL_CALLER' Error Message on a Cluster Node"  
    http://support.microsoft.com?kbid=321793
    "'BAD_POOL_CALLER' Error Message When Upgrading to Windows 2003 Server"
    http://support.microsoft.com?kbid=817409
    "Computer intermittently stops responding and a Stop 0x000000C2 error occurs"
    http://support.microsoft.com?kbid=820765
    "'Stop 0xC2 [BAD_POOL_CALLER]' error may occur intermittently on a server that
    is running Routing and Remote Access with NAT enabled under Windows 2000"  
    http://support.microsoft.com?kbid=829788

    Deb :))

    0
     
    LVL 19

    Expert Comment

    by:GUEEN
    George check your error logs - it should give you some clue if this is driver related.  Post source and error here.  I once had a Scsiport.sys problem and had to get a hotfix from mS.
    0
     

    Author Comment

    by:George46227
    "The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000b8 (0x00000000, 0x00000000, 0x00000000, 0x00000000). Microsoft Windows 2000 [v15.2195]. A dump was saved in: C:\WINNT\Minidump\Mini101500-01.dmp." That's all there is in System Log near the crash time.

    George
    0
     
    LVL 19

    Expert Comment

    by:GUEEN
    I would check all drivers first for video/sound/usb -get them updated  - did you add any new hardware recently or install any MS updates?
    0
     
    LVL 20

    Expert Comment

    by:Debsyl99
    Sorry about earlier irrelevant links - posted in the wrong darn thread!!!! - DOH!!
    Deb :))
    0
     
    LVL 3

    Expert Comment

    by:browolf
    is the server part of a cluster?
    0
     

    Author Comment

    by:George46227
    Server is not part of a cluster
    No new hardware
    No recent MS updates

    None of the above links have applied.

    George
    0
     

    Author Comment

    by:George46227
    11/23/04

    1. I don't have a ZIP drive or Tivoli or W2K Cluster.
    2. No new hardware installed recently.

    I don't think any of the responses have provided a solution at this point. I have checked each suggested link - although the errors are similar they do not apply since they refer to ZIP drives, Tivoli or W2K Cluster setup.

    If there are no more responses in the next few days I will close out the question with no points awarded if approved by the EE admins.

    George
    0
     

    Author Comment

    by:George46227
    11/26/04
    2:48pm

    I am going to do a pointer question to get some new responses.

    George


    0
     

    Author Comment

    by:George46227
    11/26/04

    Google search - found two articles, one referred to a problem with a scanner, one referred to a problem with a DSL modem. I have neither.

    George
    0
     
    LVL 86

    Expert Comment

    by:jkr
    This is a driver problem. Which .sys file is mentioned in the error message?
    0
     
    LVL 20

    Assisted Solution

    by:Debsyl99
    Hi
    All I can suggest is that you have a look at the resources below with a view to examining the memory dump as this should give you information as to what is exactly responsible for the dsod's. The problem is that there are so many potential causes of this problem you're going to be really fortunate to track it down via google unless someone else has had and publicised exactly the same issue with exactly the same hardware and software setup. I expect that if you did involve MS then they would take the same approach. Other things that you can do is ensure that the latest drivers are loaded and installed for all your hardware, maybe update the bios and also run checks on the integrity of your hard drives, memory etc, although I would have thought hardware issues to be less likely with the infrequency of the crashes, although still not impossible,
    How to use the Userdump.exe tool to create a dump file
    http://support.microsoft.com/default.aspx?scid=kb;en-us;241215&Product=win2000
    Using the Windbg Debugging Tool
    http://www.winnetmag.com/Article/ArticleID/21217/21217.html
    How to debug Windows services
    http://support.microsoft.com/?kbid=824344

    You could always post the output from windbg to see if it gives any more info, which hopefully it should,
    0
     

    Author Comment

    by:George46227
    jkr
    11/26/04

    As previously stated above:

    "The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000b8 (0x00000000, 0x00000000, 0x00000000, 0x00000000). Microsoft Windows 2000 [v15.2195]. A dump was saved in: C:\WINNT\Minidump\Mini101500-01.dmp." That's all there is in System Log near the crash time.

     No .sys file is mentioned in the BSOD screen or Event Log.

    George
    0
     
    LVL 86

    Expert Comment

    by:jkr
    Could you try what Debsyl99 suggested to obtain some more detailed information?
    0
     
    LVL 86

    Expert Comment

    by:jkr
    ...or, let me put that differently: Are you willing to go through using WinDbg to get some more stuff out of the memory dump?
    0
     
    LVL 20

    Expert Comment

    by:cpc2004
    This is hard question. Can you attach three minidumps at webspace and I will investigate the dumps. I hope I can have find new findings.
    0
     
    LVL 87

    Expert Comment

    by:rindi
    Can you supply us with information on what hardware is inside the PC and what peripherals are connected to the external ports?
    0
     

    Author Comment

    by:George46227
    jkr
    11/27

    OK - I am new to EE - how to I "attach" the minidumps? I opened them with notepad, seems to be a lot of jibberish. Tell me how and I will do it.

    George
    0
     

    Author Comment

    by:George46227
    rindi
    11/27/04

    The pc is basically a clone
    Original install date July, 2000

    From Device Manager -
    HDD: SAMSUNG SV0511D and WDC AC13200B
    Dispaly: S3 Inc. Trio3D
    DVD/CD-ROM: ATAPI CD-ROM Drive-40X
    FDC: Standard fdc
    FDD: Floppy dd (x2 - 3.5 and 5.25 - my coment)
    IDE ATA/ATAPI: Intel 82371AB/EB PCI Bus Master IDE controller
    KBD: PC/AT Enhanced PS/2 Keyboard (101/102-key)
    Mouse: Logitech PS/2 Port Mouse
    Modem: Standard 28800 bps Modem
    Monitor: Default Monitor
    Network Adapters: Yellow! 3Com Etherlink III ISA (3C509/3C509B) Legacy mode
                                (this NIC was installed originally 7/00 for testing and later removed -                            the Yellow! has always been there - my comment)
                                3Com EtherLink XL 10/100 PCI TX NIC (3C905B-TX) # 2
                                Realtek RTL8029(AS)-based PCI Ethernet Adapter # 2
    Other devices: Yellow! Multimedia Audio Controller
                          Yellow! PCI Input Device
                          Yellow! WIN5602 MODEM LINE INTERFACE CARD
                          (the Yellow! has always been there on these devices since 7/00 - I
                          never attempted to install drivers for these devices because I don't use
                          them - my comment).
    Ports (COM and LPT): Communications Port (COM1)
                                     Printer Port (LPT1)
    Sound, video and game controllers: Audio Codecs, Legacy Audio Drivers, Legacy Video
                                                        Capture Devices, Media Control Devices, Video
                                                        Codecs
    System Devices: I will omit this lengthy and obscure area unless someone specifically
                            asks for information                          
    Universal Serial Bus controllers: Intel 82371AB/EB PCI to USB Universal Host Controller
                                                   USB Root Hub

    George



       
    0
     

    Author Comment

    by:George46227
    Debsyl99
    jkr

    11/27

    My previous experience with NTRK dump tools and debugs (NT4) is hours spent with no solution. But since you have suggested it and are willing to participate I will attempt to do that. I have not read thru the articles you listed yet but will try to do so probably on Monday 11/29. Does this involve installing the "Debug Symbols" like in NT4? My previous experience with them was not helpful but I will try to follow your suggestions. Thanks for the help.

    George
    0
     

    Author Comment

    by:George46227
    cpc2004
    11/27

    Sorry for the error (thought you were jkr)

    OK - I am new to EE - how to I "attach" the minidumps? I opened them with notepad, seems to be a lot of jibberish. Tell me how and I will do it.

    George

    0
     
    LVL 20

    Expert Comment

    by:Debsyl99
    Hi George I have access to a flimsy PC is all right now - will look into it when I have access to the necessary resources and come back to you Monday :))
    0
     
    LVL 20

    Expert Comment

    by:cpc2004
    You have to use windbg to view the dump. Process the dump is easy and most difficult part is how to interpret the output. The minidump has around 64K and it only have the stack trace, registers at time of crash and load module map. For diffficult problem such as storage overlay, a full dump is required.
    0
     
    LVL 20

    Expert Comment

    by:cpc2004
    Hi George46227,
    I am advised by EE adminstration not to give my email address to receive problem owner's information because all the information that provided by problem owner must be opened to all the experts. If you can provide your email address here, all the interested experts can send email to you to get the minidump. I think it will not violate the EE's rule and regulation.
    0
     

    Author Comment

    by:George46227
    11/29/04

    If anyone wants a copy of the minidump send a email to the following address:
    minidumpATspamexDOTcomNOSPAM
    (remove the obvious and edit)

    This is a temporary, disposable address used only for this EE question, it will be deleted after the question is closed. If you don't want to give out your real email  address consider setting up a temporary disposable one at wwwDOTspamexDOTcom.

    George
    0
     
    LVL 20

    Expert Comment

    by:cpc2004
    I put my email in my personnel profile.
    0
     

    Author Comment

    by:George46227
    Debsyl99
    11/29/04

    I am reading the article "How to use the Userdump.exe tool to create a dump file" KB Q241215. It refers to setting up applications for de-bugging. In my case I have A BSOD (not a Dr.Watson) - I have no idea what "application" (if any) is causing the BSOD (I would think it might be more likely related to a hardware or driver problem). Is this going to help with the BSOD? It seems focused on de-bugging applications, as far as I know there is no specific application associated with the problem (based on the BSOD info and Event Log info). I will go ahead and dl the tool and read the docs anyway - hopefully it will help.

    Thanks
    George
    0
     
    LVL 20

    Expert Comment

    by:cpc2004
    The dump that I recieved was created 4 years ago. Do you have the most current dump?
    0
     
    LVL 20

    Expert Comment

    by:cpc2004
    Two dumps are inaccessible. From the windows, it shows that your PC is W2K SP1. If it is true, you must upgrade it to higher Servce Pack level such as SP4 or SP5.
    0
     

    Author Comment

    by:George46227
    cpc2004
    11/30/04

    1. As I said in my email to you "Just ignore the dates - I've been doing some testing and changing the system dates." The dumps are the three most recent.
    2. Why do I "have to" upgrade to SP4/SP? What does that have to do with the BSOD specifically?
    3. Any idea why two of the dumps are inaccessible? Did the other dump show anything useful? What tool are you using to open or analyze the dumps.

    George

    0
     

    Author Comment

    by:George46227
    11/30/04
    3:45pm

    Update:

    I have dl/printed out all three articles as previously recommended by Debsyl99. I have dl userdump.exe - oem3sr2.zip - part of OEM Support Tools 3r2 - and I have read/studied the Userdump.exe article.

    I have dl Windbg Debugging Tool - dbg_x86_6.3.17.0.exe and am now reading/studying the article (you really need some other articles as it is part of a series - see the  previous articles "Starting the Troubleshooting Process" #20594 and "Ubderstanding and Using Symbols" #20928).

    I have not dl the symbols yet (large dl!), I will keep everyone posted.

    George
    0
     
    LVL 20

    Expert Comment

    by:cpc2004
    It is no need to download the symbol. At Winddbg
    File --> Symbol File Path --> srv*\websymbols*http://msdl/microsoft.com/download/symbols
    When windbg process the dump and it will access Microsoft Wbesite to fetch the symbols.

    Maybe you get hardware problem such as faulty ram hence the dumps were taken unsuccessfully. It is my first time the dumps cannot be accessed. Run RAM test to test your memory (http://www.memtest86.com)

    W2K SP1 is very a low patch patch and this is why I recommend you to upgrade your W2k upgrade to SP4 or Sp5.
    0
     
    LVL 20

    Expert Comment

    by:Debsyl99
    Hi
    I agree - SP1 is a very low patch - many many issues and instabilities have been corrected in 2000 in the patches that follow - you really should patch up to date,
    0
     

    Author Comment

    by:George46227
    cpc2004
    12/1/04
    10:00am

    Yes - I saw the article on using the Symbol Server over the net, also I guess the symbols are still actually dl to your pc even when using Symbol Server!? Maybe only the ones needed for the Windbg config that is used during the debug session? Although it does say you can dl the symbols to a network drive/UNC path - still sounds like something will get dl.

    Are you saying it is possible to use the Symbol Server in real-time without Dl any symbols locally - just run them off the Symbol Server? This is the example in the article:
    "SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols" where c:\websymbols is the "downstream store" which can be a local folder or on a network drive (like q:\websymbols or \\MyComp\websymbols).

    I only have 230MB c: space, I could probably cleanup to about 500-600MB or so, not much room for symbols, SP's, etc.

    George
    0
     

    Author Comment

    by:George46227
    12/1/04
    10:20am

    This is where I am:
    1. Userdump.exe: After dl and reading the docs it doesn't seem a useful tool for my BSOD problem since it is for app debugging. If I am wrong please correct me and explain or refer me to some references which are good for using it for BSOD things.
    2. Symbols: I am going to try to use the Symbol Server over the net and point the dl to a network drive since I am low on disk space. Hopefully the Symbol Server will work with SP1 - the SP1 symbols aren't available for dl anyway - only SP3 and above at Microsoft site.
    Are the symbols for basic w2k on the install cd (they were with NT4). I have original cd's plus SP's on CD - maybe I already have the symbols if I can find them.
    3. Windbg: I would like some more information. Good reference article or something. What tools are including in the dl dbg_x86_6.3.17.0.exe? What will I be able to do - view a .dmp file, anything else? Is it a "install" procedure or just copy files, configure, set reg entries, etc.? Is it possible to do a un-install, or manually un-install? I am trying to Google some info but so far nothing specifically helpful.

    George
    0
     
    LVL 20

    Expert Comment

    by:cpc2004
    Install Windbg use standard installation method. It has no uninstall procedure. Get rid of the windbg folder if you don't want it.  There have a few article to teach you how to use windbg. I only find a book called "Windows Kernel Debugging" at library and this book teach the reader how to use Windows Debugging Tools for W2K environment.

    The on-line help of windbg is the best article and it has a lot of example and the debugging concept.
    0
     

    Author Comment

    by:George46227
    12/1/04
    4:10pm

    I am trying to use Windbg to open the .dmp file. I am getting an error " Unable to load image ntoskrnl.exe, Win32 error 2 *** WARNING: Unable to verify timestamp for ntoskrnl.exe *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe" My ntoskrnl.exe is Friday, July 21, 2000, 7:05:00 AM v5.0.2195.1620. Then it says "Loading Kernel Symbols" and "Loading unloaded module list" and "Loading User Symbols", then it just sits there apparently doing nothing - maybe hung? This is for at least 5 min. - should it take a long time for the .dmp to be processed?

    Has anyone used the Symbol Server? - maybe the Symbol Server doesn't work either for SP1?

    George
    0
     

    Author Comment

    by:George46227
    12/1/04
    4:55pm
    cpc2004

    Have you used the Symbol Server? Can you check the path and let me know - I am using "SRV*p:\websymbols*http://msdl.microsoft.com/download/symbols" where P: is a mapped drive. You say you are using "srv*\websymbols*http://msdl/microsoft.com/download/symbols" - is that a typo? no drive letter in front of "\websymbols"? also the slash instead of dot after "msdl"?

    George
    0
     
    LVL 20

    Accepted Solution

    by:
    George,

    Refer the following webpage
    http://www.microsoft.com/whdc/devtools/debugging/symbols.mspx

    If you have problem to use symbolic servers, maybe you are using W2K SP1 which is 4 years behind.


    cpc2004
    0
     

    Author Comment

    by:George46227
    12/3/04
    11:50am

    I have installed the Debugging Tools for Windows (latest download version from Microsoft - dbg_x86_6.3.17.0.exe - not the beta) and installed W2K retail symbols and SP1 symbols. The debug is installed to a local drive (G:\Debugging Tools for Windows), symbols installed to a network drive (K:\Symbols2K), in Windbg I set the symbol path to K:\Symbols2K and opened a dump. I would like to post the dump here - but it won't let me select/copy the contents of the window. How can I save the debug window to a file so I can paste it here - or somehow select/copy/paste the contents? I have some results which might be useful.

    George
    0
     

    Author Comment

    by:George46227
    12/3/04
    12:15pm

    Apparently there is a glitch in the Windbg related to the mouse - I can select but not copy - after I select and right-click the selected area goes un-selected. Keyboard CTL+C works OK to copy the selected area.

    Here is what I have:

    Microsoft (R) Windows Debugger  Version 6.3.0017.0
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\WINNT\Minidump\Mini051700-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: K:\Symbols2K
    Executable search path is:
    Unable to load image ntoskrnl.exe, Win32 error 2
    Windows 2000 Kernel Version 2195 (Service Pack 1) UP Free x86 compatible
    Kernel base = 0x80400000 PsLoadedModuleList = 0x8046b618
    Debug session time: Mon May 15 08:58:33 2000
    System Uptime: not available
    Unable to load image ntoskrnl.exe, Win32 error 2
    Loading Kernel Symbols
    .................................................................................................
    Loading unloaded module list
    ......
    Loading User Symbols
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck B8, {0, 0, 0, 0}

    *** WARNING: Unable to verify timestamp for vsdatant.sys
    *** ERROR: Module load completed but symbols could not be loaded for vsdatant.sys
    Probably caused by : vsdatant.sys ( vsdatant+1238e )

    Followup: MachineOwner
    ---------

    I know vsdatant.sys is Zone Alarm which I have used with no problem for 3 years. Any other thoughts? Is vsdatant.sys the perpetrator of the problem or the victim - or neither? Any other commands I can use to get additional data? Should I do a debug session on Zone Alarm?

    George
    0
     

    Author Comment

    by:George46227
    12/3/04
    12:35pm

    Here is another slightly different:

    Loading Dump File [C:\WINNT\Minidump\Mini072900-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: K:\Symbols2K
    Executable search path is:
    Unable to load image ntoskrnl.exe, Win32 error 2
    Windows 2000 Kernel Version 2195 (Service Pack 1) UP Free x86 compatible
    Kernel base = 0x80400000 PsLoadedModuleList = 0x8046b618
    Debug session time: Sat Jul 29 01:01:03 2000
    System Uptime: not available
    Unable to load image ntoskrnl.exe, Win32 error 2
    Loading Kernel Symbols
    ..................................................................................................
    Loading unloaded module list
    ......
    Loading User Symbols
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck B8, {0, 0, 0, 0}

    *** WARNING: Unable to verify timestamp for vsdatant.sys
    *** ERROR: Module load completed but symbols could not be loaded for vsdatant.sys
    Unable to load image NDIS.sys, Win32 error 2
    Unable to load image RTL8029.SYS, Win32 error 2
    Probably caused by : vsdatant.sys ( vsdatant+b696 )

    Followup: MachineOwner
    ---------

    The last few lines are different at least, not sure about the rest - refers to NDIS.sys and RTL8029.SYS (one of my nic's).

    George
    0
     
    LVL 20

    Expert Comment

    by:cpc2004
    The result that you have is different to mine. According to my windbg report, the Probably caused by : ntoskrnl.exe ( nt+2bc79 ). According to my understanding, I can use XP windbg to process W2K dumps. May be it is related to W2K SP1 is too old.  I cannot  access the other two dumps.

    If you visit Secret Maker WebSite, SecretMaker complains zonealarm is unstable. I suggest you had better upgrade your W2K from SP1 to SP4.

    Loading Dump File [C:\Problem Determination\Newdump\Mini051700-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: srv*\websymbols*http://msdl/microsoft.com/download/symbols
    Executable search path is:
    Unable to load image ntoskrnl.exe, Win32 error 2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
    Windows 2000 Kernel Version 2195 (Service Pack 1) UP Free x86 compatible
    Kernel base = 0x80400000 PsLoadedModuleList = 0x8046b618
    Debug session time: Mon May 15 21:58:33 2000
    System Uptime: not available
    Unable to load image ntoskrnl.exe, Win32 error 2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
    Loading Kernel Symbols
    .................................................................................................
    Loading unloaded module list
    ......
    Loading User Symbols
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck B8, {0, 0, 0, 0}

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

    Probably caused by : ntoskrnl.exe ( nt+2bc79 )
    0
     

    Author Comment

    by:George46227
    cpc2004
    12/4/04
    2:05pm

    I think there is a concept called a "symbol tree". That means a person would have symbols for various version of windows, each in a separate folder and the symbol path would point to the correct set of symbols in the appropriate folder. Maybe xp windbg can open the w2k sp1 minidump - but how does it handle the symbols for w2k sp1 - do you have the w2k sp1 symbols in a separate folder and the symbol path pointing there? It looks like your results are having a problem with the symbol file versions?

    George
    0
     

    Author Comment

    by:George46227
    12/7/04
    10:05am

    Can someone help me figure out the "image path" parameter in Windbg - the documentation article Q315263 states the image path must be defined but only gives an example for XP - image path is the CD folder I386. I have W2K SP1 - should I put the SP1 CD in and point to the I386 folder? Do the "images" have to be "de-compressed" and then copied to the hard drive?

    What type of setup are people using for the image path for the loading of the binary files?

    George
    0
     
    LVL 20

    Expert Comment

    by:Debsyl99
    Hi George

    I can't help but think that you are wasting your time with this as SP1 is an extremely old patch - Is there any reason why you are unwilling to patch up to sp4? As has been said before, many problems in relation to stability and function have been fixed since sp4. Why not try install sp4 and archive the files for uninstall if it causes any problems. I've got sp4 on all my win2k machines (clients and servers) and find them to be stable.

    0
     
    LVL 20

    Expert Comment

    by:cpc2004
    Hi Debsyl99
    I think George wants to learn how to use windbg and it doesn't what service level he is using.

    Hi Geroge,
    Imagepath is execution search path. I setup my imagepath c:\windows\system32. For W2K it should be c:\winnt\system32

    Hope it can help you
    cpc2004
    0
     

    Author Comment

    by:George46227
    cpc2004
    12/7/04
    12:05pm

    Thanks for the help - the article is confusing, referring to the \I386 folder as the path for the binaries, I was thinking "wouldn't it just be C:\WINNT where the system .exe's, dll's, etc. are located?" Wouldn't you think Windbg would know to use the default system folder, should only need specified if it is different than the default!?

    Debsyl99

    Well here's the deal - I have nowhere near enough room on c: to do SP4 much less room to save the un-install (not even on another drive - I have 3 disks but all are small). I have done 4 or 5 SP4's - they take an incredible amount of disk space for the dl, temp, un-install, etc. I have tried but the SP won't run- "not enough disk space". I just don't have any way to add disk space right now; deleting off "un-used files" - I don't think would get me close - it's only 3 GB with 200 MB free. I've tried the web-based sp install, from CD, etc.

    Also on all the w2k machines the sp4 broke something which has never been resolved - the automatic scheduled reboot from the NTRK. This really screws things up because the machines need to be re-booted overnight to break file locks so a VB application can be updated weekly with ongoing code changes. I tried other un-attended shutdown tools but they don't work either (www.sysinternals tool).

    Yes - I would like to learn to deal better with BSOD's including use of Windbg. I have 3 NT4 servers and 1 W2k server (in addition to the one I am working on right now) which BSOD at times and I don't really have a good solution or way to analyze the problem. I have used PSTAT in the past which helps depending on the error code.

    Thanks for any help and at least the effort is appreciated
    George
    0
     

    Author Comment

    by:George46227
    12/7/04
    1:35pm

    I have some other information. Also - is it correct to enter the commands at the bottom of the window in Windbg after opening a crash dump file - like !analyze - show and !analyze -v and lm t n? It seems to work, no errors. Here's the latest:


    Microsoft (R) Windows Debugger  Version 6.3.0017.0
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\WINNT\Minidump\Mini081800-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: K:\Symbols2K
    Executable search path is: c:\winnt\system32
    Windows 2000 Kernel Version 2195 (Service Pack 1) UP Free x86 compatible
    Kernel base = 0x80400000 PsLoadedModuleList = 0x8046b618
    Debug session time: Fri Aug 18 07:05:00 2000
    System Uptime: not available
    Loading Kernel Symbols
    ...................................................................................................
    Loading unloaded module list
    ........
    Loading User Symbols
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck B8, {0, 0, 0, 0}

    *** ERROR: Module load completed but symbols could not be loaded for vsdatant.sys
    Probably caused by : vsdatant.sys ( vsdatant+1238e )

    Followup: MachineOwner
    ---------

    kd> !analyze -show
    Unknown bugcheck code (e3d050)
    Unknown bugcheck description
    Arguments:
    Arg1: 00000000
    Arg2: 00000000
    Arg3: 00000000
    Arg4: 00000000
    kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    ATTEMPTED_SWITCH_FROM_DPC (b8)
    A wait operation, attach process, or yield was attempted from a DPC routine.
    This is an illegal operation and the stack track will lead to the offending
    code and original DPC routine.
    Arguments:
    Arg1: 00000000, Original thread which is the cause of the failure
    Arg2: 00000000, New thread
    Arg3: 00000000, Stack address of the original thread
    Arg4: 00000000

    Debugging Details:
    ------------------


    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  DRIVER_FAULT

    BUGCHECK_STR:  0xB8

    LAST_CONTROL_TRANSFER:  from 80402698 to 8042bc79

    STACK_TEXT:  
    f5c23c40 80402698 000000b8 ffffffff 00000202 nt!KeBugCheck+0xf
    f5c23c50 80402497 f5c23c8c 80f62dac 80f62d40 nt!SwapContext+0x117
    f5c23c64 8042d774 f48b0054 f48b0000 f48b0000 nt!KiSwapThread+0xc5
    f5c23c8c f4f2c38e 807a0870 00000000 00000000 nt!KeWaitForSingleObject+0x1a1
    f5c23ca8 f4f2b0a7 f48b0000 f5c23d98 81499616 vsdatant+0x1238e
    f5c23cc0 f4f1ffb9 f48b0000 00000060 00000524 vsdatant+0x110a7
    f5c23ce4 f4f2262c 00080005 f5c23d0c 0000008c vsdatant+0x5fb9
    f5c23d94 f4f24a72 00080005 8473a4a8 f5c23e10 vsdatant+0x862c
    f5c23db4 f4f25bba f5c23e10 f4f2cb90 00017fff vsdatant+0xaa72
    f5c23de0 f4f1ebaa f5c23e02 815a7710 81589468 vsdatant+0xbbba
    f5c23e8c fb4a9745 813bb9a8 814b7808 81589468 vsdatant+0x4baa
    f5c23ee8 f58c5fbe 815a7700 f5c23f48 00000001 NDIS!ethFilterDprIndicateReceivePacket+0x2ea
    f5c23fa8 f58c256d 0057c008 804022a0 815a7710 el90xbc5!UpCompleteNdis40PlusEvent+0x25e
    f5c23fc4 fb4941ed 8157c008 814cc208 814cc46c el90xbc5!NICInterrupt+0x83
    f5c23fe0 80462234 8157c1f4 8157c1e0 00000000 NDIS!ndisMDpc+0xc8
    f5c23ff4 8040250c f4ad2bbc 00000000 00000000 nt!KiRetireDpcList+0x30


    FOLLOWUP_IP:
    vsdatant+1238e
    f4f2c38e 5e               pop     esi

    SYMBOL_STACK_INDEX:  4

    FOLLOWUP_NAME:  MachineOwner

    SYMBOL_NAME:  vsdatant+1238e

    MODULE_NAME:  vsdatant

    IMAGE_NAME:  vsdatant.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  3bf330a0

    STACK_COMMAND:  kb

    BUCKET_ID:  0xB8_vsdatant+1238e

    Followup: MachineOwner
    ---------

    George
    0
     

    Author Comment

    by:George46227
    12/7/04
    1:55pm

    Herre is the result of lm t n :

    kd> !drivers

      The !drivers command is no longer supported.

      Please use the 'lm t n' command.
      Consult the debugger documentation for the supported 'lm' command options.

      The WinDbg "Modules" window can also be used to to display timestamps.
      The "Modules" window supports sorting on name or timestamp values

    kd> lm t n
    start    end        module name
    80062000 80079440   hal      hal.dll      Sat Oct 30 17:48:14 1999 (381B75AE)
    80400000 8059fa80   nt       ntoskrnl.exe Wed Jul 19 14:49:11 2000 (39760637)
    a0000000 a01a6000   win32k   win32k.sys   unavailable (FFFFFFFE)
    f4077000 f40be000   ATMFD    ATMFD.DLL    unavailable (FFFFFFFE)
    f40be000 f413e600   NavEx15  NavEx15.Sys  Fri Jun 20 18:03:43 2003 (3EF392CF)
    f42a7000 f42b9000   RASDD    RASDD.DLL    unavailable (FFFFFFFE)
    f4651000 f46789a0   navap    navap.sys    Fri Feb 09 00:15:26 2001 (3A837CEE)
    f4722000 f4736be0   ipsec    ipsec.sys    Wed May 10 14:07:56 2000 (3919B38C)
    f4737000 f4747a60   SYMEVENT SYMEVENT.SYS Wed May 14 00:45:43 2003 (3EC1D807)
    f48e3000 f48e5f20   spud     spud.sys     Fri Nov 19 18:36:27 1999 (3835DEFB)
    f4af7000 f4b05d80   Cdfs     Cdfs.SYS     Mon Oct 25 14:23:52 1999 (3814AE48)
    f4dc7000 f4e01740   srv      srv.sys      Wed May 10 14:09:22 2000 (3919B3E2)
    f4f1a000 f4f2fa40   vsdatant vsdatant.sys Wed Nov 14 22:04:00 2001 (3BF330A0)
    f4f30000 f4f4db40   afd      afd.sys      Wed Jun 07 12:30:47 2000 (393E86C7)
    f4f4e000 f4f66e00   nbf      nbf.sys      Sat Sep 25 14:16:47 1999 (37ED1F9F)
    f547f000 f54c7000   s3mt3d_f547f000 s3mt3d.DLL   unavailable (FFFFFFFE)
    f54ef000 f5503b40   dump_atapi dump_atapi.sys Fri Mar 03 19:33:40 2000 (38C059E4)
    f5504000 f55262e0   Fastfat  Fastfat.SYS  Thu Mar 16 20:34:16 2000 (38D18B98)
    f5527000 f5584060   mrxsmb   mrxsmb.sys   Fri Jun 09 14:39:18 2000 (394147E6)
    f5597000 f55b83e0   rdbss    rdbss.sys    Fri Jun 09 14:46:14 2000 (39414986)
    f55b9000 f55cb000   IBMTwxSN IBMTwxSN.SYS Mon Jul 07 07:22:51 1997 (33C0DF9B)
    f55cb000 f55e0000   IBMTwxNM IBMTwxNM.SYS Mon Jul 07 07:22:58 1997 (33C0DFA2)
    f55e0000 f5603120   netbt    netbt.sys    Wed May 10 14:09:03 2000 (3919B3CF)
    f56ac000 f56bb400   NAVENG   NAVENG.Sys   Fri Jun 20 18:04:30 2003 (3EF392FE)
    f56cc000 f571a1a0   tcpip    tcpip.sys    Wed Jun 14 13:40:59 2000 (3947D1BB)
    f576b000 f5784960   update   update.sys   Wed Jun 14 14:42:26 2000 (3947E022)
    f5785000 f57a0b00   ks       ks.sys       Tue Nov 30 03:51:38 1999 (3843901A)
    f57c9000 f57df180   ndiswan  ndiswan.sys  Tue Nov 30 02:09:01 1999 (3843780D)
    f5800000 f580e440   pci      pci.sys      Mon May 08 17:13:53 2000 (39173C21)
    f5810000 f581b580   isapnp   isapnp.sys   Sat Oct 02 15:00:35 1999 (37F66463)
    f5820000 f5828260   CLASSPNP CLASSPNP.SYS Wed Oct 06 18:55:45 1999 (37FBE181)
    f5850000 f585c560   rasl2tp  rasl2tp.sys  Tue Nov 30 02:09:07 1999 (38437813)
    f5860000 f586b9e0   raspptp  raspptp.sys  Tue Nov 30 02:09:13 1999 (38437819)
    f5870000 f587fb20   wlbs     wlbs.sys     Thu Mar 23 00:21:06 2000 (38D9A9C2)
    f5890000 f589e9e0   parallel parallel.sys Mon Mar 06 18:42:46 2000 (38C44276)
    f58a0000 f58a9f20   s3mt3d   s3mt3d.sys   Fri Oct 29 16:11:41 1999 (381A0D8D)
    f58b0000 f58bc420   VIDEOPRT VIDEOPRT.SYS Thu Mar 16 20:26:50 2000 (38D189DA)
    f58c0000 f58cf000   el90xbc5 el90xbc5.sys Tue Oct 19 12:09:18 1999 (380CA5BE)
    f58d0000 f58db0a0   i8042prt i8042prt.sys Thu Dec 02 02:34:06 1999 (384620EE)
    f58e0000 f58ef2e0   serial   serial.sys   Mon Oct 25 14:27:55 1999 (3814AF3B)
    f58f0000 f58f9ce0   NDProxy  NDProxy.SYS  Thu Sep 30 18:25:35 1999 (37F3F16F)
    f5910000 f5919bc0   usbhub   usbhub.sys   Fri Apr 28 16:38:14 2000 (390A04C6)
    f5930000 f5938fa0   Npfs     Npfs.SYS     Sat Oct 09 18:58:07 1999 (37FFD68F)
    f5940000 f59486e0   msgpc    msgpc.sys    Tue Nov 30 02:37:21 1999 (38437EB1)
    f5950000 f59581a0   netbios  netbios.sys  Tue Oct 12 14:34:19 1999 (38038D3B)
    f5970000 f597d9e0   dlc      dlc.sys      Tue Jan 25 19:51:31 2000 (388E4513)
    f5a80000 f5a854a0   PCIIDEX  PCIIDEX.SYS  Wed Oct 27 18:02:19 1999 (3817847B)
    f5a88000 f5a8f180   MountMgr MountMgr.sys Fri Oct 22 17:48:06 1999 (3810E9A6)
    f5a90000 f5a96a60   disk     disk.sys     Tue Feb 01 19:06:00 2000 (389774E8)
    f5a98000 f5a9cfa0   agp440   agp440.sys   Tue Sep 28 18:37:32 1999 (37F1513C)
    f5ab0000 f5ab6f20   Modem    Modem.SYS    Sat Sep 25 13:34:55 1999 (37ED15CF)
    f5ad0000 f5ad43e0   ptilink  ptilink.sys  Wed Oct 13 18:29:00 1999 (380515BC)
    f5ae0000 f5ae40e0   raspti   raspti.sys   Fri Oct 08 15:45:10 1999 (37FE57D6)
    f5ae8000 f5aef000   VNSCOAX  VNSCOAX.SYS  Thu Mar 18 16:38:25 1999 (36F17251)
    f5b08000 f5b0ef40   aw_host5 aw_host5.sys Wed Mar 08 01:51:21 2000 (38C5F869)
    f5b18000 f5b1e9e0   cdrom    cdrom.sys    Wed Oct 27 18:46:36 1999 (38178EDC)
    f5b28000 f5b2fc80   uhcd     uhcd.sys     Tue Oct 05 15:45:47 1999 (37FA637B)
    f5b38000 f5b3cf60   USBD     USBD.SYS     Sat Oct 09 15:41:58 1999 (37FFA896)
    f5b50000 f5b54800   RTL8029  RTL8029.SYS  Tue Dec 29 21:41:24 1998 (368992D4)
    f5b60000 f5b65ea0   kbdclass kbdclass.sys Tue Oct 26 18:12:37 1999 (38163565)
    f5b70000 f5b76100   parport  parport.sys  Mon Mar 06 18:42:09 2000 (38C44251)
    f5b88000 f5b8f000   fdc      fdc.sys      unavailable (FFFFFFFE)
    f5b98000 f5b9d400   mouclass mouclass.sys Fri Oct 01 18:33:11 1999 (37F544B7)
    f5ba8000 f5baea20   EFS      EFS.SYS      Mon May 01 19:10:45 2000 (390E1D05)
    f5bc0000 f5bc5000   flpydisk flpydisk.sys unavailable (FFFFFFFE)
    f5be0000 f5be5240   Msfs     Msfs.SYS     Tue Oct 26 18:21:32 1999 (3816377C)
    f5bf8000 f5bff960   wanarp   wanarp.sys   Sat Oct 30 17:36:06 1999 (381B72D6)
    f5c10000 f5c12a20   BOOTVID  BOOTVID.DLL  Wed Nov 03 20:24:33 1999 (3820E051)
    f5c14000 f5c16b80   PartMgr  PartMgr.sys  Thu Oct 14 19:59:16 1999 (38067C64)
    f5c18000 f5c1b1c0   Gernuwa  Gernuwa.sys  Wed Mar 08 01:44:31 2000 (38C5F6CF)
    f5c88000 f5c8a220   ndistapi ndistapi.sys Tue Oct 12 18:54:43 1999 (3803CA43)
    f5c98000 f5c9be40   TDI      TDI.SYS      Tue May 09 17:51:41 2000 (3918967D)
    f5c9c000 f5c9e980   awvid5   awvid5.dll   Wed Mar 08 01:47:06 2000 (38C5F76A)
    f5cac000 f5caf4a0   serenum  serenum.sys  Tue Oct 19 17:36:55 1999 (380CF287)
    f5ccc000 f5ccf580   vga      vga.sys      Sat Sep 25 13:37:40 1999 (37ED1674)
    f5cd4000 f5cd6740   awlegacy awlegacy.sys Wed Mar 08 01:52:56 2000 (38C5F8C8)
    f5ce0000 f5ce2220   IBMTwx   IBMTwx.SYS   Wed Jun 18 09:12:42 1997 (33A7ECDA)
    f5d00000 f5d01c00   Diskperf Diskperf.sys Thu Sep 30 19:30:40 1999 (37F400B0)
    f5d02000 f5d04000   dmload   dmload.sys   unavailable (FFFFFFFE)
    f5d06000 f5d07680   RootMdm  RootMdm.sys  Sat Sep 25 13:34:56 1999 (37ED15D0)
    f5d12000 f5d14000   Fs_Rec   Fs_Rec.SYS   unavailable (FFFFFFFE)
    f5d1a000 f5d1be40   rasacd   rasacd.sys   Sat Sep 25 13:41:23 1999 (37ED1753)
    f5d66000 f5d68000   ParVdm   ParVdm.SYS   unavailable (FFFFFFFE)
    f5dc8000 f5dc8fc0   intelide intelide.sys Mon Mar 06 18:27:54 2000 (38C43EFA)
    f5dc9000 f5dc9f80   WMILIB   WMILIB.SYS   Sat Sep 25 13:36:47 1999 (37ED163F)
    f5dcb000 f5dcba40   audstub  audstub.sys  Sat Sep 25 13:35:33 1999 (37ED15F5)
    f5dcc000 f5dccd80   swenum   swenum.sys   Sat Sep 25 13:36:31 1999 (37ED162F)
    f5dce000 f5dcf000   Null     Null.SYS     unavailable (FFFFFFFE)
    f5dcf000 f5dcfee0   Beep     Beep.SYS     Wed Oct 20 17:18:59 1999 (380E3FD3)
    f5dd0000 f5dd0f80   mnmdd    mnmdd.SYS    Sat Sep 25 13:37:40 1999 (37ED1674)
    f5dd2000 f5dd2f80   dump_WMILIB dump_WMILIB.SYS Sat Sep 25 13:36:47 1999 (37ED163F)
    f5dd3000 f5dd4000   AWDDI    AWDDI.DLL    unavailable (FFFFFFFE)
    fb474000 fb4891e0   Mup      Mup.sys      Thu Mar 16 19:36:05 2000 (38D17DF5)
    fb48a000 fb4b1b80   NDIS     NDIS.sys     Wed May 10 14:08:03 2000 (3919B393)
    fb4b2000 fb533ae0   Ntfs     Ntfs.sys     Wed May 10 14:09:14 2000 (3919B3DA)
    fb534000 fb544ba0   KSecDD   KSecDD.sys   Tue May 09 17:26:55 2000 (391890AF)
    fb545000 fb556fc0   Dfs      Dfs.sys      Tue Nov 30 19:23:01 1999 (38446A65)
    fb557000 fb56bb40   atapi    atapi.sys    Fri Mar 03 19:33:40 2000 (38C059E4)
    fb56c000 fb58d620   dmio     dmio.sys     Mon Jun 12 17:56:18 2000 (39456A92)
    fb58e000 fb5aa0c0   ftdisk   ftdisk.sys   Mon Nov 22 14:36:23 1999 (38399B37)

    Unloaded modules:
    f4679000 f46fa000   NavEx15.Sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    f4997000 f49a7000   NAVENG.Sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    f5880000 f5889000   elnk3.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    f546a000 f547f000   VGA.dll
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    f5c94000 f5c97000   awvid5.dll
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    f5960000 f5969000   redbook.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    f5bd0000 f5bd5000   Cdaudio.SYS
        Timestamp: unavailable (00000000)
        Checksum:  00000000
    f5cc4000 f5cc7000   Sfloppy.SYS
        Timestamp: unavailable (00000000)
        Checksum:  00000000

    George
    0
     
    LVL 20

    Expert Comment

    by:cpc2004
    If you want to learn more windbg, you should take full dump. The minidump only support several basic commands because miniudmp only have the stack trace, registers at time of crash and driver information.
    0
     

    Author Comment

    by:George46227
    12/7/04
    4:35pm

    Thanks - I will try to change my setup for full dump. I assume it is more helpful when trying to solve the BSOD problem?

    George
    0
     

    Author Comment

    by:George46227
    12/8/04
    8:55am

    Has anyone used Dumpchk.exe from the w2k support tools? I have looked at article Q156280. If anyone has used it and has any advice I would appreciate hearing about your ideas.

    Here are a couple of samples using different command parameters:

    SAMPLE#1:
    F:\W2000 Support Tools>dumpchk.exe -e -y K:\Symbols2K -b c:\winnt\system32 "C:\W
    INNT\Minidump\Mini080700-01.dmp"
    ****************************************************************
    **
    ** Windows 2000 Crash Dump Analysis
    **
    ****************************************************************
    *
    Filename . . . . . . .C:\WINNT\Minidump\Mini080700-01.dmp
    Signature. . . . . . .PAGE
    ValidDump. . . . . . .DUMP
    MajorVersion . . . . .free system
    MinorVersion . . . . .2195
    DirectoryTableBase . .0x00030000
    PfnDataBase. . . . . .0x81641000
    PsLoadedModuleList . .0x8046b618
    PsActiveProcessHead. .0x8046b980
    MachineImageType . . .i386
    NumberProcessors . . .1
    BugCheckCode . . . . .0x000000b8
    BugCheckParameter1 . .0x00000000
    BugCheckParameter2 . .0x00000000
    BugCheckParameter3 . .0x00000000
    BugCheckParameter4 . .0x00000000

    ExceptionCode. . . . .0x80000003
    ExceptionFlags . . . .0x00000001
    ExceptionAddress . . .0x8042bc79


    **** could not load kernel debugger extenion dll [ kdextx86.dll ]

    ****************************************************************
    ** Symbol File Load Log
    ****************************************************************

    Module            CheckSum
     ntoskrnl.exe     001AC8B7
     hal.dll          0001A586
     BOOTVID.DLL      0000D8A2
     pci.sys          000154E3
     isapnp.sys       00015782
     intelide.sys     00003B0A
     PCIIDEX.SYS      0000BAFB
     MountMgr.sys     0000E831
     ftdisk.sys       0002B963
     Diskperf.sys     0000EEF0
     WMILIB.SYS       00008BFD
     dmload.sys       00009F6D
     dmio.sys         00030F8E
     PartMgr.sys      0000742C
     atapi.sys        0001AD3F
     disk.sys         00011FE4
     CLASSPNP.SYS     0000A231
     Dfs.sys          0001F6D8
     KSecDD.sys       00015D45
     Ntfs.sys         0008D38D
     NDIS.sys         000373FE
     Gernuwa.sys      00006A6E
     Mup.sys          0001F266
     agp440.sys       00009757
     audstub.sys      00008EF7
     RootMdm.sys      00008E55
     Modem.SYS        00016F4A
     rasl2tp.sys      00010DAC
     ndistapi.sys     0000E062
     ndiswan.sys      000240F1
     TDI.SYS          0001329D
     raspptp.sys      0000E275
     ptilink.sys      0000F2BE
     raspti.sys       0000FED0
     wlbs.sys         00011E18
     parallel.sys     00016AD6
     VIDEOPRT.SYS     0001A5D2
     s3mt3d.sys       0000B3F3
     aw_host5.sys     00009E33
     cdrom.sys        00009F9F
     USBD.SYS         00005465
     uhcd.sys         00010217
     el90xbc5.sys     00010A56
     RTL8029.SYS      000065A8
     ks.sys           0001D383
     swenum.sys       00004A92
     update.sys       000209D8
     i8042prt.sys     0000C15A
     kbdclass.sys     0000E259
     parport.sys      0000EEDD
     serial.sys       00011703
     serenum.sys      0001105E
     fdc.sys          0001553C
     mouclass.sys     00007E78
     NDProxy.SYS      000121C3
     EFS.SYS          0000AA63
     usbhub.sys       0000AEF8
     flpydisk.sys     0000F1A2
     Fs_Rec.SYS       0000AB4C
     Null.SYS         000023CE
     Beep.SYS         0000C54F
     vga.sys          0001047D
     awlegacy.sys     0000FE3E
     mnmdd.SYS        0000F6C2
     Msfs.SYS         0000E5FA
     Npfs.SYS         00017E60
     rasacd.sys       0000F369
     tcpip.sys        00056824
     msgpc.sys        00017874
     wanarp.sys       00009122
     netbt.sys        000282D2
     netbios.sys      0000B5C1
     IBMTwx.SYS       0000FB4D
    **** Error: overlapping image conflict. Invalid dump file.
     IBMTwxSN.SYS     0000EB29
     rdbss.sys        0002C2A9
     mrxsmb.sys       00069EB4
     dlc.sys          0001C7E7
     Fastfat.SYS      0002D073
     dump_WMILIB.SYS  00008BFD
     dump_atapi.sys   0001AD3F
    **** Error Loading Image
    Module: win32k.sys
      Image File: None
      Debug File: None
      CheckSum: 1B02D1
      Error: Incorrect Image File

     AWDDI.DLL        0000AAB5
     s3mt3d.DLL       000506EC
     awvid5.dll       00004E80
     nbf.sys          0001974F
     afd.sys          0002CE34
     vsdatant.sys     00025DD3
     ParVdm.SYS       0000770B
     VNSCOAX.SYS      0000C42B
     srv.sys          0003ABEE
     Cdfs.SYS         0001296D
     spud.sys         000036A0
     SYMEVENT.SYS     00018D6C
     ipsec.sys        00022649
    **** Error Loading Image
    Module: NAVENG.Sys
      Image File: None
      Debug File: None
      CheckSum: 12F18
      Error: Could not find image

    **** Error Loading Image
    Module: NavEx15.Sys
      Image File: None
      Debug File: None
      CheckSum: 95EB2
      Error: Could not find image

     navap.sys        00033340
     ATMFD.DLL        0004F552
     DgiVecp.sys      000109D9

    ****************************************************************
    ** drivers
    ****************************************************************

     Base     Size     CheckSum Image Name
     80400000 0019fa80 001ac8b7 ntoskrnl.exe
     80062000 00017440 0001a586 hal.dll
     f5c10000 00002a20 0000d8a2 BOOTVID.DLL
     f5800000 0000e440 000154e3 pci.sys
     f5810000 0000b580 00015782 isapnp.sys
     f5dc8000 00000fc0 00003b0a intelide.sys
     f5a80000 000054a0 0000bafb PCIIDEX.SYS
     f5a88000 00007180 0000e831 MountMgr.sys
     fb58e000 0001c0c0 0002b963 ftdisk.sys
     f5d00000 00001c00 0000eef0 Diskperf.sys
     f5dc9000 00000f80 00008bfd WMILIB.SYS
     f5d02000 00000000 00009f6d dmload.sys
     fb56c000 00021620 00030f8e dmio.sys
     f5c14000 00002b80 0000742c PartMgr.sys
     fb557000 00014b40 0001ad3f atapi.sys
     f5a90000 00006a60 00011fe4 disk.sys
     f5820000 00008260 0000a231 CLASSPNP.SYS
     fb545000 00011fc0 0001f6d8 Dfs.sys
     fb534000 00010ba0 00015d45 KSecDD.sys
     fb4b2000 00081ae0 0008d38d Ntfs.sys
     fb48a000 00027b80 000373fe NDIS.sys
     f5c18000 000031c0 00006a6e Gernuwa.sys
     fb474000 000151e0 0001f266 Mup.sys
     f5a98000 00004fa0 00009757 agp440.sys
     f5dcb000 00000a40 00008ef7 audstub.sys
     f5d06000 00001680 00008e55 RootMdm.sys
     f5b20000 00006f20 00016f4a Modem.SYS
     f5850000 0000c560 00010dac rasl2tp.sys
     f5c88000 00002220 0000e062 ndistapi.sys
     f57c9000 00016180 000240f1 ndiswan.sys
     f5c98000 00003e40 0001329d TDI.SYS
     f5860000 0000b9e0 0000e275 raspptp.sys
     f5b68000 000043e0 0000f2be ptilink.sys
     f5b78000 000040e0 0000fed0 raspti.sys
     f5870000 0000fb20 00011e18 wlbs.sys
     f5890000 0000e9e0 00016ad6 parallel.sys
     f58b0000 0000c420 0001a5d2 VIDEOPRT.SYS
     f58a0000 00009f20 0000b3f3 s3mt3d.sys
     f5bd8000 00006f40 00009e33 aw_host5.sys
     f5bf0000 000069e0 00009f9f cdrom.sys
     f5aa0000 00004f60 00005465 USBD.SYS
     f5c00000 00007c80 00010217 uhcd.sys
     f58c0000 0000f000 00010a56 el90xbc5.sys
     f5ad0000 00004800 000065a8 RTL8029.SYS
     f5785000 0001bb00 0001d383 ks.sys
     f5dcc000 00000d80 00004a92 swenum.sys
     f576b000 00019960 000209d8 update.sys
     f58d0000 0000b0a0 0000c15a i8042prt.sys
     f5b18000 00005ea0 0000e259 kbdclass.sys
     f5b30000 00006100 0000eedd parport.sys
     f58e0000 0000f2e0 00011703 serial.sys
     f5cb0000 000034a0 0001105e serenum.sys
     f5b50000 00000000 0001553c fdc.sys
     f5b60000 00005400 00007e78 mouclass.sys
     f58f0000 00009ce0 000121c3 NDProxy.SYS
     f5b88000 00006a20 0000aa63 EFS.SYS
     f5910000 00009bc0 0000aef8 usbhub.sys
     f5ba0000 00004a80 0000f1a2 flpydisk.sys
     f5d12000 00001bc0 0000ab4c Fs_Rec.SYS
     f5dce000 00000000 000023ce Null.SYS
     f5dcf000 00000ee0 0000c54f Beep.SYS
     f5cd0000 00003580 0001047d vga.sys
     f5cd8000 00002740 0000fe3e awlegacy.sys
     f5dd0000 00000f80 0000f6c2 mnmdd.SYS
     f5bc0000 00005240 0000e5fa Msfs.SYS
     f5940000 00008fa0 00017e60 Npfs.SYS
     f5d1a000 00001e40 0000f369 rasacd.sys
     f56cc000 0004e1a0 00056824 tcpip.sys
     f5950000 000086e0 00017874 msgpc.sys
     f5af0000 00007960 00009122 wanarp.sys
     f55e0000 00023120 000282d2 netbt.sys
     f5960000 000081a0 0000b5c1 netbios.sys
     f5ce4000 00002220 0000fb4d IBMTwx.SYS
     f55cb000 00015000 0000f704 IBMTwxNM.SYS
     f55b9000 00012000 0000eb29 IBMTwxSN.SYS
     f5597000 000213e0 0002c2a9 rdbss.sys
     f5527000 0005d060 00069eb4 mrxsmb.sys
     f5980000 0000d9e0 0001c7e7 dlc.sys
     f5504000 000222e0 0002d073 Fastfat.SYS
     f5dd2000 00000f80 00008bfd dump_WMILIB.SYS
     f54ef000 00014b40 0001ad3f dump_atapi.sys
     a0000000 001a5e60 001b02d1 win32k.sys
     f5dd3000 00000000 0000aab5 AWDDI.DLL
     f547f000 00047940 000506ec s3mt3d.DLL
     f54e3000 00002980 00004e80 awvid5.dll
     f4f4e000 00018e00 0001974f nbf.sys
     f4f30000 0001db40 0002ce34 afd.sys
     f4f1a000 00015a40 00025dd3 vsdatant.sys
     f5d16000 00000000 0000770b ParVdm.SYS
     f5ac0000 00007000 0000c42b VNSCOAX.SYS
     f4dc7000 0003a740 0003abee srv.sys
     f4b37000 0000ed80 0001296d Cdfs.SYS
     f4997000 00002f20 000036a0 spud.sys
     f475f000 00010a60 00018d6c SYMEVENT.SYS
     f474a000 00014be0 00022649 ipsec.sys
     f497f000 0000f400 00012f18 NAVENG.Sys
     f4691000 00090dc0 00095eb2 NavEx15.Sys
     f4669000 000279a0 00033340 navap.sys
     f3fe2000 00000000 0004f552 ATMFD.DLL
     f3192000 0000e000 000109d9 DgiVecp.sys

    ****************************************************************
    ** Process
    ****************************************************************

    PROCESS: SessionId: 0  Cid: 0000    Peb: 00000000  ParentCid: 0000
        DirBase: 00030000  ObjectTable: 8163b588  TableSize:   0.
        Image: Idle
        VadRoot 0 Clone 0 Private 0. Modified 2. Locked 0.
        DeviceMap 0
        Process Lock Owned by Thread 0
        Token                             e1001790
        QuotaPoolUsage[PagedPool]         0
        QuotaPoolUsage[NonPagedPool]      0
        Working Set Sizes (now,min,max)  (4, 50, 450) (16KB, 200KB, 1800KB)
        PeakWorkingSetSize                4
        VirtualSize                       0 Mb
        PeakVirtualSize                   0 Mb
        PageFaultCount                    1
        MemoryPriority                    BACKGROUND
        BasePriority                      0
        CommitCharge                      0


    ****************************************************************
    ** Thread
    ****************************************************************

    THREAD Cid 0.0  Teb: 00000000  Win32Thread: 00000000 RUNNING
    Owning Process 8046d160
    WaitTime (seconds)      60685820
    Context Switch Count    63201895
    Start Address 0x00000000
    Stack Init 80471640 Current 80471390 Base 80471640 Limit 8046e640 Call 0
    Priority 16 BasePriority 0 PriorityDecrement 0 DecrementCount 0


    ****************************************************************
    ** Register Dump For Processor #0
    ****************************************************************

    eax=ffdff13c ebx=000000b8 ecx=ffffffff edx=8046d3f0 esi=8046d3f0 edi=8046d3f0
    eip=8042bc79 esp=80471064 ebp=804710c0 iopl=0         nv up di pl nz na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000286
    cr0=8001003b cr2=00153aa5 cr3=00030000 dr0=00000000 dr1=00000000 dr2=00000000
    dr3=00000000 dr6=ffff0ff0 dr7=00000400 cr4=000002d1
    gdtr=80036000   gdtl=03ff idtr=80036400   idtl=07ff tr=0028  ldtr=0000


    ****************************************************************
    ** Stack Trace
    ****************************************************************

    ChildEBP RetAddr  Args to Child
    804710c0 00000000 00000000 00000000 00000000 ntoskrnl!KeBugCheck+0xf

    ============================================================================================================

    SAMPLE#2.
    F:\W2000 Support Tools>dumpchk.exe -v -y K:\Symbols2K -b c:\winnt\system32 "C:\W
    INNT\Minidump\Mini080700-01.dmp"
    ****************************************************************
    **
    ** Windows 2000 Crash Dump Analysis
    **
    ****************************************************************
    *
    Filename . . . . . . .C:\WINNT\Minidump\Mini080700-01.dmp
    Signature. . . . . . .PAGE
    ValidDump. . . . . . .DUMP
    MajorVersion . . . . .free system
    MinorVersion . . . . .2195
    DirectoryTableBase . .0x00030000
    PfnDataBase. . . . . .0x81641000
    PsLoadedModuleList . .0x8046b618
    PsActiveProcessHead. .0x8046b980
    MachineImageType . . .i386
    NumberProcessors . . .1
    BugCheckCode . . . . .0x000000b8
    BugCheckParameter1 . .0x00000000
    BugCheckParameter2 . .0x00000000
    BugCheckParameter3 . .0x00000000
    BugCheckParameter4 . .0x00000000

    ExceptionCode. . . . .0x80000003
    ExceptionFlags . . . .0x00000001
    ExceptionAddress . . .0x8042bc79


    Module ntoskrnl.exe loaded at 0x80400000
    Module hal.dll loaded at 0x80062000
    Module BOOTVID.DLL loaded at 0xf5c10000
    Module pci.sys loaded at 0xf5800000
    Module isapnp.sys loaded at 0xf5810000
    Module intelide.sys loaded at 0xf5dc8000
    Module PCIIDEX.SYS loaded at 0xf5a80000
    Module MountMgr.sys loaded at 0xf5a88000
    Module ftdisk.sys loaded at 0xfb58e000
    Module Diskperf.sys loaded at 0xf5d00000
    Module WMILIB.SYS loaded at 0xf5dc9000
    Module dmload.sys loaded at 0xf5d02000
    Module dmio.sys loaded at 0xfb56c000
    Module PartMgr.sys loaded at 0xf5c14000
    Module atapi.sys loaded at 0xfb557000
    Module disk.sys loaded at 0xf5a90000
    Module CLASSPNP.SYS loaded at 0xf5820000
    Module Dfs.sys loaded at 0xfb545000
    Module KSecDD.sys loaded at 0xfb534000
    Module Ntfs.sys loaded at 0xfb4b2000
    Module NDIS.sys loaded at 0xfb48a000
    Module Gernuwa.sys loaded at 0xf5c18000
    Module Mup.sys loaded at 0xfb474000
    Module agp440.sys loaded at 0xf5a98000
    Module audstub.sys loaded at 0xf5dcb000
    Module RootMdm.sys loaded at 0xf5d06000
    Module Modem.SYS loaded at 0xf5b20000
    Module rasl2tp.sys loaded at 0xf5850000
    Module ndistapi.sys loaded at 0xf5c88000
    Module ndiswan.sys loaded at 0xf57c9000
    Module TDI.SYS loaded at 0xf5c98000
    Module raspptp.sys loaded at 0xf5860000
    Module ptilink.sys loaded at 0xf5b68000
    Module raspti.sys loaded at 0xf5b78000
    Module wlbs.sys loaded at 0xf5870000
    Module parallel.sys loaded at 0xf5890000
    Module VIDEOPRT.SYS loaded at 0xf58b0000
    Module s3mt3d.sys loaded at 0xf58a0000
    Module aw_host5.sys loaded at 0xf5bd8000
    Module cdrom.sys loaded at 0xf5bf0000
    Module USBD.SYS loaded at 0xf5aa0000
    Module uhcd.sys loaded at 0xf5c00000
    Module el90xbc5.sys loaded at 0xf58c0000
    Module RTL8029.SYS loaded at 0xf5ad0000
    Module ks.sys loaded at 0xf5785000
    Module swenum.sys loaded at 0xf5dcc000
    Module update.sys loaded at 0xf576b000
    Module i8042prt.sys loaded at 0xf58d0000
    Module kbdclass.sys loaded at 0xf5b18000
    Module parport.sys loaded at 0xf5b30000
    Module serial.sys loaded at 0xf58e0000
    Module serenum.sys loaded at 0xf5cb0000
    Module fdc.sys loaded at 0xf5b50000
    Module mouclass.sys loaded at 0xf5b60000
    Module NDProxy.SYS loaded at 0xf58f0000
    Module EFS.SYS loaded at 0xf5b88000
    Module usbhub.sys loaded at 0xf5910000
    Module flpydisk.sys loaded at 0xf5ba0000
    Module Fs_Rec.SYS loaded at 0xf5d12000
    Module Null.SYS loaded at 0xf5dce000
    Module Beep.SYS loaded at 0xf5dcf000
    Module vga.sys loaded at 0xf5cd0000
    Module awlegacy.sys loaded at 0xf5cd8000
    Module mnmdd.SYS loaded at 0xf5dd0000
    Module Msfs.SYS loaded at 0xf5bc0000
    Module Npfs.SYS loaded at 0xf5940000
    Module rasacd.sys loaded at 0xf5d1a000
    Module tcpip.sys loaded at 0xf56cc000
    Module msgpc.sys loaded at 0xf5950000
    Module wanarp.sys loaded at 0xf5af0000
    Module netbt.sys loaded at 0xf55e0000
    Module netbios.sys loaded at 0xf5960000
    Module IBMTwx.SYS loaded at 0xf5ce4000
    Module IBMTwxNM.SYS loaded at 0xf55cb000
    Module IBMTwxSN.SYS loaded at 0xf55b9000
    Module rdbss.sys loaded at 0xf5597000
    Module mrxsmb.sys loaded at 0xf5527000
    Module dlc.sys loaded at 0xf5980000
    Module Fastfat.SYS loaded at 0xf5504000
    Module dump_WMILIB.SYS loaded at 0xf5dd2000
    Module dump_atapi.sys loaded at 0xf54ef000
    Module win32k.sys loaded at 0xa0000000
    Module AWDDI.DLL loaded at 0xf5dd3000
    Module s3mt3d.DLL loaded at 0xf547f000
    Module awvid5.dll loaded at 0xf54e3000
    Module nbf.sys loaded at 0xf4f4e000
    Module afd.sys loaded at 0xf4f30000
    Module vsdatant.sys loaded at 0xf4f1a000
    Module ParVdm.SYS loaded at 0xf5d16000
    Module VNSCOAX.SYS loaded at 0xf5ac0000
    Module srv.sys loaded at 0xf4dc7000
    Module Cdfs.SYS loaded at 0xf4b37000
    Module spud.sys loaded at 0xf4997000
    Module SYMEVENT.SYS loaded at 0xf475f000
    Module ipsec.sys loaded at 0xf474a000
    Module NAVENG.Sys loaded at 0xf497f000
    Module NavEx15.Sys loaded at 0xf4691000
    Module navap.sys loaded at 0xf4669000
    Module ATMFD.DLL loaded at 0xf3fe2000
    Module DgiVecp.sys loaded at 0xf3192000

    Thanks
    George
    0
     
    LVL 20

    Expert Comment

    by:cpc2004
    I think your problem is related to zonealarm. Upgrade zonealarm may resolve the problem. You had better open a new question to ask for expert's experience how to use dumpcheck and windbg. Otherwise this question will never be closed.
    0
     
    LVL 20

    Expert Comment

    by:cpc2004
    Don't invest time to learn dumpcheck as windbg is much better and powerful debugging tool. It's on-line help is excellent.
    0
     

    Author Comment

    by:George46227
    12/17/04
    3:30pm

    Sorry it's been a while since posting, sidetracked on another issue. I have turned off ZoneAlarm and am going to try using Linksys NAT router as a "firewall". We'll see what happens with the BSOD's.

    All previous help appreciated, especially Debsyl99 and cpc2004.

    George
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Suggested Solutions

    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    Easy CSR creation in Exchange 2007,2010 and 2013
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    884 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now