frieked
asked on
xp reboots when logging into domain
Last week we started doing a couple of test deployments of SP2 for winXP
The machines ran fine for a couple of days, then one day, one of the machine would automatically reboot itself during login. A couple of days later it started happening on the second machine we tested on.
What would happen is, the user logs into the domain, it finishes loading policies and settings and then just reboots right before the icons would normally start appearing on the screen. If the users logs onto a local account on the computer, it loads just fine and doesn't reboot...so it would seem the problem is a conflict between SP2 AND either roaming profile or domain policy.
I disabled the automatic reboot in my computer->properties so I could see what the stop error was:
Seemed to switch between 2 errors:
0X00000024
and
0X0000008E
Searching on those 2 errors I haven't been able to find any articles that seem related to my issue.
The machines ran fine for a couple of days, then one day, one of the machine would automatically reboot itself during login. A couple of days later it started happening on the second machine we tested on.
What would happen is, the user logs into the domain, it finishes loading policies and settings and then just reboots right before the icons would normally start appearing on the screen. If the users logs onto a local account on the computer, it loads just fine and doesn't reboot...so it would seem the problem is a conflict between SP2 AND either roaming profile or domain policy.
I disabled the automatic reboot in my computer->properties so I could see what the stop error was:
Seemed to switch between 2 errors:
0X00000024
and
0X0000008E
Searching on those 2 errors I haven't been able to find any articles that seem related to my issue.
ASKER
Yes we run trend micro officescan and our virus defs are up to date.
Problem is occuring on multiple machines so we haven't swapped the memory out of either.
Problem is occuring on multiple machines so we haven't swapped the memory out of either.
Definitly sounds odd, have you installed any new apps lately?
do you have named brand computers or clones?
Are you running a login script that includes an install or startup of a program?
Is there an item in the startup folder that you can remove and test again?
Is there an item in the registry HKLM-software-microsoft-wi ndows-curr ent version-Run that shouldn't be there?
do you have named brand computers or clones?
Are you running a login script that includes an install or startup of a program?
Is there an item in the startup folder that you can remove and test again?
Is there an item in the registry HKLM-software-microsoft-wi
ASKER
Only new thing we installed was SP2
One machine was a dell, the other a clone
Nothing in the login script that installs anything, nothing of interest in the startup folder
Checking hklm...run in the registry for spyware or other was one of the first things I did, nothing there.
One machine was a dell, the other a clone
Nothing in the login script that installs anything, nothing of interest in the startup folder
Checking hklm...run in the registry for spyware or other was one of the first things I did, nothing there.
You might want to make sure you are using all the latest drivers for your hardware...most importantly the chipset drivers.
ASKER
I suppose I could try updating some drivers, just doesn't make sense though that it doesn't reboot if I log onto a local account and only domain accounts.
it doesn't reboot if I log onto a local account and only domain accounts...this is good to know now I can stop buggin you with simple ideas :)
Check this page out
http://aumha.org/win5/kbestop.htm
Also does it delete with any domain account or a domain account already on the machine. You may want delete the Default User folder in documents in settings (may be corrupted) and/or delete the users profile on the machine.
Check this page out
http://aumha.org/win5/kbestop.htm
Also does it delete with any domain account or a domain account already on the machine. You may want delete the Default User folder in documents in settings (may be corrupted) and/or delete the users profile on the machine.
When you login to your local account, is the PC still connected to the network or are you offline? The User account you are trying to logon to on the domain, is that a normal account or is it an account with administrative rights? Have you tried to logon to the domain using another user account, preferably a virgin one?
ASKER
Yes,when logging on locally the machine is still online.
The accounts which we have tried, one is domain admin, the other is regular user
We have tried deleting the users roaming profile (local and server copies) and logging on with a brand new one, and the problem still occurs.
I should also note that all the domain usernames we have tried can log on to non-sp2 machines with no problem.
I think it would be safe to say I've tried all the simple stuff, what I'm guessing is that this is some new and yet to be documented problem with SP2.
The accounts which we have tried, one is domain admin, the other is regular user
We have tried deleting the users roaming profile (local and server copies) and logging on with a brand new one, and the problem still occurs.
I should also note that all the domain usernames we have tried can log on to non-sp2 machines with no problem.
I think it would be safe to say I've tried all the simple stuff, what I'm guessing is that this is some new and yet to be documented problem with SP2.
Make sure that your Domain Controller, or the server that administers group policy has the latest updates. In XP SP2 group policys change and your servers administration of this will as well.
Read this article to find out the changes http://support.microsoft.com/kb/873449
Hope this helps, will keep looking.
Read this article to find out the changes http://support.microsoft.com/kb/873449
Hope this helps, will keep looking.
Service pack 2 is more strickted as it comes to a non HCL device. Try to run the following command and merge its plot to a file. Open the file and sort all non compliant drivers;
1. Go to the command prompt (Start => Run... => type 'cmd' and press 'Enter').
2. Type 'driverquery /v > report.txt' and press 'Enter'.
3. Openthe 'Report.txt' file and verify any drivers status.
Compare the drives FAILED to pass the M$ to the Internet and see which of those devices may cause you the problem (You may post the outcome here as well and we will help you locating the problematic device).
Links
Checkout the following link - It has a same problem description:
http://www.hothardware.com/forum/messageview.cfm?catid=26&threadid=23256&enterthread=y
Good luck
Cyber
1. Go to the command prompt (Start => Run... => type 'cmd' and press 'Enter').
2. Type 'driverquery /v > report.txt' and press 'Enter'.
3. Openthe 'Report.txt' file and verify any drivers status.
Compare the drives FAILED to pass the M$ to the Internet and see which of those devices may cause you the problem (You may post the outcome here as well and we will help you locating the problematic device).
Links
Checkout the following link - It has a same problem description:
http://www.hothardware.com/forum/messageview.cfm?catid=26&threadid=23256&enterthread=y
Good luck
Cyber
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
An interesting thought re: anti-virus... the AV loads no matter if you log on locally or to the domain so I don't think this is the case but I'll try disabling it anyways just since I'm running out of other options. I'll let you know the results as soon as I test. I'll post those driverquery results soon too, a little busy atm.
ASKER
AV didn't help
Everything "OK" in the driverquery report
Everything "OK" in the driverquery report
Bugcheck code 24 is error at NTFS file system and I don't think it is the software error at SP2 or faulty RAM. I believe this is a device driver incompatible with SP2. I want to display your device driver
It is extremely help if I know the device configuration of your windows. Most of the blue screen
is caused display card displayer.
Run command msinfo32 and navigate to Hardware Resources > IRQs. Click anywhere in the right panel. Press CTRL-A and then CTRL-C. You have copied that data to the clipboard. Paste that data and repost.
It is extremely help if I know the device configuration of your windows. Most of the blue screen
is caused display card displayer.
Run command msinfo32 and navigate to Hardware Resources > IRQs. Click anywhere in the right panel. Press CTRL-A and then CTRL-C. You have copied that data to the clipboard. Paste that data and repost.
I wonder,
Do you run any login script?
Cyber
Do you run any login script?
Cyber
ASKER
msinfo32 output:
IRQ 0 System timer OK
IRQ 1 Microsoft PS/2 Keyboard (IntelliType Pro) OK
IRQ 3 Communications Port (COM2) OK
IRQ 4 Communications Port (COM1) OK
IRQ 6 Standard floppy disk controller OK
IRQ 8 System CMOS/real time clock OK
IRQ 9 Microsoft ACPI-Compliant System OK
IRQ 10 VIA Rev 5 or later USB Universal Host Controller OK
IRQ 10 VIA Rev 5 or later USB Universal Host Controller OK
IRQ 10 VIA Rev 5 or later USB Universal Host Controller OK
IRQ 11 RAGE 128 PRO Ultra GL AGP (Microsoft Corporation) OK
IRQ 11 CMI8738/C3DX PCI Audio Device OK
IRQ 11 VIA Rhine II Fast Ethernet Adapter OK
IRQ 12 Microsoft PS/2 Port Mouse (IntelliPoint) OK
IRQ 13 Numeric data processor OK
IRQ 14 Primary IDE Channel OK
IRQ 15 Secondary IDE Channel OK
And yes, we do run a login script to connect printers and map network drives
IRQ 0 System timer OK
IRQ 1 Microsoft PS/2 Keyboard (IntelliType Pro) OK
IRQ 3 Communications Port (COM2) OK
IRQ 4 Communications Port (COM1) OK
IRQ 6 Standard floppy disk controller OK
IRQ 8 System CMOS/real time clock OK
IRQ 9 Microsoft ACPI-Compliant System OK
IRQ 10 VIA Rev 5 or later USB Universal Host Controller OK
IRQ 10 VIA Rev 5 or later USB Universal Host Controller OK
IRQ 10 VIA Rev 5 or later USB Universal Host Controller OK
IRQ 11 RAGE 128 PRO Ultra GL AGP (Microsoft Corporation) OK
IRQ 11 CMI8738/C3DX PCI Audio Device OK
IRQ 11 VIA Rhine II Fast Ethernet Adapter OK
IRQ 12 Microsoft PS/2 Port Mouse (IntelliPoint) OK
IRQ 13 Numeric data processor OK
IRQ 14 Primary IDE Channel OK
IRQ 15 Secondary IDE Channel OK
And yes, we do run a login script to connect printers and map network drives
REM out the printer connections in the login script and see if it works. Have you added XP drivers to your print server?
ASKER
Print server has all of the following drivers 98, 2k, xp, 2003 (Yes, there are a few poor souls here still running 98 :p)
REM'ing printer statements didn't work
REM'ing printer statements didn't work
Damn, this is a hell of a problem you got :). Try REMing the whole fricken login script from the test domain user and/or create a test user in the domain that has no associated policy or runs a login script and see if the problem doesn't pop up.
I think the problem is the CMI8738/C3DX PCI Audio Device Drive
http://www.hydrogenaudio.org/forums/index.php?showtopic=18030
http://www.hydrogenaudio.org/forums/index.php?showtopic=18030
The problem with saying it's a driver is that you must explain why it only happens when domain user logs on.
Maybe the domain user needs to have admin rights, but I think frieked has logged on with his domain admin account and the same problem occurs yet when he logs on as the local admin account he has no problems.
Maybe the domain user needs to have admin rights, but I think frieked has logged on with his domain admin account and the same problem occurs yet when he logs on as the local admin account he has no problems.
ASKER
The 2 machines I've tested on have different sounds cards so I doubt this is the cause...and the machines do play the logon sound before they reboot so the drivers are functioning.
I will repeat this again from one of my earlier posts... The machine DOES load when you log onto a local account. The machine DOES NOT load when logging onto a domain account. The only things different when you log onto the domain are:
1 - A logon script is run that connects printers and maps network drives
2 - Domain group policy is applied to the computer/user
3 - The users roaming profile is loaded from the server
So I believe one of those 3 things is the cause.
I'm pretty sure it's not a problem with the roaming profile because I've tried deleting it and replacing with a new one.
The logon script is pretty simple so I don't see how it could be causing the problem
I will repeat this again from one of my earlier posts... The machine DOES load when you log onto a local account. The machine DOES NOT load when logging onto a domain account. The only things different when you log onto the domain are:
1 - A logon script is run that connects printers and maps network drives
2 - Domain group policy is applied to the computer/user
3 - The users roaming profile is loaded from the server
So I believe one of those 3 things is the cause.
I'm pretty sure it's not a problem with the roaming profile because I've tried deleting it and replacing with a new one.
The logon script is pretty simple so I don't see how it could be causing the problem
Are you trying the creating of a "blank" user with no associated GPO and login script...just to start from scratch. And maybe by adding on item in at a time we can at least determine where the problem lies and where to go from there.
Whenever BSOD occurs, a minidump and a system event record is written.
Check the system event log and look for record id 1001. Copy and Paste the information here and they are very useful diagnostic information. If you can upload the minidump to any web and I can download it and have a look. You can find the minidump at c:\windows\minidump\*.dmp.
Check the system event log and look for record id 1001. Copy and Paste the information here and they are very useful diagnostic information. If you can upload the minidump to any web and I can download it and have a look. You can find the minidump at c:\windows\minidump\*.dmp.
ASKER
Had to borrow webspace from a friend but here is one of the dump s:
http://www.continuitycenters.com/minidump/Mini110204-15.txt - renamed the dump to .txt to make it easier for you to open
And here are a few of the Event 1001 msgs:
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x001902fe, 0xf44405c0, 0xf44402bc, 0xf847474f). A dump was saved in: C:\WINDOWS\MEMORY.DMP.
The computer has rebooted from a bugcheck. The bugcheck was: 0x1000008e (0xc0000005, 0x8060e12d, 0xf41fdbd4, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini11 0204-14.dm p.
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x001902fe, 0xf3f9665c, 0xf3f96358, 0x8057a65e). A dump was saved in: C:\WINDOWS\Minidump\Mini11 0204-13.dm p.
The computer has rebooted from a bugcheck. The bugcheck was: 0x1000008e (0xc0000005, 0x80564435, 0xf3f68c38, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini11 0204-12.dm p.
The computer has rebooted from a bugcheck. The bugcheck was: 0x10000050 (0x8890e20a, 0x00000000, 0xf4b8e72e, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini11 0204-11.dm p.
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000025 (0x000b0108, 0x00000094, 0x00000000, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini11 0204-05.dm p.
http://www.continuitycenters.com/minidump/Mini110204-15.txt - renamed the dump to .txt to make it easier for you to open
And here are a few of the Event 1001 msgs:
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x001902fe, 0xf44405c0, 0xf44402bc, 0xf847474f). A dump was saved in: C:\WINDOWS\MEMORY.DMP.
The computer has rebooted from a bugcheck. The bugcheck was: 0x1000008e (0xc0000005, 0x8060e12d, 0xf41fdbd4, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini11
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x001902fe, 0xf3f9665c, 0xf3f96358, 0x8057a65e). A dump was saved in: C:\WINDOWS\Minidump\Mini11
The computer has rebooted from a bugcheck. The bugcheck was: 0x1000008e (0xc0000005, 0x80564435, 0xf3f68c38, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini11
The computer has rebooted from a bugcheck. The bugcheck was: 0x10000050 (0x8890e20a, 0x00000000, 0xf4b8e72e, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini11
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000025 (0x000b0108, 0x00000094, 0x00000000, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini11
Your XP crashes with different bugcheck code 23, 24, 50 and 8E. This is a faulty device driver ovelay windows memory and trigger different abend code. The failing instruction from the system event log shows the abend instruction varies.
After I analyze the minidump the failing module is npfs.sys refer address 0x00000080 which violates windows low memory. Windows does not allow read and write to the first 64K. The value at register eax is null. I am not sure wether npfs.sys is the culprit or the victim. I need more minidump to confirm my finding.
I want Mini110204-11.dmp as its bugcheck code is 50 and more information is logged.
After I analyze the minidump the failing module is npfs.sys refer address 0x00000080 which violates windows low memory. Windows does not allow read and write to the first 64K. The value at register eax is null. I am not sure wether npfs.sys is the culprit or the victim. I need more minidump to confirm my finding.
I want Mini110204-11.dmp as its bugcheck code is 50 and more information is logged.
ASKER
The failing module is TmXPFlt.sys. I have processed two minidumps and failing module is different. I believe TmXPFlt.sys is also the victim.
Failing instruction TmXPFlt+1272e f4b8e72e 83791800 cmp dword ptr [ecx+0x18],0x0
DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT
BUGCHECK_STR: 0x50
Stack Trace
f483b958 f4b8ea2f 00000400 00000000 8286cc88 TmXPFlt+0x1272e
f483b96c f4b7efa7 000002d0 00000001 f4b9baac TmXPFlt+0x12a2f
f483b9d0 f89d92ae 00000000 00100020 f483ba10 TmXPFlt+0x2fa7
f483ba60 804e3d77 82ac2e08 00000000 8286cc88 TmPreFlt+0x32ae
f483bb50 8056386c 82fdd900 00000000 81ea0560 nt+0xcd77
f483bbd8 80567c63 00000000 f483bc18 00000040 nt+0x8c86c
f483bc2c 80571477 00000000 00000000 00000001 nt+0x90c63
f483bca8 80571546 01afd98c 00100020 01afd944 nt+0x9a477
f483bd04 8057160e 01afd98c 00100020 01afd944 nt+0x9a546
f483bd44 804df06b 01afd98c 00100020 01afd944 nt+0x9a60e
f483bd64 7c90eb94 badb0d00 01afd918 00000000 nt+0x806b
01afdbd8 00000000 00000000 00000000 00000000 0x7c90eb94
It is very hard to diagnostic memory overlay problem unless you have you have full dump.
Can you provide a complete list of the system event logs with record id 1001? I will try to find out the error pattern.
Failing instruction TmXPFlt+1272e f4b8e72e 83791800 cmp dword ptr [ecx+0x18],0x0
DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT
BUGCHECK_STR: 0x50
Stack Trace
f483b958 f4b8ea2f 00000400 00000000 8286cc88 TmXPFlt+0x1272e
f483b96c f4b7efa7 000002d0 00000001 f4b9baac TmXPFlt+0x12a2f
f483b9d0 f89d92ae 00000000 00100020 f483ba10 TmXPFlt+0x2fa7
f483ba60 804e3d77 82ac2e08 00000000 8286cc88 TmPreFlt+0x32ae
f483bb50 8056386c 82fdd900 00000000 81ea0560 nt+0xcd77
f483bbd8 80567c63 00000000 f483bc18 00000040 nt+0x8c86c
f483bc2c 80571477 00000000 00000000 00000001 nt+0x90c63
f483bca8 80571546 01afd98c 00100020 01afd944 nt+0x9a477
f483bd04 8057160e 01afd98c 00100020 01afd944 nt+0x9a546
f483bd44 804df06b 01afd98c 00100020 01afd944 nt+0x9a60e
f483bd64 7c90eb94 badb0d00 01afd918 00000000 nt+0x806b
01afdbd8 00000000 00000000 00000000 00000000 0x7c90eb94
It is very hard to diagnostic memory overlay problem unless you have you have full dump.
Can you provide a complete list of the system event logs with record id 1001? I will try to find out the error pattern.
ASKER
Here is all 1001's in event log:
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x001902fe, 0xf41d55c0, 0xf41d52bc, 0xf847474f). A dump was saved in: C:\WINDOWS\Minidump\Mini11 0204-01.dm p.
The computer has rebooted from a bugcheck. The bugcheck was: 0x1000008e (0xc0000005, 0xf458e72e, 0xf86f58d4, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini11 0204-02.dm p.
The computer has rebooted from a bugcheck. The bugcheck was: 0x1000008e (0xc0000005, 0xf4b8e72e, 0xf88158d4, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini11 0204-03.dm p.
The computer has rebooted from a bugcheck. The bugcheck was: 0x1000008e (0xc0000005, 0x8057dd63, 0xf436e908, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini11 0204-04.dm p.
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000025 (0x000b0108, 0x00000094, 0x00000000, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini11 0204-05.dm p.
The computer has rebooted from a bugcheck. The bugcheck was: 0x1000008e (0xc0000005, 0xf423d8af, 0xf34a28e8, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini11 0204-06.dm p.
The computer has rebooted from a bugcheck. The bugcheck was: 0x10000050 (0xf9a80000, 0x00000000, 0x8057a65e, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini11 0204-07.dm p.
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x001902fe, 0xf8a2da58, 0xf8a2d754, 0xf8474126). A dump was saved in: C:\WINDOWS\Minidump\Mini11 0204-08.dm p.
The computer has rebooted from a bugcheck. The bugcheck was: 0x1000008e (0xc0000005, 0x805638fc, 0xf3ff8a78, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini11 0204-09.dm p.
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x001902fe, 0xf37541b0, 0xf3753eac, 0xf8474126). A dump was saved in: C:\WINDOWS\Minidump\Mini11 0204-10.dm p.
The computer has rebooted from a bugcheck. The bugcheck was: 0x10000050 (0x8890e20a, 0x00000000, 0xf4b8e72e, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini11 0204-11.dm p.
The computer has rebooted from a bugcheck. The bugcheck was: 0x1000008e (0xc0000005, 0x80564435, 0xf3f68c38, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini11 0204-12.dm p.
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x001902fe, 0xf3f9665c, 0xf3f96358, 0x8057a65e). A dump was saved in: C:\WINDOWS\Minidump\Mini11 0204-13.dm p.
The computer has rebooted from a bugcheck. The bugcheck was: 0x1000008e (0xc0000005, 0x8060e12d, 0xf41fdbd4, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini11 0204-14.dm p.
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x001902fe, 0xf44405c0, 0xf44402bc, 0xf847474f). A dump was saved in: C:\WINDOWS\MEMORY.DMP.
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x804d917e, 0xf8715bb8, 0x00000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP.
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x001902fe, 0xf41d55c0, 0xf41d52bc, 0xf847474f). A dump was saved in: C:\WINDOWS\Minidump\Mini11
The computer has rebooted from a bugcheck. The bugcheck was: 0x1000008e (0xc0000005, 0xf458e72e, 0xf86f58d4, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini11
The computer has rebooted from a bugcheck. The bugcheck was: 0x1000008e (0xc0000005, 0xf4b8e72e, 0xf88158d4, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini11
The computer has rebooted from a bugcheck. The bugcheck was: 0x1000008e (0xc0000005, 0x8057dd63, 0xf436e908, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini11
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000025 (0x000b0108, 0x00000094, 0x00000000, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini11
The computer has rebooted from a bugcheck. The bugcheck was: 0x1000008e (0xc0000005, 0xf423d8af, 0xf34a28e8, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini11
The computer has rebooted from a bugcheck. The bugcheck was: 0x10000050 (0xf9a80000, 0x00000000, 0x8057a65e, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini11
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x001902fe, 0xf8a2da58, 0xf8a2d754, 0xf8474126). A dump was saved in: C:\WINDOWS\Minidump\Mini11
The computer has rebooted from a bugcheck. The bugcheck was: 0x1000008e (0xc0000005, 0x805638fc, 0xf3ff8a78, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini11
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x001902fe, 0xf37541b0, 0xf3753eac, 0xf8474126). A dump was saved in: C:\WINDOWS\Minidump\Mini11
The computer has rebooted from a bugcheck. The bugcheck was: 0x10000050 (0x8890e20a, 0x00000000, 0xf4b8e72e, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini11
The computer has rebooted from a bugcheck. The bugcheck was: 0x1000008e (0xc0000005, 0x80564435, 0xf3f68c38, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini11
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x001902fe, 0xf3f9665c, 0xf3f96358, 0x8057a65e). A dump was saved in: C:\WINDOWS\Minidump\Mini11
The computer has rebooted from a bugcheck. The bugcheck was: 0x1000008e (0xc0000005, 0x8060e12d, 0xf41fdbd4, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini11
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x001902fe, 0xf44405c0, 0xf44402bc, 0xf847474f). A dump was saved in: C:\WINDOWS\MEMORY.DMP.
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x804d917e, 0xf8715bb8, 0x00000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP.
Your windows environment is far more complicate than I expected. From the dump, I find out the following modules do not changed by SP2. The culprit is one of them.
start end module name
f48f4000 f496f000 CVPNDRVA CVPNDRVA.sys Tue Aug 26 04:40:42 2003 (3F4A744A)
4b7c000 f4bad500 TmXPFlt TmXPFlt.sys Tue Mar 30 17:35:10 2004 (40693F4E)
f4bae000 f4c90fa0 VSApiNt VSApiNt.sys Tue Mar 30 17:12:36 2004 (40693A04)
f4e89000 f4e9a4e0 HPUATA HPUATA.sys Mon Sep 24 18:20:47 2001 (3BAF08FF)
f50af000 f50b1900 Dxapi Dxapi.sys Sat Aug 18 04:53:19 2001 (3B7D843F)
f81e8000 f81ea580 hidusb hidusb.sys Sat Aug 18 05:02:16 2001 (3B7D8658)
f8263000 f827cec0 dne2000 dne2000.sys Tue Aug 27 08:09:40 2002 (3D6AC344)
f82fb000 f83571c0 cmaudio cmaudio.sys Mon Nov 18 15:51:39 2002 (3DD89C0B)
f836c000 f83bbd80 ati2mtaa ati2mtaa.sys Sat Jan 31 07:12:30 2004 (401AE4DE)
f8577000 f8595880 ftdisk ftdisk.sys Sat Aug 18 04:52:41 2001 (3B7D8419)
f85f6000 f85fec00 isapnp isapnp.sys Sat Aug 18 04:58:01 2001 (3B7D8559)
f8626000 f862f900 hpt3xx hpt3xx.sys Mon Dec 24 16:58:49 2001 (3C26EE49)
f86f6000 f86ff480 NDProxy NDProxy.SYS Sat Aug 18 04:55:30 2001 (3B7D84C2)
f8766000 f876e880 Fips Fips.SYS Sat Aug 18 09:31:49 2001 (3B7DC585)
f8866000 f8870400 fetnd5b fetnd5b.sys Fri May 30 15:57:54 2003 (3ED70F02)
f887e000 f8882900 PartMgr PartMgr.sys Sat Aug 18 09:32:23 2001 (3B7DC5A7)
8936000 f893aa80 point32 point32.sys Fri May 16 07:29:51 2003 (3EC422EF)
f8956000 f895a580 ptilink ptilink.sys Sat Aug 18 04:49:53 2001 (3B7D8371)
f895e000 f8962080 raspti raspti.sys Sat Aug 18 04:55:32 2001 (3B7D84C4)
f89d6000 f89db180 TmPreFlt TmPreFlt.sys Tue Mar 30 17:35:08 2004 (40693F4C)
f8a06000 f8a09000 BOOTVID BOOTVID.dll Sat Aug 18 04:49:09 2001 (3B7D8345)
f8a0a000 f8a0c480 compbatt compbatt.sys Sat Aug 18 04:57:58 2001 (3B7D8556)
f8a0e000 f8a11700 BATTC BATTC.SYS Sat Aug 18 04:57:52 2001 (3B7D8550)
f8ab2000 f8ab4280 rasacd rasacd.sys Sat Aug 18 04:55:39 2001 (3B7D84CB)
f8aba000 f8abcf00 ws2ifsl ws2ifsl.sys Sat Aug 18 04:55:58 2001 (3B7D84DE)
f8aea000 f8aec580 ndistapi ndistapi.sys Sat Aug 18 04:55:29 2001 (3B7D84C1)
f8af6000 f8af7b80 kdcom kdcom.dll Sat Aug 18 04:49:10 2001 (3B7D8346)
f8af8000 f8af9100 WMILIB WMILIB.SYS Sat Aug 18 05:07:23 2001 (3B7D878B)
8afc000 f8afd700 dmload dmload.sys Sat Aug 18 04:58:15 2001 (3B7D8567)
f8b32000 f8b33100 swenum swenum.sys Wed Aug 04 13:58:41 2004 (41107B11)
f8b34000 f8b35280 USBD USBD.SYS Sat Aug 18 05:02:58 2001 (3B7D8682)
f8b3a000 f8b3bf00 Fs_Rec Fs_Rec.SYS Sat Aug 18 04:49:37 2001 (3B7D8361)
f8b3c000 f8b3d080 Beep Beep.SYS Sat Aug 18 04:47:33 2001 (3B7D82E5)
f8b3e000 f8b3f080 mnmdd mnmdd.SYS Sat Aug 18 04:57:28 2001 (3B7D8538)
f8b40000 f8b41080 RDPCDD RDPCDD.sys Sat Aug 18 04:46:56 2001 (3B7D82C0)
f8b52000 f8b53100 dump_WMILIB dump_WMILIB.SYS Sat Aug 18 05:07:23 2001 (3B7D878B)
f8b86000 f8b87a80 ParVdm ParVdm.SYS Sat Aug 18 04:49:49 2001 (3B7D836D)
f8bac000 f8bad680 WNTHW WNTHW.SYS Tue Mar 20 23:55:41 2001 (3AB77D7D)
f8bf2000 f8bf2c00 audstub audstub.sys Sat Aug 18 04:59:40 2001 (3B7D85BC)
f8c68000 f8c68b80 Null Null.SYS Sat Aug 18 04:47:39 2001 (3B7D82EB)
f8cde000 f8cded00 dxgthk dxgthk.sys Sat Aug 18 04:53:12 2001 (3B7D8438)
If you provide more information, I can find out the culprit.
start end module name
f48f4000 f496f000 CVPNDRVA CVPNDRVA.sys Tue Aug 26 04:40:42 2003 (3F4A744A)
4b7c000 f4bad500 TmXPFlt TmXPFlt.sys Tue Mar 30 17:35:10 2004 (40693F4E)
f4bae000 f4c90fa0 VSApiNt VSApiNt.sys Tue Mar 30 17:12:36 2004 (40693A04)
f4e89000 f4e9a4e0 HPUATA HPUATA.sys Mon Sep 24 18:20:47 2001 (3BAF08FF)
f50af000 f50b1900 Dxapi Dxapi.sys Sat Aug 18 04:53:19 2001 (3B7D843F)
f81e8000 f81ea580 hidusb hidusb.sys Sat Aug 18 05:02:16 2001 (3B7D8658)
f8263000 f827cec0 dne2000 dne2000.sys Tue Aug 27 08:09:40 2002 (3D6AC344)
f82fb000 f83571c0 cmaudio cmaudio.sys Mon Nov 18 15:51:39 2002 (3DD89C0B)
f836c000 f83bbd80 ati2mtaa ati2mtaa.sys Sat Jan 31 07:12:30 2004 (401AE4DE)
f8577000 f8595880 ftdisk ftdisk.sys Sat Aug 18 04:52:41 2001 (3B7D8419)
f85f6000 f85fec00 isapnp isapnp.sys Sat Aug 18 04:58:01 2001 (3B7D8559)
f8626000 f862f900 hpt3xx hpt3xx.sys Mon Dec 24 16:58:49 2001 (3C26EE49)
f86f6000 f86ff480 NDProxy NDProxy.SYS Sat Aug 18 04:55:30 2001 (3B7D84C2)
f8766000 f876e880 Fips Fips.SYS Sat Aug 18 09:31:49 2001 (3B7DC585)
f8866000 f8870400 fetnd5b fetnd5b.sys Fri May 30 15:57:54 2003 (3ED70F02)
f887e000 f8882900 PartMgr PartMgr.sys Sat Aug 18 09:32:23 2001 (3B7DC5A7)
8936000 f893aa80 point32 point32.sys Fri May 16 07:29:51 2003 (3EC422EF)
f8956000 f895a580 ptilink ptilink.sys Sat Aug 18 04:49:53 2001 (3B7D8371)
f895e000 f8962080 raspti raspti.sys Sat Aug 18 04:55:32 2001 (3B7D84C4)
f89d6000 f89db180 TmPreFlt TmPreFlt.sys Tue Mar 30 17:35:08 2004 (40693F4C)
f8a06000 f8a09000 BOOTVID BOOTVID.dll Sat Aug 18 04:49:09 2001 (3B7D8345)
f8a0a000 f8a0c480 compbatt compbatt.sys Sat Aug 18 04:57:58 2001 (3B7D8556)
f8a0e000 f8a11700 BATTC BATTC.SYS Sat Aug 18 04:57:52 2001 (3B7D8550)
f8ab2000 f8ab4280 rasacd rasacd.sys Sat Aug 18 04:55:39 2001 (3B7D84CB)
f8aba000 f8abcf00 ws2ifsl ws2ifsl.sys Sat Aug 18 04:55:58 2001 (3B7D84DE)
f8aea000 f8aec580 ndistapi ndistapi.sys Sat Aug 18 04:55:29 2001 (3B7D84C1)
f8af6000 f8af7b80 kdcom kdcom.dll Sat Aug 18 04:49:10 2001 (3B7D8346)
f8af8000 f8af9100 WMILIB WMILIB.SYS Sat Aug 18 05:07:23 2001 (3B7D878B)
8afc000 f8afd700 dmload dmload.sys Sat Aug 18 04:58:15 2001 (3B7D8567)
f8b32000 f8b33100 swenum swenum.sys Wed Aug 04 13:58:41 2004 (41107B11)
f8b34000 f8b35280 USBD USBD.SYS Sat Aug 18 05:02:58 2001 (3B7D8682)
f8b3a000 f8b3bf00 Fs_Rec Fs_Rec.SYS Sat Aug 18 04:49:37 2001 (3B7D8361)
f8b3c000 f8b3d080 Beep Beep.SYS Sat Aug 18 04:47:33 2001 (3B7D82E5)
f8b3e000 f8b3f080 mnmdd mnmdd.SYS Sat Aug 18 04:57:28 2001 (3B7D8538)
f8b40000 f8b41080 RDPCDD RDPCDD.sys Sat Aug 18 04:46:56 2001 (3B7D82C0)
f8b52000 f8b53100 dump_WMILIB dump_WMILIB.SYS Sat Aug 18 05:07:23 2001 (3B7D878B)
f8b86000 f8b87a80 ParVdm ParVdm.SYS Sat Aug 18 04:49:49 2001 (3B7D836D)
f8bac000 f8bad680 WNTHW WNTHW.SYS Tue Mar 20 23:55:41 2001 (3AB77D7D)
f8bf2000 f8bf2c00 audstub audstub.sys Sat Aug 18 04:59:40 2001 (3B7D85BC)
f8c68000 f8c68b80 Null Null.SYS Sat Aug 18 04:47:39 2001 (3B7D82EB)
f8cde000 f8cded00 dxgthk dxgthk.sys Sat Aug 18 04:53:12 2001 (3B7D8438)
If you provide more information, I can find out the culprit.
NDProxy.SYS has no upgrade. Is it one of driver of your firecall? What is your firewall software? Do you upgrade your firewall together with SP2?
I wan the mindump C:\WINDOWS\Minidump\Mini11 0204-07.dm p.
I wan the mindump C:\WINDOWS\Minidump\Mini11
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
We did check out the anti-virus software earlier and it was reported not to be the culprit.
ASKER
Well, I hate to say this but it looks like it was the anti-virus after all. It must have still been loading something even though I disabled it in services. I just uninstalled trend officescan client on one of the machines and the problem was gone, repeated the same for the 2nd machine.
Then I did some searching on Trend's site and I found this:
http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp?solutionID=19945
Seems very close to the problem I'm experiencing...
So I'm going to roll back the scan engine to a previous version which is what they say to do and see if that will work with SP2
Thanks a ton for all your help!
Then I did some searching on Trend's site and I found this:
http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp?solutionID=19945
Seems very close to the problem I'm experiencing...
So I'm going to roll back the scan engine to a previous version which is what they say to do and see if that will work with SP2
Thanks a ton for all your help!
finally, good extra technical help by cpc2004
You are welcome. Have a nice weekend
Thank you for this thread! I have the same problem. I was on the phone with trend micro for an hour after HP support recon'zd that trend was the problem.
I am running Trend Mico Office Scan 6.5
I am running Trend Mico Office Scan 6.5
Heads up this issue known only internally at TrednMicro (TM) is fixed in Scanning Engine 7.5. Scanning Engine 7.5 is tentatively set to be auto updated/downloaded later this month. In the mean time you can manually install the Scanning Engine via TM's website. I installed it on a few machines before installing in on the server and pushing it down to all.
Note: The bug has something to do with the mapping of home drives, hence while you will see this issue with network/domain users more than with local users.
Note: The bug has something to do with the mapping of home drives, hence while you will see this issue with network/domain users more than with local users.
ASKER
Thanks for the update, Aaron_W I'm going to install that right away.
Have you switched memory in the machine with one that works to test the RAM?