[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1839
  • Last Modified:

BSOD help please windows 2000 TS

windows 2000 sp4
citrix xp fr3 sp4


blue screening every 24 hours at around 10 to 11 am

this is some data i could find but not sure what it means..

                       Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: e587f000, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 80492de9, If non-zero, the instruction address which referenced the bad memory
      address.
Arg4: 00000001, (reserved)

Debugging Details:
------------------


READ_ADDRESS:  e587f000 Paged pool

FAULTING_IP:
nt!ExpLookupHandleTableEntry+2f
80492de9 8b0c88           mov     ecx,[eax+ecx*4]

MM_INTERNAL_CODE:  1

DEFAULT_BUCKET_ID:  INTEL_CPU_MICROCODE_ZERO

BUGCHECK_STR:  0x50

LAST_CONTROL_TRANSFER:  from 804170ff to 80492de9

TRAP_FRAME:  eb46bc4c -- (.trap ffffffffeb46bc4c)
ErrCode = 00000000
eax=e587f000 ebx=00000000 ecx=00000000 edx=00000000 esi=00000066 edi=00000198
eip=80492de9 esp=eb46bcc0 ebp=eb46bcd8 iopl=0         nv up ei pl zr na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
nt!ExpLookupHandleTableEntry+0x2f:
80492de9 8b0c88           mov     ecx,[eax+ecx*4]   ds:0023:e587f000=????????
Resetting default scope

STACK_TEXT:  
eb46bcc4 804170ff 87896aa8 00000198 80485840 nt!ExpLookupHandleTableEntry+0x2f
eb46bcd8 804da628 87896aa8 80451b36 8742af8c nt!ExSweepHandleTable+0x1d
eb46bcf8 804e607b 00000000 8742ad60 00017644 nt!ObKillProcess+0x8e
eb46bd14 804e6194 00000000 8742ad60 00000000 nt!PspExitProcess+0x1ab
eb46bd44 804d868a 8742ad60 8742ad60 80485a34 nt!PspProcessDelete+0xae
eb46bd60 804504da 8742ad60 80485950 80477a80 nt!ObpRemoveObjectRoutine+0xd6
eb46bd78 804176b5 00000000 00000000 00000000 nt!ObpProcessRemoveObjectQueue+0x3e
eb46bda8 804565fc 00000000 00000000 00000000 nt!ExpWorkerThread+0xaf
eb46bddc 8046b6a6 80417606 00000000 00000000 nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


FOLLOWUP_IP:
nt!ExpLookupHandleTableEntry+2f
80492de9 8b0c88           mov     ecx,[eax+ecx*4]

SYMBOL_STACK_INDEX:  0

FOLLOWUP_NAME:  MachineOwner

SYMBOL_NAME:  nt!ExpLookupHandleTableEntry+2f

MODULE_NAME:  nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  41773335

STACK_COMMAND:  .trap ffffffffeb46bc4c ; kb

FAILURE_BUCKET_ID:  0x50_nt!ExpLookupHandleTableEntry+2f

BUCKET_ID:  0x50_nt!ExpLookupHandleTableEntry+2f

Followup: MachineOwner
---------

0
mhamer
Asked:
mhamer
1 Solution
 
Zaheer IqbalTechnical Assurance & ImplementationCommented:
Read the following article, should help
http://www.osronline.com/article.cfm?id=335
I would do a memory check on your system. www.simmtester.com
0
 
cpc2004Commented:
Your case is similar to the following case and it is suspected  CPU problem.  
http://www.experts-exchange.com/Operating_Systems/Win2000/Q_21242840.ht
As both case have the same DEFAULT_BUCKET_ID:  INTEL_CPU_MICROCODE_ZERO and W2K platform

As you know the minidump is only a snapshot when the windows crash.  The hardware problem occurs random and the symptoms are very obviously and they are hardware problem
BUCKET_ID:  SINGLE_BIT_CPU_CALL_ERROR
BUCKET_ID:  CPU_CALL_ERROR
BUCKET_ID:  MEMORY_CORRUPTION_ONE_BIT

Some symptoms are not very clear and they may be related to software or hardware error. You must analyse 3 to 4 dumps in order to confirm the culprit. Attach more output of windbg of another minidumps here are extremely helpful to diagnostic your problem.
0
 
mhamerAuthor Commented:
2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: e587f000, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 80492de9, If non-zero, the instruction address which referenced the bad memory
      address.
Arg4: 00000001, (reserved)

Debugging Details:
------------------


Could not read faulting driver name

READ_ADDRESS: unable to read from 80484bd8
unable to read from 80484568
unable to read from 80484448
unable to read from 804761b8
unable to read from 80484460
unable to read from 80484564
unable to read from 804761bc
unable to read from 80484624
unable to read from 80484b78
 e587f000

FAULTING_IP:
nt!ExpLookupHandleTableEntry+2f
80492de9 8b0c88           mov     ecx,[eax+ecx*4]

MM_INTERNAL_CODE:  1

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  INTEL_CPU_MICROCODE_ZERO

BUGCHECK_STR:  0x50

LAST_CONTROL_TRANSFER:  from 804170ff to 80492de9

TRAP_FRAME:  eb46bc4c -- (.trap ffffffffeb46bc4c)
ErrCode = 00000000
eax=e587f000 ebx=00000000 ecx=00000000 edx=00000000 esi=00000066 edi=00000198
eip=80492de9 esp=eb46bcc0 ebp=eb46bcd8 iopl=0         nv up ei pl zr na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
nt!ExpLookupHandleTableEntry+0x2f:
80492de9 8b0c88           mov     ecx,[eax+ecx*4]   ds:0023:e587f000=????????
Resetting default scope

STACK_TEXT:  
eb46bcc4 804170ff 87896aa8 00000198 80485840 nt!ExpLookupHandleTableEntry+0x2f
eb46bcd8 804da628 87896aa8 80451b36 8742af8c nt!ExSweepHandleTable+0x1d
eb46bcf8 804e607b 00000000 8742ad60 00017644 nt!ObKillProcess+0x8e
eb46bd14 804e6194 00000000 8742ad60 00000000 nt!PspExitProcess+0x1ab
eb46bd44 804d868a 8742ad60 8742ad60 80485a34 nt!PspProcessDelete+0xae
eb46bd60 804504da 8742ad60 80485950 80477a80 nt!ObpRemoveObjectRoutine+0xd6
eb46bd78 804176b5 00000000 00000000 00000000 nt!ObpProcessRemoveObjectQueue+0x3e
eb46bda8 804565fc 00000000 00000000 00000000 nt!ExpWorkerThread+0xaf
eb46bddc 8046b6a6 80417606 00000000 00000000 nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


FOLLOWUP_IP:
nt!ExpLookupHandleTableEntry+2f
80492de9 8b0c88           mov     ecx,[eax+ecx*4]

SYMBOL_STACK_INDEX:  0

FOLLOWUP_NAME:  MachineOwner

SYMBOL_NAME:  nt!ExpLookupHandleTableEntry+2f

MODULE_NAME:  nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  41773335

STACK_COMMAND:  .trap ffffffffeb46bc4c ; kb

FAILURE_BUCKET_ID:  0x50_nt!ExpLookupHandleTableEntry+2f

BUCKET_ID:  0x50_nt!ExpLookupHandleTableEntry+2f

Followup: MachineOwner
---------

0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
mhamerAuthor Commented:
this one is slightly doiffernt but same time frma



BAD_POOL_CALLER (c2)
The current thread is making a bad pool request.  Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000050, Attempt to free a non-allocated paged pool address
Arg2: e58d1000, Starting address
Arg3: 000048d1, Start offset in pages from beginning of paged pool
Arg4: 0a000000, Size in bytes of paged pool

Debugging Details:
------------------


FAULTING_IP:
nt!ExFreeHandleTable+c3
80492aa5 85db             test    ebx,ebx

BUGCHECK_STR:  0xc2_50

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  INTEL_CPU_MICROCODE_ZERO

LAST_CONTROL_TRANSFER:  from 8046d071 to 8046e3dd

STACK_TEXT:  
bb062bbc 8046d071 e58d1000 00000004 87184c88 nt!MiFreePoolPages+0x4bd
bb062be8 8046cf0d e58d1000 00000000 80492aa5 nt!ExFreePoolWithTag+0xe1
bb062bf4 80492aa5 e58d1000 87184c88 80485840 nt!ExFreePool+0xb
bb062c0c 804da649 87184c88 8808772c 88087500 nt!ExFreeHandleTable+0xc3
bb062c28 804e607b 00000000 88087500 00057f47 nt!ObKillProcess+0xaf
bb062c44 804e6194 00000000 88087500 00000000 nt!PspExitProcess+0x1ab
bb062c74 804d868a 88087500 880874e8 890b7720 nt!PspProcessDelete+0xae
bb062c90 80450471 88087500 e58cdab8 880874e8 nt!ObpRemoveObjectRoutine+0xd6
bb062cb4 804507c2 bb062d64 0006e648 804505ca nt!ObfDereferenceObject+0x157
bb062d58 804670c9 0000015c 00000001 befe6aaa nt!NtClose+0x1f8
bb062d58 77f828d3 0000015c 00000001 befe6aaa nt!KiSystemService+0xc9
WARNING: Frame IP not in any known module. Following frames may be wrong.
0006e63c 00000000 00000000 00000000 00000000 0x77f828d3


FOLLOWUP_IP:
nt!ExFreeHandleTable+c3
80492aa5 85db             test    ebx,ebx

SYMBOL_STACK_INDEX:  3

FOLLOWUP_NAME:  MachineOwner

SYMBOL_NAME:  nt!ExFreeHandleTable+c3

MODULE_NAME:  nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  41773335

STACK_COMMAND:  kb

FAILURE_BUCKET_ID:  0xc2_50_nt!ExFreeHandleTable+c3

BUCKET_ID:  0xc2_50_nt!ExFreeHandleTable+c3

Followup: MachineOwner
---------

0
 
cpc2004Commented:
The minidump have the same DEFAULT_BUCKET_ID:  INTEL_CPU_MICROCODE_ZERO and it is a CPU error. However
 the w2k always crash between 10 - 11am and maybe you schedule some background process during 10-11 am which crash W2K.  You mst  take a full memory dump. Use windbg and issue the following command to display the failing proess name.
!process
!thread

50% of the failing process is the culprit unless it is a storage oerlay problem.

issue windbg at any minidump subcommand "lm tn" and paste the output here as I want to know what device driver is running at your W2k
0
 
mhamerAuthor Commented:
cool thank you, will send the info tomorrow around 11am :-)
0
 
mhamerAuthor Commented:
CPC2004  hopefully this is what you wanted?
2: kd> lm tn
start    end        module name
80062000 80076460   hal      halmacpi.dll Fri Mar 21 02:04:42 2003 (3E7A733A)
80400000 805a0340   nt       ntkrnlmp.exe Thu Oct 21 04:55:33 2004 (41773335)
a0000000 a018f000   win32k   win32k.sys   unavailable (FFFFFFFE)
a018f000 a01e6000   ati2drad ati2drad.dll unavailable (FFFFFFFE)
a0790000 a07d2000   vdtw30   vdtw30.dll   unavailable (FFFFFFFE)
be102000 be12e1c0   WDICA    WDICA.SYS    Fri Aug 20 08:45:47 2004 (4125AC2B)
be2ef000 be2f1fa0   IcaReduc IcaReduc.SYS Fri Aug 20 08:45:24 2004 (4125AC14)
be30f000 be324f00   RDPWD    RDPWD.SYS    Wed Jan 21 19:50:25 2004 (400ED801)
be5dd000 be5eca20   ipsec    ipsec.sys    Wed Apr 30 00:04:59 2003 (3EAF051B)
be66d000 be6e09e0   nwfs     nwfs.sys     Mon Jun 14 21:57:18 2004 (40CE112E)
be911000 be9333c0   Fastfat  Fastfat.SYS  Wed Jan 15 19:48:39 2003 (3E25BB17)
be95c000 be981720   srvloc   srvloc.sys   Mon May 03 22:07:04 2004 (4096B478)
bea3a000 bea42a60   termdd   termdd.sys   Fri Mar 21 21:43:08 2003 (3E7B876C)
beac2000 beafdbc0   srv      srv.sys      Wed Apr 30 00:05:07 2003 (3EAF0523)
beb0a000 beb0dee0   nwdhcp   nwdhcp.sys   Mon Feb 23 17:52:38 2004 (403A3DE6)
bec16000 bec5c980   cdm      cdm.sys      Mon Nov 22 23:11:34 2004 (41A27226)
beded000 bee0a4a0   afd      afd.sys      Wed Apr 30 09:45:29 2003 (3EAF8D29)
bee33000 bee49400   nwlnkipx nwlnkipx.sys Wed Jan 15 19:56:26 2003 (3E25BCEA)
beeb2000 beeb4dc0   ndisuio  ndisuio.sys  Wed Jan 15 19:55:21 2003 (3E25BCA9)
befb2000 bf016ca0   mrxsmb   mrxsmb.sys   Thu Jan 20 07:25:21 2005 (41EF5CE1)
bf029000 bf052900   rdbss    rdbss.sys    Fri Dec 03 03:37:11 2004 (41AFDF67)
bf053000 bf063980   naveng   naveng.sys   Tue Mar 15 20:35:44 2005 (42374720)
bf064000 bf0fce20   navex15  navex15.sys  Tue Mar 15 20:51:30 2005 (42374AD2)
bf125000 bf137f00   SYMEVENT SYMEVENT.SYS Thu Jan 15 02:02:13 2004 (4005F4A5)
bf138000 bf187000   savrt    savrt.sys    Mon Feb 09 23:24:30 2004 (402816AE)
bf1b7000 bf1c5360   nwlnkspx nwlnkspx.sys Sat Sep 25 20:16:42 1999 (37ED1F9A)
bf227000 bf24ee00   netbt    netbt.sys    Wed Jul 16 20:44:26 2003 (3F15AB1A)
bf24f000 bf2a0060   tcpip    tcpip.sys    Wed Apr 30 00:05:31 2003 (3EAF053B)
bf2d5000 bf2d8e20   dump_cpqcissm dump_cpqcissm.sys Mon Feb 02 20:01:16 2004 (401EAC8C)
bf2dd000 bf2e06c0   dump_diskdump dump_diskdump.sys Tue Feb 25 19:18:04 2003 (3E5BC16C)
bfb89000 bfbb33a0   update   update.sys   Wed Apr 16 05:22:01 2003 (3E9CDA69)
bfbb4000 bfbcfb40   ks       ks.sys       Wed Apr 16 05:02:11 2003 (3E9CD5C3)
bfbec000 bfbef7a0   cdfdrv   cdfdrv.sys   Fri Aug 20 08:48:55 2004 (4125ACE7)
bfc0a000 bfc2d060   rdpdr    rdpdr.sys    Fri Mar 21 21:43:14 2003 (3E7B8772)
bfc2e000 bfc44ba0   ndiswan  ndiswan.sys  Wed Apr 30 00:05:01 2003 (3EAF051D)
bfc45000 bfc65680   cpqteam  cpqteam.sys  Wed Jan 28 09:35:31 2004 (40178263)
bfc66000 bfc812a0   q57w2k   q57w2k.sys   Tue Feb 03 02:17:35 2004 (401F04BF)
bfc82000 bfcc8000   cpqasm2  cpqasm2.sys  Tue May 18 18:41:30 2004 (40AA4ACA)
bfcc8000 bfd1d600   ati2mpad ati2mpad.sys Wed Aug 20 02:20:11 2003 (3F42CCCB)
bfdbe000 bfdc1e60   TDI      TDI.SYS      Wed Jan 15 19:56:26 2003 (3E25BCEA)
bfdca000 bfdcc2e0   ndistapi ndistapi.sys Wed Jan 15 19:54:15 2003 (3E25BC67)
bfdd6000 bfdd9580   vga      vga.sys      Sat Sep 25 19:37:40 1999 (37ED1674)
bfdda000 bfddd640   serenum  serenum.sys  Wed Jan 15 19:47:01 2003 (3E25BAB5)
bfe46000 bfe60000   CPQPHP   CPQPHP.SYS   Fri Apr 23 17:44:10 2004 (408947DA)
bfe60000 bfe75640   Mup      Mup.sys      Wed Jan 15 19:54:01 2003 (3E25BC59)
bfe76000 bfe9faa0   NDIS     NDIS.sys     Wed Apr 30 00:05:01 2003 (3EAF051D)
bfea0000 bff225a0   Ntfs     Ntfs.sys     Fri May 09 20:46:45 2003 (3EBC05A5)
bff23000 bff347c0   KSecDD   KSecDD.sys   Sun Sep 21 01:32:19 2003 (3F6CF193)
bff35000 bff471c0   Dfs      Dfs.sys      Wed Feb 12 02:19:06 2003 (3E49AF1A)
bff48000 bff5a0c0   SCSIPORT SCSIPORT.SYS Sat May 17 02:11:02 2003 (3EC58C26)
bff5b000 bff82140   LsiCsb6  LsiCsb6.sys  Thu Jul 31 21:38:06 2003 (3F297E2E)
bff83000 bff98180   atapi    atapi.sys    Tue Apr 01 19:08:25 2003 (3E89D599)
bff99000 bffba9c0   dmio     dmio.sys     Wed Jan 15 19:47:04 2003 (3E25BAB8)
bffbb000 bffd7220   ftdisk   ftdisk.sys   Mon Mar 31 23:21:58 2003 (3E88BF86)
bffd8000 bffffc20   ACPI     ACPI.sys     Wed Jan 15 19:44:22 2003 (3E25BA16)
eb000000 eb00e6a0   pci      pci.sys      Wed Jan 15 19:44:07 2003 (3E25BA07)
eb010000 eb01b680   isapnp   isapnp.sys   Wed Jan 15 19:43:47 2003 (3E25B9F3)
eb020000 eb02faa0   adpu160m adpu160m.sys Wed Jan 15 19:42:27 2003 (3E25B9A3)
eb030000 eb03a4c0   symmpi   symmpi.sys   Wed May 26 17:26:28 2004 (40B4C534)
eb040000 eb048700   CLASSPNP CLASSPNP.SYS Wed Jan 15 19:42:51 2003 (3E25B9BB)
eb050000 eb058640   nicm     nicm.sys     Mon Feb 09 16:16:16 2004 (4027B250)
eb060000 eb06c4c0   VIDEOPRT VIDEOPRT.SYS Wed Jan 15 19:47:20 2003 (3E25BAC8)
eb0a0000 eb0a9a00   nwsipx32 nwsipx32.sys Thu Mar 11 21:57:55 2004 (4050E0E3)
eb0d0000 eb0dfee0   nwlnknb  nwlnknb.sys  Wed Jan 15 19:56:27 2003 (3E25BCEB)
eb110000 eb11b680   i8042prt i8042prt.sys Wed Apr 16 05:00:59 2003 (3E9CD57B)
eb120000 eb12f400   serial   serial.sys   Wed Apr 16 05:19:39 2003 (3E9CD9DB)
eb130000 eb13d580   CPQCISSE CPQCISSE.sys Thu Mar 11 21:50:26 2004 (4050DF22)
eb140000 eb14ca80   rasl2tp  rasl2tp.sys  Wed Apr 30 00:05:06 2003 (3EAF0522)
eb150000 eb15bc40   raspptp  raspptp.sys  Thu May 15 00:47:00 2003 (3EC2D574)
eb170000 eb179be0   usbhub   usbhub.sys   Tue Mar 18 23:30:41 2003 (3E77AC21)
eb1a0000 eb1a9ce0   NDProxy  NDProxy.SYS  Fri Oct 01 00:25:35 1999 (37F3F16F)
eb1b0000 eb1b8fa0   Npfs     Npfs.SYS     Sun Oct 10 00:58:07 1999 (37FFD68F)
eb1c0000 eb1c8680   msgpc    msgpc.sys    Wed Jan 15 19:54:25 2003 (3E25BC71)
eb1d0000 eb1d81a0   netbios  netbios.sys  Tue Oct 12 20:34:19 1999 (38038D3B)
eb1e0000 eb1f0000   Savrtpel Savrtpel.sys Mon Feb 09 23:24:34 2004 (402816B2)
eb1f0000 eb1f8240   Fips     Fips.SYS     Tue May 09 16:28:29 2000 (39182E9D)
eb260000 eb26efe0   Cdfs     Cdfs.SYS     Wed Apr 16 04:58:53 2003 (3E9CD4FD)
eb280000 eb285520   PCIIDEX  PCIIDEX.SYS  Tue Feb 25 18:31:08 2003 (3E5BB66C)
eb288000 eb28f4c0   MountMgr MountMgr.sys Tue Feb 10 19:47:53 2004 (40293569)
eb290000 eb296320   symc8xx  symc8xx.sys  Fri Mar 30 18:01:54 2001 (3AC4BC02)
eb298000 eb29d180   sym_hi   sym_hi.sys   Sat Sep 25 20:11:49 1999 (37ED1E75)
eb2a0000 eb2a7720   disk     disk.sys     Wed Jan 15 19:43:05 2003 (3E25B9C9)
eb2c8000 eb2cca20   CpqCiDrv CpqCiDrv.sys Fri Jul 11 16:32:03 2003 (3F0ED873)
eb2d8000 eb2ddec0   kbdclass kbdclass.sys Thu Feb 20 16:37:30 2003 (3E55044A)
eb2e8000 eb2ed400   mouclass mouclass.sys Thu Feb 20 16:37:45 2003 (3E550459)
eb2f0000 eb2f6a20   resmgr   resmgr.sys   Wed Jun 02 01:19:33 2004 (40BD1D15)
eb300000 eb306580   fdc      fdc.sys      Wed Jan 15 19:42:51 2003 (3E25B9BB)
eb310000 eb316c40   cdrom    cdrom.sys    Wed Jan 15 19:43:04 2003 (3E25B9C8)
eb320000 eb325fc0   openhci  openhci.sys  Sat Mar 01 00:28:59 2003 (3E5FFECB)
eb338000 eb33cfc0   USBD     USBD.SYS     Wed Jan 22 17:05:33 2003 (3E2ECF5D)
eb360000 eb364400   ptilink  ptilink.sys  Wed Jan 15 19:47:15 2003 (3E25BAC3)
eb370000 eb3740e0   raspti   raspti.sys   Fri Oct 08 21:45:10 1999 (37FE57D6)
eb380000 eb3848c0   TDTCP    TDTCP.SYS    Fri Mar 21 21:43:08 2003 (3E7B876C)
eb388000 eb38ca60   flpydisk flpydisk.sys Wed Jan 15 19:42:52 2003 (3E25B9BC)
eb398000 eb39ea20   EFS      EFS.SYS      Wed Jan 15 19:46:55 2003 (3E25BAAF)
eb3b8000 eb3bd240   Msfs     Msfs.SYS     Wed Oct 27 00:21:32 1999 (3816377C)
eb3d0000 eb3d7d00   wanarp   wanarp.sys   Fri Aug 16 13:25:01 2002 (3D5CEF1D)
eb408000 eb40d480   NWSAP    NWSAP.sys    Wed Feb 26 21:51:19 2003 (3E5D36D7)
eb410000 eb412a20   BOOTVID  BOOTVID.dll  Thu Nov 04 01:24:33 1999 (3820E051)
eb414000 eb416d00   PartMgr  PartMgr.sys  Wed Jan 15 19:43:07 2003 (3E25B9CB)
eb418000 eb41bfe0   symc810  symc810.sys  Sat Sep 25 20:11:49 1999 (37ED1E75)
eb41c000 eb41fe20   cpqcissm cpqcissm.sys Mon Feb 02 20:01:16 2004 (401EAC8C)
eb420000 eb423360   cpqarry2 cpqarry2.sys Sat Oct 02 00:47:57 1999 (37F5482D)
eb424000 eb427d40   nwfilter nwfilter.sys Fri Mar 05 15:45:50 2004 (4048A0AE)
eb500000 eb501d20   Diskperf Diskperf.sys Wed Feb 12 21:34:38 2003 (3E4ABDEE)
eb502000 eb503b80   dmload   dmload.sys   Wed Jan 15 19:47:06 2003 (3E25BABA)
eb510000 eb511ca0   Fs_Rec   Fs_Rec.SYS   Wed Jan 15 19:53:30 2003 (3E25BC3A)
eb518000 eb519e40   rasacd   rasacd.sys   Sat Sep 25 19:41:23 1999 (37ED1753)
eb52a000 eb52ba60   uphcleanhlp uphcleanhlp.sys Fri Mar 05 05:43:35 2004 (40481387)
eb540000 eb542000   pdcrypt1 pdcrypt1.SYS unavailable (FFFFFFFE)
eb55a000 eb55b460   NWSNS    NWSNS.sys    Thu Feb 13 14:27:38 2003 (3E4BAB5A)
eb578000 eb57a000   PDRFRAME PDRFRAME.SYS unavailable (FFFFFFFE)
eb59a000 eb59b1c0   ctxsmcdrv ctxsmcdrv.sys Wed May 07 01:48:10 2003 (3EB857CA)
eb5c8000 eb5c8f80   WMILIB   WMILIB.SYS   Sat Sep 25 19:36:47 1999 (37ED163F)
eb5c9000 eb5c9b00   pciide   pciide.sys   Wed Jan 15 19:43:03 2003 (3E25B9C7)
eb600000 eb600a40   audstub  audstub.sys  Sat Sep 25 19:35:33 1999 (37ED15F5)
eb60a000 eb60ad80   swenum   swenum.sys   Sat Sep 25 19:36:31 1999 (37ED162F)
eb627000 eb6279e0   Null     Null.SYS     Sat Sep 25 19:34:58 1999 (37ED15D2)
eb629000 eb629ee0   Beep     Beep.SYS     Wed Oct 20 23:18:59 1999 (380E3FD3)
eb62c000 eb62cf80   mnmdd    mnmdd.SYS    Sat Sep 25 19:37:40 1999 (37ED1674)
eb684000 eb684b80   sysmgmt  sysmgmt.sys  Tue May 18 18:41:32 2004 (40AA4ACC)

Unloaded modules:
eb560000 eb562000   PDRFRAME.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
eb56c000 eb56e000   pdcrypt1.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
eb526000 eb528000   PDRFRAME.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
eb5a4000 eb5a6000   pdcrypt1.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
eb538000 eb53a000   PDRFRAME.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
eb5c2000 eb5c4000   pdcrypt1.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
eb586000 eb588000   PDRFRAME.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
eb594000 eb596000   pdcrypt1.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
eb508000 eb50a000   PDRFRAME.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
eb50c000 eb50e000   pdcrypt1.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
eb1f0000 eb1f9000   redbook.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
eb3a8000 eb3ad000   Cdaudio.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
bfde2000 bfde5000   Sfloppy.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
bf28e000 bf2e9000   dmboot.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
0
 
cpc2004Commented:
I've examine the output of 'lm tn' and have no new finding. Do you know what process are running when the W2K crashes?

I want all of your system event 1001
Control Panel -> Adminstrative Tools -> Event Viewer -> System -> Event 1001. Copy the content and paste it back here
0
 
mhamerAuthor Commented:
will send you those soon as i get into work in the morning,

it is due to be a new ts server  only a handful of test users at present

installed

Office 2000  (noticed  newprof.exe mentioned asa process running at time of bug check) didnt keep older bugchecks though  just he minidumps and they do not show this  )

a bespoke application (booking system)

acrobat7

symantec corp AV  but this is "supposed to be ok with terminal services "  and it has been disabled for last two days. still BSod

removed all printers as i know this can cause issue and users have no ability to add there own

the full suite of hp agents are there and running but nothing in event viewerabout thoose



it is roughly same time each day it happerns, nothing sheduled or run at his time.
0
 
mhamerAuthor Commented:
this is on the last two dumps i have (didnt save the last big one:-(


im assuming it is the neworif.exe that deals with outlook??

PROCESS 87a0aca0  SessionId: 12  Cid: 0000    Peb: 7ffdf000  ParentCid: 1d7c
    DirBase: 00700000  ObjectTable: 00000000  TableSize:   0.
    Image: NEWPROF.EXE
    VadRoot 87d57408 Clone 0 Private 2. Modified 0. Locked 0.
    DeviceMap 879bc128
    Token                             e549d030
    ElapsedTime                        0:00:00.0093
    UserTime                          0:00:00.0000
    KernelTime                        0:00:00.0000
    QuotaPoolUsage[PagedPool]         688
    QuotaPoolUsage[NonPagedPool]      208
    Working Set Sizes (now,min,max)  (6, 50, 345) (24KB, 200KB, 1380KB)
    PeakWorkingSetSize                8
    VirtualSize                       0 Mb
    PeakVirtualSize                   0 Mb
    PageFaultCount                    5
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      10


0
 
cpc2004Commented:
No new cluses and it is faulty CPU.
0
 
mhamerAuthor Commented:
still think its software, as it doesnt happern on a weekend (i know cpu is not hammered on a weekend either)
there are countless reports of printers and virus protection also causing BSOD  the two day we turned off VP  the server staid up, could be coincedence,  several other servers all with same software running, dont bsod.


newprof.exe is the process that shows up in 4 out of 6 of the dumps (!process, in windbg)

reinstalled office (along with newprof.  its not something i installed or use not sure if its automatic or not.)
0
 
cpc2004Commented:
Attach the following files at any webspace. I will study your log and dumps.
C:\Documents and Settings\All Users\Documents\DrWatson\user.dmp
C:\Documents and Settings\All Users\Documents\DrWatson\drwtsn32.log
0
 
cpc2004Commented:
Do you have any update of the problem?
0
 
Wayne BarronCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:
[Accept: cpc2004]

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

Carrzkiss
EE Cleanup Volunteer
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now