Solved

Blue screen of death -  Windows 2003 enterprise - main production server - hard nut to crack!

Posted on 2006-07-12
9
444 Views
Last Modified: 2012-08-13
Hi!

We have a critical bleu screen error on our main server which among things runs our first name server.

Could you guys interpreter this error for us - we do not know the cause yet, if its triggered by recently installed software.

the server has been running fine for a very long time and has NOT had any hardware upgrades since windows was installed in the first place.

The blue screen of death is as follows:

Plz note: The spaces between the numbers/characters is ONLY made for making reading easier!

*** Stop : 0 X 000 000 B8, (0 x 87 811 AC 0, 0 X 89 F3 B8 D0, 0 X B884 B 000, 0 X 0000 0000)
We would very much aprecate the help we can get on this hard nut to crack!

As for what I know the latest thing that has been added to the server is a backup software "Paragon 7.0" from  http://www.drive-backup.com

Thanks in advance guys!
 
0
Comment
Question by:whatisthesolution
  • 6
  • 3
9 Comments
 
LVL 29

Accepted Solution

by:
mass2612 earned 500 total points
Comment Utility
Hi,

You can use the Windows Debugging Tools to analyse the memory.dmp file that should be in your C:\windows or c:\winnt folder. Copy this to a workstation and install the debugging tools and then use Windbg to analyse the dump file to try to help figure it out.

http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx

You'll need to add the following setting to the symbol file path within the Windbg tool
SRV*c:\temp*http://msdl.microsoft.com/download/symbols

http://support.microsoft.com/?kbid=311503

What's you hardware details? Are you running the cluster service?
0
 
LVL 1

Author Comment

by:whatisthesolution
Comment Utility
Its fujitsu siemens machine with AMD processor - mainboard? -  i dont know..  2 D-link gbs eathernet nics . 3 GB DRR RAM from a danish producer called dan-elect. the setup is nothing special, kind of standard. Cluster service? - No we are not running cluster service...

In the meantime - thanks - we look into the tools and have looks..

I'l return with an update on how it goes...

0
 
LVL 1

Author Comment

by:whatisthesolution
Comment Utility
Oh da.. the second link you gave me is invalid....

Microsoft Internet Symbol Server
The data you requested cannot be retrieved.

You have reached this page because either you or an application that you are running has tried to retrieve debugging data from Microsoft.  The requested data is either not available or needs to be retrieved by using the latest Microsoft Symbol Server technology.

This internet debugging data storage site is provided by Microsoft ........................................

thanks in advance!


0
 
LVL 29

Expert Comment

by:mass2612
Comment Utility
That line is not a link for you to browse to its a setting that you add in the Windbg tool so that you have access to the symbol files for the OS.

"SRV*c:\temp*http://msdl.microsoft.com/download/symbols"
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 1

Author Comment

by:whatisthesolution
Comment Utility
Ok - it seams that i was to fast there on my keyboard - all links are ok. :-)
0
 
LVL 1

Author Comment

by:whatisthesolution
Comment Utility
Hi - i get an error:

................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck B8, {87811ac0, 89f3b8d0, b884b000, 0}

*** ERROR: Module load completed but symbols could not be loaded for hotcore.sys
Probably caused by : hotcore.sys ( hotcore+1514 )

Followup: MachineOwner

 hotcore.sys -->so what do i do know?
0
 
LVL 1

Author Comment

by:whatisthesolution
Comment Utility
Well in the meantime -  ive doen some googleing..  and found this:

http://www.file.net/process/hotcore.sys.html

 hotcore.sys file information
The process Hotbackup helper driver belongs to the software HotBackup by Paragon Software Group.

Description: hotcore.sys is located in the folder C:\Windows\System32\drivers. Known file sizes on Windows XP are 18208 bytes (69% of all occurrence), 30820 bytes.
The driver can be started or stopped from Services in the Control Panel or by other programs. The program has no visible window. The service has no detailed description. File hotcore.sys is not a Windows core file. Therefore the technical security rating is 40% dangerous.

So it looks like paragone has taken the server down on its knees.. - so the big million dollar question is on how to fix this.
0
 
LVL 29

Expert Comment

by:mass2612
Comment Utility
I would disable the Paragon software and services  and contact their technical support for assistance as a first step as there is probably an update or fix that they can provide.
0
 
LVL 1

Author Comment

by:whatisthesolution
Comment Utility
Sounds like a good advice! :-)

mass2612! thank you for your help!

Have a very nice day - you deserve it!

Cheers whatisthesolution
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now