win32ksys crashes system

Posted on 2007-08-03
Last Modified: 2008-01-09
I have a client who's server is crashing at seemingly random times although it seems to crash more often when they are running MAS 200. The crash dump is below. I have no experience in debugging so any help is appreciated.

Microsoft (R) Windows Debugger  Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [F:\Documents and Settings\Mike Gaston\My

Kernel Complete Dump File: Full address space is available

Symbol search path is: SRV*F:\symbols*
Executable search path is:
Windows Server 2003 Kernel Version 3790 (Service Pack 1) MP (4 procs) Free x86 compatible
Product: LanManNt, suite: TerminalServer SingleUserTS
Built by: 3790.srv03_sp1_gdr.070304-2232
Kernel base = 0x80800000 PsLoadedModuleList = 0x808af988
Debug session time: Thu Aug  2 16:14:07.339 2007 (GMT-7)
System Uptime: 0 days 3:59:10.421
Loading Kernel Symbols

Loading User Symbols
Loading unloaded module list
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

Use !analyze -v to get detailed debugging information.

BugCheck E3, {85f51358, 85129b28, 852dea58, 3}

Probably caused by : win32k.sys ( win32k!xxxSleepThread+1aa )

Followup: MachineOwner

2: kd> !analyze -v
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

A thread tried to release a resource it did not own.
Arg1: 85f51358, Address of resource
Arg2: 85129b28, Address of thread
Arg3: 852dea58, Address of owner table if there is one
Arg4: 00000003

Debugging Details:



PROCESS_NAME:  explorer.exe


LAST_CONTROL_TRANSFER:  from 8086ddbd to 8087b71e

f4787c14 8086ddbd 000000e3 85f51358 85129b28 nt!KeBugCheckEx+0x1b
f4787c48 808418e9 bf87563d 00000210 e5bd4008 nt!ExReleaseResourceLite+0x12a
f4787c4c bf87563d 00000210 e5bd4008 00000010 nt!ExReleaseResourceAndLeaveCriticalRegion+0x5
f4787c94 bf873e0b 000025ff 00000000 00000001 win32k!xxxSleepThread+0x1aa
f4787cec bf87a4ea f4787d18 00000000 00000000 win32k!xxxRealInternalGetMessage+0x46a
f4787d4c 80834d3f 0141fd6c 00000000 00000000 win32k!NtUserGetMessage+0x3f
f4787d4c 7c82ed54 0141fd6c 00000000 00000000 nt!KiFastCallEntry+0xfc
0141fcf8 7739c7bd 7739c7f0 0141fd6c 00000000 ntdll!KiFastSystemCallRet
0141fd18 748f1680 0141fd6c 00000000 00000000 USER32!NtUserGetMessage+0xc
0141fd90 748f3073 748f0000 00000000 00010116 stobject!SysTrayMain+0x180
0141ffb8 77e6608b 00000000 00000000 00000000 stobject!CSysTray::SysTrayThreadProc+0x4f
0141ffec 00000000 748f3024 00000000 00000000 kernel32!BaseThreadStart+0x34


bf87563d ff75dc          push    dword ptr [ebp-24h]


FOLLOWUP_NAME:  MachineOwner


IMAGE_NAME:  win32k.sys


SYMBOL_NAME:  win32k!xxxSleepThread+1aa

FAILURE_BUCKET_ID:  0xE3_win32k!xxxSleepThread+1aa

BUCKET_ID:  0xE3_win32k!xxxSleepThread+1aa

Followup: MachineOwner

Question by:mikegaston3127
    LVL 8

    Accepted Solution

    Check the system event logs for an errors around the time of the crashes...

    The log mentions a DRIVER_FAULT. Drivers are common sources of unexplained crashes. Have you verified that all the hardware on the server is supported for Windows 2003 Server? You can check with the suppliers and on the Windows Hardware Compatibility List (

    If the crashes appear to correspond to usage of a particular application then try to work out which bits of hardware this application would be using. If the application accesses files stored on a particular disk subsystem then is the subsystem supported. Is there a known problem with the version of the driver in use on that subsystem etc.

    The stack trace makes mention of CSysTray and SysTrayMain. These may implicate some code which places on icon in the system tray (the little area in the bottom right corner of the screen where the clock is displayed). Check to see what icons are displayed there. If there are any apart from the standard Microsoft ones, they could be worth investigating.

    Hope this helps.
    LVL 31

    Assisted Solution

    check out this:

    2. Also that could be each update all if this is possible!

    3. Start->run->SFC /SCANNOW    (this repairs all system files)

    Author Comment

    As it turns out it was a faulty processor.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip is around source server preparation. No migration is an easy migration, there is a…
    Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now