Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1194
  • Last Modified:

Daily BSOD on all three Windows Server 2003 boxes

Hello Experts,

I've been scrathing my head on this one and could really use some help.  I have three new HP DL385 boxes and BSOD at least once a day each.  I even rebuilt one of the boxes and it still does the same thing.

The BSODs come up with the following types of messages (two examples for each server):
Server 1:
Error code 100000d1, parameter1 00000000, parameter2 d0000002, parameter3 00000001, parameter4 b9aaafd0.
Error code 100000d1, parameter1 0000000c, parameter2 d0000002, parameter3 00000000, parameter4 f7a1afb3.

Server 2:
Error code 100000d1, parameter1 000000e8, parameter2 d0000002, parameter3 00000000, parameter4 f70f8fda.
Error code 1000008e, parameter1 c0000005, parameter2 f70f8d9b, parameter3 f4d91a70, parameter4 00000000.

Server 3:
Error code 1000000a, parameter1 00000014, parameter2 d0000002, parameter3 00000000, parameter4 80813e87.
Error code 1000008e, parameter1 c0000005, parameter2 f76d2d35, parameter3 b76c094c, parameter4 00000000.

Windows help and support calls the crashes are due to a driver error, but does not give any indication of which driver or device is causing the crashes.  All three boxes are identical in build (all purchased at the same time.)  All have Windows Server 2003 with all of the latest patches / service packs.  The NIC driver has been updated on all three servers but the other drivers of the version provided by the copy of smart start that came with the servers.

Could someone offer help in finding out how to figure out which driver is causing these crashes?

Thanks!
Chad
0
cfetzer
Asked:
cfetzer
1 Solution
 
krawz187Commented:
Are you using Windows Update to download and install drivers?  If so, I suggest obtaining the drivers directly from the manufacturer instead and installing those.  In my experience, Windows Update sometimes prescribes generic or incorrect drivers for your hardware.

If you look in the Windows Event Viewer, do you see any errors/warnings listed around the same time that the BSOD occurred?  Anything revealing in there?
0
 
cfetzerAuthor Commented:
Hi, thanks for the comment.

Yeah, I've combed through the logs numerous times and can't find anything fishy before the crashes happen.  I also don't use Windows updates to update the drivers.  All three boxes are new HP DL385 boxes and all of the hardware drivers are from HP.  Yup, I've had issues with MS's recommended driver updates so I don't use them.

However, configured the servers to create minidumps and since they crashed as usual since yesterday, I was able to open one of them up (downloaded symbols and debugging tools.)  Here is the output from one of the minidumps.  It references TDI.SYS and I can't seem to find anything helpful after looking through the knowledgebase and googling:

Microsoft (R) Windows Debugger  Version 6.7.0005.1
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [c:\windows\minidump\Mini101007-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: c:\windows\i386
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs) Free x86 compatible
Product: LanManNt, suite: TerminalServer SingleUserTS
Built by: 3790.srv03_sp2_gdr.070304-2240
Kernel base = 0x80800000 PsLoadedModuleList = 0x808a6ea8
Debug session time: Wed Oct 10 10:49:12.062 2007 (GMT-5)
System Uptime: 1 days 2:31:56.736
Loading Kernel Symbols
........................................................................................................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.
BugCheck 100000D1, {0, d0000002, 1, b9aaafd0}
Probably caused by : TDI.SYS ( TDI!CTEpEventHandler+32 )
Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: d0000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: b9aaafd0, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS:  00000000
CURRENT_IRQL:  2

FAULTING_IP:
afd!AfdBReceiveEventHandler+358
b9aaafd0 f3a5            rep movs dword ptr es:[edi],dword ptr [esi]

CUSTOMER_CRASH_COUNT:  1
DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR:  0xD1
PROCESS_NAME:  System
LAST_CONTROL_TRANSFER:  from b9b0c5fd to b9aaafd0

STACK_TEXT:  
f78eea38 b9b0c5fd 847ba7d0 84703848 00000e20 afd!AfdBReceiveEventHandler+0x358
f78eeaa0 b9b0a4c5 006365c0 00001850 894af118 tcpip!IndicateData+0x300
f78eeaec b9b09c21 1d54c1b5 1d54c1b5 894af118 tcpip!TcpFastReceive+0x301
f78eebc8 b9b06236 8a64b1d0 0400000a 0400000a tcpip!TCPRcv+0x723
f78eec28 b9b0445e 00000024 8a800840 b9b099d2 tcpip!DeliverToUser+0x189
f78eecb8 b9b10251 8a64b1d0 894bfa10 00000030 tcpip!IPRcvPacket+0x686
f78eed64 baf71064 b9b44e60 8a64b1d0 8b37a8d0 tcpip!LoopXmitRtn+0x195
f78eed80 8088043d 8a64b1d0 00000000 8b37a8d0 TDI!CTEpEventHandler+0x32
f78eedac 80949b7c b9b44e60 00000000 00000000 nt!ExpWorkerThread+0xeb
f78eeddc 8088e062 80880352 00000001 00000000 nt!PspSystemThreadStartup+0x2e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP:
TDI!CTEpEventHandler+32
baf71064 5f              pop     edi

SYMBOL_STACK_INDEX:  7
SYMBOL_NAME:  TDI!CTEpEventHandler+32
FOLLOWUP_NAME:  MachineOwner
MODULE_NAME: TDI
IMAGE_NAME:  TDI.SYS
DEBUG_FLR_IMAGE_TIMESTAMP:  45d69a2f
FAILURE_BUCKET_ID:  0xD1_W_TDI!CTEpEventHandler+32
BUCKET_ID:  0xD1_W_TDI!CTEpEventHandler+32
Followup: MachineOwner
---------
0
 
johnb6767Commented:
Where is the TDI.sys file it is referencing?

Just fyi, if it is not in c:\windows\system32\drivers

W32.Sistdi
http://www.symantec.com/security_response/writeup.jsp?docid=2003-012013-5708-99&tabid=2

0
Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

 
cfetzerAuthor Commented:
Thanks John,

Although I checked the location of the TDI.SYS files and they are located in c:\windows\system32\drivers where they belong.  No other copies exits directly under c:\windows as the article states.
0
 
johnb6767Commented:
Might try resetting TCPIP...

netsh int ip reset reset.log

Then erboot and hope for the best?

Also, in the debugger, run the following with oneof those dumps...

!process
0
 
cfetzerAuthor Commented:
Yea, i'll try that, but I actually rebuilt one of the servers completely and even the new build gets bsods.

I really wish there was more information in that dump to figure out which piece of hardware is causing this!
0
 
johnb6767Commented:
Yea, the dumps are great, when you find an answer out of them....

Did you use the same drivers for this one as was already installed?
0
 
cfetzerAuthor Commented:
Yea, exact same drivers...except I tried upgrading the NIC driver with the latest version to see if that helped (it's a dual port nic, load-balanced) and that didn't seem to fix it.
0
 
johnb6767Commented:
Might try an older one than the original even?
0
 
cfetzerAuthor Commented:
HP finally came back and said it was a RAID driver.  They provided the driver and this fixed the problem.  Thanks for the suggestions anyway.  I appreciate it.
0
 
johnb6767Commented:
Your honor, I object!!!

Just kidding....No obj. by me.....

:^)
0
 
Vee_ModCommented:
Closed, 500 points refunded.
Vee_Mod
Community Support Moderator
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now