computers are restarted after joining to domain
after I've joined clients to domain, they restarted randomly without any blue screen or s.th else. sometime they restarted after logging in, and sometimes during work.
after restart just a savedump error message shows up in event viewer and some error numbers.
My clients, as servers, using ipsec policies using preshared keys and I don't deploy ipsec policies with active directory.
I've activated them manually on every client computer.
what the reason of restarts could be?
after restart just a savedump error message shows up in event viewer and some error numbers.
My clients, as servers, using ipsec policies using preshared keys and I don't deploy ipsec policies with active directory.
I've activated them manually on every client computer.
what the reason of restarts could be?
rindi
Right Click "My Computer", select "Properties", "Advanced", Startup and recovery "Settings", and disable "Auto restart" on system error. You should then get Bluescreens instead of restarts. Post the Stop codes you get. Also upload some minidumps to here (in the Windows\minidump directory).
ASKER
I did what you said. Blue screen with random files and random errors appeared.
Sometimes it shows errors for some files like sysaudio.sys or win32k.exe and ..., but some times without file names and has errors like page in nonepaged area or some other errors.
These problems didn't appear before joining clients to domain. I examine domain and local policies thoroughly and didn't find any setting.
I attached 2 minidump files, but please rename those extensions to .dmp if you want examine them.
Mini012908-02.txt
Mini012908-03.txt
Sometimes it shows errors for some files like sysaudio.sys or win32k.exe and ..., but some times without file names and has errors like page in nonepaged area or some other errors.
These problems didn't appear before joining clients to domain. I examine domain and local policies thoroughly and didn't find any setting.
I attached 2 minidump files, but please rename those extensions to .dmp if you want examine them.
Mini012908-02.txt
Mini012908-03.txt
ASKER
This is memory dump analyze:
kd> !analyze -v
**************************
* *
* Bugcheck Analysis *
* *
**************************
PAGE_FAULT_IN_NONPAGED_ARE
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: e289b533, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: bf8ade90, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000001, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
Image at f793c000 had size 0
Image at f793c000 had size 0
READ_ADDRESS: e289b533
FAULTING_IP:
win32k!ReadLayoutFile+22c
bf8ade90 397808 cmp dword ptr [eax+8],edi
MM_INTERNAL_CODE: 1
CUSTOMER_CRASH_COUNT: 3
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: winlogon.exe
LAST_CONTROL_TRANSFER: from bf8adc34 to bf8ade90
STACK_TEXT:
f6e5f944 bf8adc34 e16eafa0 01580178 00000888 win32k!ReadLayoutFile+0x22
f6e5f964 bf8d1b3b 00000938 000017f0 00007523 win32k!LoadKeyboardLayoutF
f6e5f9f0 bf8d163d 842bf138 00000938 00000000 win32k!xxxLoadKeyboardLayo
f6e5fd40 8053c808 00000938 752317f0 0006e1b4 win32k!NtUserLoadKeyboardL
f6e5fd40 7c90eb94 00000938 752317f0 0006e1b4 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
0006e17c 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!ReadLayoutFile+22c
bf8ade90 397808 cmp dword ptr [eax+8],edi
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!ReadLayoutFile+22c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP:
FAILURE_BUCKET_ID: 0x50_win32k!ReadLayoutFile
BUCKET_ID: 0x50_win32k!ReadLayoutFile
Followup: MachineOwner
---------
kd> !analyze -v
**************************
* *
* Bugcheck Analysis *
* *
**************************
PAGE_FAULT_IN_NONPAGED_ARE
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: e289b533, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: bf8ade90, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000001, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
Image at f793c000 had size 0
Image at f793c000 had size 0
READ_ADDRESS: e289b533
FAULTING_IP:
win32k!ReadLayoutFile+22c
bf8ade90 397808 cmp dword ptr [eax+8],edi
MM_INTERNAL_CODE: 1
CUSTOMER_CRASH_COUNT: 3
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: winlogon.exe
LAST_CONTROL_TRANSFER: from bf8adc34 to bf8ade90
STACK_TEXT:
f6e5f944 bf8adc34 e16eafa0 01580178 00000888 win32k!ReadLayoutFile+0x22
f6e5f964 bf8d1b3b 00000938 000017f0 00007523 win32k!LoadKeyboardLayoutF
f6e5f9f0 bf8d163d 842bf138 00000938 00000000 win32k!xxxLoadKeyboardLayo
f6e5fd40 8053c808 00000938 752317f0 0006e1b4 win32k!NtUserLoadKeyboardL
f6e5fd40 7c90eb94 00000938 752317f0 0006e1b4 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
0006e17c 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!ReadLayoutFile+22c
bf8ade90 397808 cmp dword ptr [eax+8],edi
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!ReadLayoutFile+22c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP:
FAILURE_BUCKET_ID: 0x50_win32k!ReadLayoutFile
BUCKET_ID: 0x50_win32k!ReadLayoutFile
Followup: MachineOwner
---------
One of the crashes you got points to a "sysaudio.sys" driver. Try uninstalling audio drivers and get updates.
ASKER
You were right, but on the same computer, the bug check which I posted here shows that win32k.sys is the point of failure.
It's the dump analyze on the same computer,
kd> !analyze -v
**************************
* *
* Bugcheck Analysis *
* *
**************************
KERNEL_MODE_EXCEPTION_NOT_
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: bf8485a4, The address that the exception occurred at
Arg3: f6fa0914, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
win32k!xxxKENLSProcs+2f
bf8485a4 3816 cmp byte ptr [esi],dl
TRAP_FRAME: f6fa0914 -- (.trap 0xfffffffff6fa0914)
ErrCode = 00000000
eax=15954800 ebx=00008000 ecx=159548e1 edx=0000004c esi=368e685d edi=f6fa09d0
eip=bf8485a4 esp=f6fa0988 ebp=f6fa0990 iopl=0 ov up ei pl nz na pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010a07
win32k!xxxKENLSProcs+0x2f:
bf8485a4 3816 cmp byte ptr [esi],dl ds:0023:368e685d=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: csrss.exe
LAST_CONTROL_TRANSFER: from bf849a3a to bf8485a4
STACK_TEXT:
f6fa0990 bf849a3a f6fa09d0 00000000 f6fa09e8 win32k!xxxKENLSProcs+0x2f
f6fa09ac bf8c2afe f6fa094c 00000000 00000000 win32k!xxxProcessKeyEvent+
f6fa09ec bf8c3607 e1b39a00 4cb39a68 00000001 win32k!ProcessKeyboardInpu
f6fa0a0c bf85e489 e1b39a68 8433ab18 f6fa0a64 win32k!ProcessKeyboardInpu
f6fa0a1c 804fd030 e1b39a68 e1b39a90 00000000 win32k!InputApc+0x4e
f6fa0a64 80500198 00000000 00000000 00000000 nt!KiDeliverApc+0x124
f6fa0a7c 804f973e 804fd79c 00000001 00000000 nt!KiSwapThread+0x64
f6fa0ab4 bf8aec51 00000007 8456bdc0 00000001 nt!KeWaitForMultipleObject
f6fa0d30 bf8c8594 f76cb4a8 00000002 f6fa0d54 win32k!RawInputThread+0x4f
f6fa0d40 bf800ff4 f76cb4a8 f6fa0d64 0075fff4 win32k!xxxCreateSystemThre
f6fa0d54 8053c808 00000000 00000022 00000000 win32k!NtUserCallOneParam+
f6fa0d54 7c90eb94 00000000 00000022 00000000 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
00000000 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!xxxKENLSProcs+2f
bf8485a4 3816 cmp byte ptr [esi],dl
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!xxxKENLSProcs+2f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP:
FAILURE_BUCKET_ID: 0x8E_win32k!xxxKENLSProcs+
BUCKET_ID: 0x8E_win32k!xxxKENLSProcs+
Followup: MachineOwner
---------
and it's dump analyze on another computer in the network.
kd> !analyze -v
**************************
* *
* Bugcheck Analysis *
* *
**************************
PAGE_FAULT_IN_NONPAGED_ARE
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: a9c618e4, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: bf8485a4, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000000, (reserved)
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
**************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
**************************
**************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
**************************
**************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
**************************
**************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
**************************
**************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
**************************
**************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
**************************
**************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
**************************
MODULE_NAME: win32k
FAULTING_MODULE: 804d7000 nt
DEBUG_FLR_IMAGE_TIMESTAMP:
READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
a9c618e4
FAULTING_IP:
win32k!xxxKENLSProcs+2f
bf8485a4 3816 cmp byte ptr [esi],dl
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 3
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
BUGCHECK_STR: 0x50
LAST_CONTROL_TRANSFER: from bf849a3a to bf8485a4
STACK_TEXT:
f965b990 bf849a3a f965b9d0 00000000 f965b9e8 win32k!xxxKENLSProcs+0x2f
f965b9ac bf8c2afe f965b933 00000000 00000000 win32k!xxxProcessKeyEvent+
f965b9ec bf8c3607 e1c7cb00 33c7cb58 00000001 win32k!ProcessKeyboardInpu
f965ba0c bf85e489 e1c7cb58 82659a50 f965ba64 win32k!ProcessKeyboardInpu
f965ba1c 804f1dd8 e1c7cb58 e1c7cb80 00000000 win32k!InputApc+0x4e
WARNING: Stack unwind information not available. Following frames may be wrong.
f965ba64 804ed199 00000000 00000000 00000000 nt!PsGetProcessJob+0xe8
f965bab4 bf8aec51 00000007 826667f0 00000001 nt!KeSaveFloatingPointStat
f965bd30 bf8c8594 f966b4a8 00000002 f965bd54 win32k!RawInputThread+0x4f
f965bd40 bf800ff4 f966b4a8 f965bd64 0075fff4 win32k!xxxCreateSystemThre
f965bd54 804df06b 00000000 00000022 00000000 win32k!NtUserCallOneParam+
f965bddc 804fa477 805bcbff 00000001 00000000 nt!ZwYieldExecution+0xb96
00000000 00000000 00000000 00000000 00000000 nt!KeInitializeTimer+0x10c
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!xxxKENLSProcs+2f
bf8485a4 3816 cmp byte ptr [esi],dl
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!xxxKENLSProcs+2f
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: win32k.sys
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
Both computers and other computers on the network, got same errors.
what is win32k.sys? I think all errors initiated by this file.
It's the dump analyze on the same computer,
kd> !analyze -v
**************************
* *
* Bugcheck Analysis *
* *
**************************
KERNEL_MODE_EXCEPTION_NOT_
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: bf8485a4, The address that the exception occurred at
Arg3: f6fa0914, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
win32k!xxxKENLSProcs+2f
bf8485a4 3816 cmp byte ptr [esi],dl
TRAP_FRAME: f6fa0914 -- (.trap 0xfffffffff6fa0914)
ErrCode = 00000000
eax=15954800 ebx=00008000 ecx=159548e1 edx=0000004c esi=368e685d edi=f6fa09d0
eip=bf8485a4 esp=f6fa0988 ebp=f6fa0990 iopl=0 ov up ei pl nz na pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010a07
win32k!xxxKENLSProcs+0x2f:
bf8485a4 3816 cmp byte ptr [esi],dl ds:0023:368e685d=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: csrss.exe
LAST_CONTROL_TRANSFER: from bf849a3a to bf8485a4
STACK_TEXT:
f6fa0990 bf849a3a f6fa09d0 00000000 f6fa09e8 win32k!xxxKENLSProcs+0x2f
f6fa09ac bf8c2afe f6fa094c 00000000 00000000 win32k!xxxProcessKeyEvent+
f6fa09ec bf8c3607 e1b39a00 4cb39a68 00000001 win32k!ProcessKeyboardInpu
f6fa0a0c bf85e489 e1b39a68 8433ab18 f6fa0a64 win32k!ProcessKeyboardInpu
f6fa0a1c 804fd030 e1b39a68 e1b39a90 00000000 win32k!InputApc+0x4e
f6fa0a64 80500198 00000000 00000000 00000000 nt!KiDeliverApc+0x124
f6fa0a7c 804f973e 804fd79c 00000001 00000000 nt!KiSwapThread+0x64
f6fa0ab4 bf8aec51 00000007 8456bdc0 00000001 nt!KeWaitForMultipleObject
f6fa0d30 bf8c8594 f76cb4a8 00000002 f6fa0d54 win32k!RawInputThread+0x4f
f6fa0d40 bf800ff4 f76cb4a8 f6fa0d64 0075fff4 win32k!xxxCreateSystemThre
f6fa0d54 8053c808 00000000 00000022 00000000 win32k!NtUserCallOneParam+
f6fa0d54 7c90eb94 00000000 00000022 00000000 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
00000000 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!xxxKENLSProcs+2f
bf8485a4 3816 cmp byte ptr [esi],dl
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!xxxKENLSProcs+2f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP:
FAILURE_BUCKET_ID: 0x8E_win32k!xxxKENLSProcs+
BUCKET_ID: 0x8E_win32k!xxxKENLSProcs+
Followup: MachineOwner
---------
and it's dump analyze on another computer in the network.
kd> !analyze -v
**************************
* *
* Bugcheck Analysis *
* *
**************************
PAGE_FAULT_IN_NONPAGED_ARE
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: a9c618e4, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: bf8485a4, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000000, (reserved)
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
**************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
**************************
**************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
**************************
**************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
**************************
**************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
**************************
**************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
**************************
**************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
**************************
**************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
**************************
MODULE_NAME: win32k
FAULTING_MODULE: 804d7000 nt
DEBUG_FLR_IMAGE_TIMESTAMP:
READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
a9c618e4
FAULTING_IP:
win32k!xxxKENLSProcs+2f
bf8485a4 3816 cmp byte ptr [esi],dl
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 3
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
BUGCHECK_STR: 0x50
LAST_CONTROL_TRANSFER: from bf849a3a to bf8485a4
STACK_TEXT:
f965b990 bf849a3a f965b9d0 00000000 f965b9e8 win32k!xxxKENLSProcs+0x2f
f965b9ac bf8c2afe f965b933 00000000 00000000 win32k!xxxProcessKeyEvent+
f965b9ec bf8c3607 e1c7cb00 33c7cb58 00000001 win32k!ProcessKeyboardInpu
f965ba0c bf85e489 e1c7cb58 82659a50 f965ba64 win32k!ProcessKeyboardInpu
f965ba1c 804f1dd8 e1c7cb58 e1c7cb80 00000000 win32k!InputApc+0x4e
WARNING: Stack unwind information not available. Following frames may be wrong.
f965ba64 804ed199 00000000 00000000 00000000 nt!PsGetProcessJob+0xe8
f965bab4 bf8aec51 00000007 826667f0 00000001 nt!KeSaveFloatingPointStat
f965bd30 bf8c8594 f966b4a8 00000002 f965bd54 win32k!RawInputThread+0x4f
f965bd40 bf800ff4 f966b4a8 f965bd64 0075fff4 win32k!xxxCreateSystemThre
f965bd54 804df06b 00000000 00000022 00000000 win32k!NtUserCallOneParam+
f965bddc 804fa477 805bcbff 00000001 00000000 nt!ZwYieldExecution+0xb96
00000000 00000000 00000000 00000000 00000000 nt!KeInitializeTimer+0x10c
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!xxxKENLSProcs+2f
bf8485a4 3816 cmp byte ptr [esi],dl
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!xxxKENLSProcs+2f
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: win32k.sys
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
Both computers and other computers on the network, got same errors.
what is win32k.sys? I think all errors initiated by this file.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.