Link to home
Start Free TrialLog in
Avatar of Ronda
RondaFlag for United States of America

asked on

windows Server 2000 sp 4 with Citrix Metaframe xp started rebooting after last windows update

i did a windows update on Saturday 10/25/08 on our Windows 2000 Server SP4.  This is our citrix server (Metaframe xp version 1.0 - Build 1467 SP 3).   Monday it rebooted itself during working hours.  Everyday after that, it has rebooted twice a day (only during working hours, not at the same time).  i have tried several things, replaced the ram, flashed the bios, removed some print drivers (although i am not sure i removed the right ones, or from the right place, if that was the cause).  We are still having the problem.  I have never used a debug tool, but have been trying this past week, not sure i have it quite right, i am attaching that code.  the event code is 1001, The bugcheck was: 0x000000ba (0x00000004, 0x00000002, 0xe6f39a68, 0x0000001f).  i will call microsoft on monday, but was hoping to get this resolved before then. - i am going blury eyed/brained looking for a solution.  i thought about uninstalling the updates that were done, but i am getting gun shy since non of my other 'fixes' worked
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.ex
e
Windows 2000 Kernel Version 2195 (Service Pack 4) MP (2 procs) Free x86 compatib
le
Kernel base = 0x80400000 PsLoadedModuleList = 0x80485b80
Debug session time: Thu Oct 30 16:26:28.562 2008 (GMT-4)
System Uptime: not available
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.ex
e
Loading Kernel Symbols
................................................................................
...............................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
Use !analyze -v to get detailed debugging information.
 
BugCheck BA, {d, 1, e8271d28, 1f}
 
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
 
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
Probably caused by : ntoskrnl.exe ( nt+1375e3 )
 
Followup: MachineOwner
---------
 
----- 32 bit Kernel Mini Dump Analysis
 
DUMP_HEADER32:
MajorVersion        0000000f
MinorVersion        00000893
KdSecondaryVersion  00000000
DirectoryTableBase  64eaa000
PfnDataBase         890bf000
PsLoadedModuleList  80485b80
PsActiveProcessHead 80487608
MachineImageType    0000014c
NumberProcessors    00000002
BugCheckCode        000000ba
BugCheckParameter1  0000000d
BugCheckParameter2  00000001
BugCheckParameter3  e8271d28
BugCheckParameter4  0000001f
PaeEnabled          00000000
KdDebuggerDataBlock 80471a70
MiniDumpFields      45474150
 
TRIAGE_DUMP32:
ServicePackBuild      00000400
SizeOfDump            00010000
ValidOffset           0000fffc
ContextOffset         00000320
ExceptionOffset       000007d0
MmOffset              00001050
UnloadedDriversOffset 00001088
PrcbOffset            00001860
ProcessOffset         00002250
ThreadOffset          000024e0
CallStackOffset       00002728
SizeOfCallStack       000006c4
DriverListOffset      00002dec
DriverCount           00000070
StringPoolOffset      00004f2c
StringPoolSize        00001f98
BrokenDriverOffset    00000000
TriageOptions         00000041
TopOfStack            bc16593c
 
 
Windows 2000 Kernel Version 2195 (Service Pack 4) MP (2 procs) Free x86 compatib
le
Kernel base = 0x80400000 PsLoadedModuleList = 0x80485b80
Debug session time: Thu Oct 30 16:26:28.562 2008 (GMT-4)
System Uptime: not available
start    end        module name
80062000 80076f80   hal       Thu Dec 02 22:29:15 2004 (41AFDD8B)
80400000 805a2940   nt        Mon Mar 05 10:51:43 2007 (45EC3C8F)
a0000000 a0191680   win32k    Mon Sep 15 01:13:35 2008 (48CDEEFF)
a0192000 a0193000   atidrab   unavailable (00000000)
a01b3000 a01b4000   acpdf159  unavailable (00000000)
a0790000 a0791000   vdtw30    unavailable (00000000)
bdc2f000 bdc431e0   naveng    Fri Aug 15 00:00:26 2008 (48A4FF5A)
bdc44000 bdd17a20   navex15   Thu Aug 14 23:10:42 2008 (48A4F3B2)
be128000 be155300   WDICA     Tue May 06 20:44:55 2003 (3EB85707)
be1a6000 be1b9ac0   ipsec     Mon Apr 21 14:19:40 2003 (3EA4363C)
be2da000 be2dd420   IcaReduc  Tue May 06 20:44:34 2003 (3EB856F2)
be782000 be7a4ac0   Fastfat   Tue Jul 19 06:44:42 2005 (42DCD99A)
be7dd000 be7e5a60   termdd    Fri Mar 21 17:43:08 2003 (3E7B876C)
be8e5000 be91f5e0   srv       Thu Aug 28 00:44:02 2008 (48B62D12)
be958000 be967600   Cdfs      Fri Apr 01 21:23:36 2005 (424DF418)
bea38000 bea62ee0   cdm       Tue May 06 20:42:36 2003 (3EB8567C)
beb1b000 beb23240   Fips      Tue May 09 11:28:29 2000 (39182E9D)
bee73000 bee90060   afd       Thu May 08 04:38:05 2008 (4822BBED)
beef9000 beefbdc0   ndisuio   Wed Jan 15 14:55:21 2003 (3E25BCA9)
bf779000 bf77cbc0   dump_cpqcissm  Mon Feb 10 17:34:54 2003 (3E48290E)
bf781000 bf79d000   EraserUtilRebootDrv  Thu Aug 28 13:06:09 2008 (48B6DB01)
bf79d000 bf7fb000   eeCtrl    Thu Aug 28 13:06:09 2008 (48B6DB01)
bf7fb000 bf860620   mrxsmb    Wed May 31 03:14:13 2006 (447D4245)
bf873000 bf89ca20   rdbss     Tue Jul 19 01:42:03 2005 (42DC92AB)
bf986000 bf9de000   savrt     Wed Sep 06 17:26:23 2006 (44FF3CFF)
bf9de000 bf9f2000   Savrtpel  Wed Sep 06 17:26:26 2006 (44FF3D02)
bfa92000 bfab4000   SYMEVENT  Mon Sep 18 20:52:19 2006 (450F3F43)
bfab4000 bfb16000   SPBBCDrv  Tue Apr 11 19:55:08 2006 (443C41DC)
bfb16000 bfb40d00   netbt     Fri Apr 01 21:23:24 2005 (424DF40C)
bfb69000 bfbb7300   tcpip     Wed Jun 18 06:05:04 2008 (4858DDD0)
bfc20000 bfc4a3a0   update    Wed Apr 16 00:22:01 2003 (3E9CDA69)
bfc4b000 bfc66b40   ks        Wed Apr 16 00:02:11 2003 (3E9CD5C3)
bfc79000 bfc9c060   rdpdr     Fri Mar 21 17:43:14 2003 (3E7B8772)
bfc9d000 bfcb3ba0   ndiswan   Tue Apr 29 19:05:01 2003 (3EAF051D)
bfcb4000 bfcc45a0   CPQCISSE  Tue Feb 18 12:22:11 2003 (3E526BC3)
bfcdd000 bfce0580   vga       Sat Sep 25 14:37:40 1999 (37ED1674)
bfced000 bfd30780   cpqasm    Mon Mar 10 16:03:07 2003 (3E6CEF7B)
bfd31000 bfd43d20   q57w2k    Thu Dec 12 18:26:52 2002 (3DF91B3C)
bfd44000 bfd556c0   atimpab   Wed Nov 10 18:34:06 1999 (382A00EE)
bfdd6000 bfdd9e60   TDI       Wed Jan 15 14:56:26 2003 (3E25BCEA)
bfde6000 bfde82e0   ndistapi  Wed Jan 15 14:54:15 2003 (3E25BC67)
bfdf2000 bfdf5640   serenum   Wed Jan 15 14:47:01 2003 (3E25BAB5)
bfdfa000 bfdfd6c0   dump_scsiport  Tue Feb 25 14:18:04 2003 (3E5BC16C)
bfe56000 bfe6bbe0   Mup       Thu Dec 02 22:37:23 2004 (41AFDF73)
bfe6c000 bfe95aa0   NDIS      Tue Apr 29 19:05:01 2003 (3EAF051D)
bfe96000 bff13480   Ntfs      Tue May 10 05:20:29 2005 (42807CDD)
bff14000 bff257c0   KSecDD    Sat Sep 20 20:32:19 2003 (3F6CF193)
bff26000 bff381c0   Dfs       Tue Feb 11 21:19:06 2003 (3E49AF1A)
bff39000 bff5a5c0   fltmgr    Tue Aug 22 03:18:38 2006 (44EAAFCE)
bff5b000 bff6fe80   adpu160m  Thu Jun 20 22:02:53 2002 (3D12894D)
bff70000 bff85180   atapi     Tue Apr 01 14:08:25 2003 (3E89D599)
bff86000 bff98180   SCSIPORT  Thu Dec 30 00:53:36 2004 (41D397E0)
bff99000 bffba9c0   dmio      Wed Jan 15 14:47:04 2003 (3E25BAB8)
bffbb000 bffd75a0   ftdisk    Thu Dec 02 22:29:58 2004 (41AFDDB6)
bffd8000 bffffc20   ACPI      Wed Jan 15 14:44:22 2003 (3E25BA16)
eb000000 eb00e6a0   pci       Wed Jan 15 14:44:07 2003 (3E25BA07)
eb010000 eb01b680   isapnp    Wed Jan 15 14:43:47 2003 (3E25B9F3)
eb020000 eb02fae0   cpq32fs2  Mon Nov 18 18:47:47 2002 (3DD97C23)
eb030000 eb0390e0   symmpi    Tue Dec 10 12:31:28 2002 (3DF624F0)
eb040000 eb048700   CLASSPNP  Wed Jan 15 14:42:51 2003 (3E25B9BB)
eb050000 eb05c4c0   VIDEOPRT  Wed Jan 15 14:47:20 2003 (3E25BAC8)
eb140000 eb14b680   i8042prt  Wed Apr 16 00:00:59 2003 (3E9CD57B)
eb150000 eb15f400   serial    Wed Apr 16 00:19:39 2003 (3E9CD9DB)
eb160000 eb16ca80   rasl2tp   Tue Apr 29 19:05:06 2003 (3EAF0522)
eb170000 eb17bc40   raspptp   Wed May 14 19:47:00 2003 (3EC2D574)
eb180000 eb18ea20   parallel  Wed Jan 15 14:47:14 2003 (3E25BAC2)
eb1b0000 eb1b9be0   usbhub    Tue Mar 18 19:30:41 2003 (3E77AC21)
eb1c0000 eb1c9ce0   NDProxy   Thu Sep 30 19:25:35 1999 (37F3F16F)
eb1d0000 eb1d8fa0   Npfs      Sat Oct 09 19:58:07 1999 (37FFD68F)
eb1e0000 eb1e8680   msgpc     Wed Jan 15 14:54:25 2003 (3E25BC71)
eb1f0000 eb1f81a0   netbios   Tue Oct 12 15:34:19 1999 (38038D3B)
eb280000 eb285520   PCIIDEX   Tue Feb 25 13:31:08 2003 (3E5BB66C)
eb288000 eb28f5a0   MountMgr  Thu Dec 02 22:33:01 2004 (41AFDE6D)
eb290000 eb296320   symc8xx   Fri Mar 30 13:01:54 2001 (3AC4BC02)
eb298000 eb29d180   sym_hi    Sat Sep 25 15:11:49 1999 (37ED1E75)
eb2a0000 eb2a7720   disk      Wed Jan 15 14:43:05 2003 (3E25B9C9)
eb2b0000 eb2b5fc0   openhci   Fri Feb 28 19:28:59 2003 (3E5FFECB)
eb2b8000 eb2bd240   Msfs      Tue Oct 26 19:21:32 1999 (3816377C)
eb2c8000 eb2ccfc0   USBD      Wed Jan 22 12:05:33 2003 (3E2ECF5D)
eb318000 eb31c400   ptilink   Wed Jan 15 14:47:15 2003 (3E25BAC3)
eb328000 eb32c0e0   raspti    Fri Oct 08 16:45:10 1999 (37FE57D6)
eb348000 eb34fd00   wanarp    Fri Aug 16 08:25:01 2002 (3D5CEF1D)
eb398000 eb39c8c0   TDTCP     Fri Mar 21 17:43:08 2003 (3E7B876C)
eb3b0000 eb3b4a60   flpydisk  Wed Jan 15 14:42:52 2003 (3E25B9BC)
eb3b8000 eb3bdec0   kbdclass  Thu Feb 20 11:37:30 2003 (3E55044A)
eb3c8000 eb3cd400   mouclass  Thu Feb 20 11:37:45 2003 (3E550459)
eb3d8000 eb3de100   parport   Wed Jan 15 14:47:13 2003 (3E25BAC1)
eb3e8000 eb3eea20   EFS       Wed Jan 15 14:46:55 2003 (3E25BAAF)
eb3f8000 eb3f9000   fdc       unavailable (00000000)
eb408000 eb40ec40   cdrom     Wed Jan 15 14:43:04 2003 (3E25B9C8)
eb410000 eb412a20   BOOTVID   Wed Nov 03 21:24:33 1999 (3820E051)
eb414000 eb416d00   PartMgr   Wed Jan 15 14:43:07 2003 (3E25B9CB)
eb418000 eb41bb60   cpqarray  Mon Oct 21 17:18:51 2002 (3DB46F3B)
eb41c000 eb41ffe0   symc810   Sat Sep 25 15:11:49 1999 (37ED1E75)
eb420000 eb423bc0   cpqcissm  Mon Feb 10 17:34:54 2003 (3E48290E)
eb424000 eb427460   cpqarry2  Mon Nov 05 16:47:33 2001 (3BE708F5)
eb500000 eb501d20   Diskperf  Wed Feb 12 16:34:38 2003 (3E4ABDEE)
eb502000 eb503b80   dmload    Wed Jan 15 14:47:06 2003 (3E25BABA)
eb512000 eb513ca0   Fs_Rec    Wed Jan 15 14:53:30 2003 (3E25BC3A)
eb51a000 eb51be40   rasacd    Sat Sep 25 14:41:23 1999 (37ED1753)
eb536000 eb537660   PDRFRAME  Tue May 06 20:47:13 2003 (3EB85791)
eb548000 eb549da0   pdcrypt1  Tue May 06 20:47:22 2003 (3EB8579A)
eb576000 eb5771c0   ctxsmcdrv  Tue May 06 20:48:10 2003 (3EB857CA)
eb586000 eb587860   ParVdm    Mon Sep 27 23:28:16 1999 (37F035D0)
eb5c8000 eb5c8f80   WMILIB    Sat Sep 25 14:36:47 1999 (37ED163F)
eb5c9000 eb5c9b00   pciide    Wed Jan 15 14:43:03 2003 (3E25B9C7)
eb5f1000 eb5f1a40   audstub   Sat Sep 25 14:35:33 1999 (37ED15F5)
eb5fc000 eb5fcd80   swenum    Sat Sep 25 14:36:31 1999 (37ED162F)
eb60d000 eb60d9e0   Null      Sat Sep 25 14:34:58 1999 (37ED15D2)
eb60f000 eb60fee0   Beep      Wed Oct 20 18:18:59 1999 (380E3FD3)
eb612000 eb612f80   mnmdd     Sat Sep 25 14:37:40 1999 (37ED1674)
eb6c8000 eb6c8980   sysmgmt   Wed Jan 29 14:14:33 2003 (3E382819)
 
Unloaded modules:
bf89d000 bf8b2000   naveng.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
bf8b2000 bf986000   navex15.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
eb0c0000 eb0c9000   redbook.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
bfdde000 bfde1000   scsichng.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
eb400000 eb405000   Cdaudio.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
bfce5000 bfce8000   Sfloppy.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
Use !analyze -v to get detailed debugging information.
 
BugCheck BA, {d, 1, e8271d28, 1f}
 
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
 
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
Probably caused by : ntoskrnl.exe ( nt+1375e3 )
 
Followup: MachineOwner
---------
 
Finished dump check
 
C:\Program Files\Debugging Tools for Windows>

Open in new window

Avatar of Carl Webster
Carl Webster
Flag of United States of America image
How many printer drivers are installed on that server and how many are the bad Kernel Mode drivers?

I think the registry location is:

HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers

There should be two subkeys: Version-2 and Version-3.  Anything in Version-2 needs to be removed NOW and replaced with Version-3 drivers (aka User Mode drivers).
Avatar of Ronda
Ronda
Flag of United States of America image

ASKER

Thanks - There are 16 printers installed (under start - settings - printers).  in the registry there are 3 printers listed under Version 2, one is in the printers under start - settings - printers. (i will remove that).  Two aren't there - Amyuni PDF converters.  I will delete all three entrys from the registry.  do i need to delete any of the dll files for these? - or are their files located anywhere else that should be deleted?
ASKER CERTIFIED SOLUTION
Avatar of Carl Webster
Carl Webster
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Ronda
Ronda
Flag of United States of America image

ASKER

Thanks - i won't know for sure if it fixes it until we get a full work day in and i am going to give it 2 work days.  So i will let you know Tues PM if it works or not, i am pretty positive about this one though.  i am concerned that 2 of the printers are pdf printers that one of our programs uses.  i was curious to see what would happen if i reinstalled.  I tried it and the files were added back to the registry under version 2 (i had not yet deleted them in the %systemroot% folder).  I believe the program will run without these printers but not be completely fully functional.  i will remove them - if it fixes the reboot issue, i will try to reinstall to see if a fresh install will work.  Would that be a bad idea though..do you think the drivers became corupt or are they no longer compatible?
Avatar of Carl Webster
Carl Webster
Flag of United States of America image
either is possible.  I remember a while back looking for updated drivers for those.  I think I found them via Google.  I then used the printer remapping function to remap them.

Amyuni PDF 2.6 remaps to Amyuni PDF 3.1 or something like that.
Avatar of plopandic
plopandic
Insp,

I only have 1 main printer installed (Start - Settings - Printers) on our STACKMT1 MetaFrame server, I have noticed that once this server restartes itself it randomly maps 6 or 7 users printers to the server. This seems odd to me, since this has never happened before. Did you end up reinstalling all of the printer drivers under Management Console for MetaFrame XP - Servers - STACKMT1 - Printer Drivers tab?

Has your Citrix Server restarted today? Mine has already restarted once today at 9:57 AM

Regards,

 - Dipesh
Avatar of Ronda
Ronda
Flag of United States of America image

ASKER

i haven't reinstalled any printers at all, waiting to see how it goes.  Did you see if you have any drivers in the c:\winnt\system32\spool\drivers\w32x86\2 folder and in the registry: HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers\Version2.  So far so good for my server, but sometimes it doesn't happen until a little later in the day.  i am holding off calling microsoft until i see how today goes.
Avatar of plopandic
plopandic
Insp,

Are you having this issue with your Citrix Farm or just an individual server within the farm?

Regards,

 - Dipesh
Avatar of Ronda
Ronda
Flag of United States of America image

ASKER

Well, i don't think i really have a Farm, i only have one citrix server, the rest of the servers are just windows servers.  it is just the citrix server that is effected.
Avatar of plopandic
plopandic
Insp,

In the "c:\winnt\system32\spool\drivers\w32x86\2" I have 62 objects in that folder. Most of these files within the folder are .dll, .pmd, .hpl, .ini, .pdf, and .bpd. What do I do with these files? Can I delete them?

In the "HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers\Version2" folder I have 7 different printers listed. Did you delete these also?

I am going to hold off on deleting anything from this server, until you confirm that the method you tried works.

Regards,

 - Dipesh
Avatar of Carl Webster
Carl Webster
Flag of United States of America image
insp,

A Citrix farm consists of one or more Presentation/XenApp servers.  When you install Citrix, even on just one server, you create a farm and give it a name.
Avatar of Ronda
Ronda
Flag of United States of America image

ASKER

I guess i have one Citrix Farm (thanks CarlWebster) and it did affect everyone using it, because it rebooted the whole server.i did delete everything in both locations.  i made a copy of the files in the printer folder - put it someplace completely separate, just as a backup.  And i did backup the registry before removing all the entries under Version 2.  I believe the server does need to be rebooted for the registry changes to kick in.  11:45 EST - so far so good.
Avatar of plopandic
plopandic
Insp,

Has your Citrix server unexpectedly restarted itself today? Do you think what CarlWebster suggested solved the problem?

Regards,

 - Dipesh
Avatar of Ronda
Ronda
Flag of United States of America image

ASKER

you are awesome! - thanks so much
Avatar of Ronda
Ronda
Flag of United States of America image

ASKER

no reboots so far - Thanks CarlWebster!! - i accepted your solution, but i don't know if it gave you the points, I hope it did, because i meant to - if i could i would give you a million points.
Avatar of Carl Webster
Carl Webster
Flag of United States of America image
Yes, I recieved the points.  Glad I could help.