atitc
asked on
Win2k3 Server random BSOD Win32k.sys
Hi,
I have a 2k3 enterprise SP2 server running on a VMware ESX 3.5. Every few days I am getting a BSOD, which does not seem to be related to any specific action. Intially the dump file pointed to symevent.sys, so, I suspected Symantec AV, and removed it. Now I am still getting the BSOD, but the dump has changed, and is now pointing to Win32k.sys. See output below. This is now getting very urgent, so any help appreciated.
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [W:\WINDOWS\Minidump\Mini1
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\WINDOWS\Symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Kernel base = 0x80800000 PsLoadedModuleList = 0x808a6ea8
Debug session time: Tue Nov 4 11:53:23.572 2008 (GMT+0)
System Uptime: 0 days 2:18:56.204
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
..........................
Loading User Symbols
Loading unloaded module list
..
Unable to load image win32k.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for win32k.sys
**************************
* *
* Bugcheck Analysis *
* *
**************************
Use !analyze -v to get detailed debugging information.
BugCheck 10000050, {bcfb0ba0, 0, bf8b8449, 0}
Could not read faulting driver name
Probably caused by : win32k.sys ( win32k!GdiThreadCallout+2a
Followup: MachineOwner
---------
Stack Trace
b855dc58 bf8b703b win32k!GdiThreadCallout+0x
b855dc64 bf8b7e98 win32k!bSpBltFromScreen+0x
b855dc80 8094c2ac win32k!UnlockCaptureWindow
b855dd0c 8094c63f nt!PpInitializeNotificatio
b855dd24 8094c839 nt!PiProcessQueryRemoveAnd
b855dd54 8088978c nt!PiProcessQueryRemoveAnd
b855dd64 7c8285ec nt!RtlIpv6StringToAddressE
WARNING: Frame IP not in any known module. Following frames may be wrong.
b855dd78 00000000 0x7c8285ec
Thank you
I have a 2k3 enterprise SP2 server running on a VMware ESX 3.5. Every few days I am getting a BSOD, which does not seem to be related to any specific action. Intially the dump file pointed to symevent.sys, so, I suspected Symantec AV, and removed it. Now I am still getting the BSOD, but the dump has changed, and is now pointing to Win32k.sys. See output below. This is now getting very urgent, so any help appreciated.
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [W:\WINDOWS\Minidump\Mini1
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\WINDOWS\Symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Kernel base = 0x80800000 PsLoadedModuleList = 0x808a6ea8
Debug session time: Tue Nov 4 11:53:23.572 2008 (GMT+0)
System Uptime: 0 days 2:18:56.204
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
..........................
Loading User Symbols
Loading unloaded module list
..
Unable to load image win32k.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for win32k.sys
**************************
* *
* Bugcheck Analysis *
* *
**************************
Use !analyze -v to get detailed debugging information.
BugCheck 10000050, {bcfb0ba0, 0, bf8b8449, 0}
Could not read faulting driver name
Probably caused by : win32k.sys ( win32k!GdiThreadCallout+2a
Followup: MachineOwner
---------
Stack Trace
b855dc58 bf8b703b win32k!GdiThreadCallout+0x
b855dc64 bf8b7e98 win32k!bSpBltFromScreen+0x
b855dc80 8094c2ac win32k!UnlockCaptureWindow
b855dd0c 8094c63f nt!PpInitializeNotificatio
b855dd24 8094c839 nt!PiProcessQueryRemoveAnd
b855dd54 8088978c nt!PiProcessQueryRemoveAnd
b855dd64 7c8285ec nt!RtlIpv6StringToAddressE
WARNING: Frame IP not in any known module. Following frames may be wrong.
b855dd78 00000000 0x7c8285ec
Thank you
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, this pointed me in the right direction. What I ended up doing was just downloading the latest version of SP2 and re-applied it to the server. Since then the problem seems to have gone away.
Cheers
Cheers
ASKER