Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1595
  • Last Modified:

New HP Proliant ml350 with SBS 2003 rebooting at random intervals!

I have a HP Proliant ML350G brand new server
This server has recently replaced their existing server
I used Acronis with Universal Restore to get the OS from one server to the NEW SERVER

Everything worked fine for first few days, now the OS is rebooting at random intervals during the day/night - generally the server seems to run for between 3 - 6 hours before rebooting it self.

I am not sure where to start, eventlog gives no clue leading up to the reboot, only event is the one pasted below.

I need to know where to start troubleshooting where the rebooting is caused, as eventlog is not telling me anything, im at a wits end. The client has about 30 computers so Im in a bit of a pickle and rush for a solution

All help is greatly appreciated!

Details
Product: Windows Operating System
ID: 6008
Source: EventLog
Version: 5.2
Symbolic Name: EVENT_EventlogAbnormalShutdown
Message: The previous system shutdown at %1 on %2 was unexpected.
0
dazzydawazzy
Asked:
dazzydawazzy
  • 6
  • 4
1 Solution
 
dmbgoCommented:
You need to disable automatic reboot on system failure so that you can see the BSOD errors. to do this reboot the server, then press f8 at start up to bring up the boot options (safe mode etc) select the option to disable auto reboot then bott up and wait for the bsod. Just a guess, but you issue is probably caused by a device driver, hopefully the bsod will tell you which one.
Cheers
Dave
0
 
dmbgoCommented:
Should have said boot up, not bott up, but you probably guesed my meaning :)
0
 
dazzywazzyCommented:
Excellent OK, I am working on this remotely for the night and have an exam tommorow so wont be back in office until friday, all i can do now is remote work.

I am running a defrag on server now as it when i analyzed the defrag it was one of the worst i have seen. I will run this first then disable the auto reboot.

Upon inspection of device manager i can see an UNKNOWN DEVICE. we have an account at driveragent and driver agent dosnt know what it is....
0
 
dmbgoCommented:
Even though it is commonly done, moving a server to new hardware without a clean install can lead to issues. I have done it myself with results varying from no go to complete success. I suggest that you download all of the latest HP drivers for the system and install them all, starting first with the chipset drivers, this should fix your unknown device and may also resolve your crashes.
I am assuming that there are no other add in cards in the system other than the HP stuff.
0
 
dazzywazzyCommented:
dmbgo:

Seen as how your the only expert responding ill reply straight to you, ive just flown in after exam (passed thankgod) and the client has reported shutdowns at 12:09pm 4pm and just 5 minutes ago (5:09pm).

Because i am unable to get to site at moment i will be getting the client to perofm the f8 option to disable auto reboot, hopefully then tommorow morning when i get there, there will be a big blue screen for me with a device driver error. Does the blue screen stay on screen until i manually reset the server?
0
 
dazzywazzyCommented:
dmbgo:

FYI: I found a few things while fault finding before rebooting the server. The paging file was incorrect. The old server had 2gb ram and the new server has 4gb. I have adjusted accordingly. Will i need to update the userva switch in the boot.ini also?

I have fixed the unknown device error - it was a HP NULL IPMI Controller - i have no idea what that is

I did a bit of googling and found mfehidk.sys was the cause of alot of server 2003 reboots. I then remembered this server had mcafee abbout 3 months ago. I did a search and the file was on the server. I removed the file.

I have now rebooted and set it to not auto reboot on system failure - been running 30 mins with no probs as yet but there is no one logged into system apart from me remotely!
0
 
dazzywazzyCommented:
Server rebooted at 7:45 pm tonight during a defrag.

Computer did not simply stay on a blue screen, i was working remotely and was able to log back in within 15 - 20 minutes. I have double checked that auto reboot is off. is it possible the blue screen sat there for a period of time at dis-appeared

0
 
dazzywazzyCommented:
OK So i analyzed the memory dump file and this is what ive found

*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {a060006, d000001b, 0, e085addf}

*** ERROR: Module load completed but symbols could not be loaded for mssmbios.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for mfehidk.sys -
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                   *
* The Symbol Path can be set by:                                    *
*   using the _NT_SYMBOL_PATH environment variable.                 *
*   using the -y <symbol_path> argument when starting the debugger. *
*   using .sympath and .sympath+                                    *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                   *
* The Symbol Path can be set by:                                    *
*   using the _NT_SYMBOL_PATH environment variable.                 *
*   using the -y <symbol_path> argument when starting the debugger. *
*   using .sympath and .sympath+                                    *
*********************************************************************
Probably caused by : mfehidk.sys ( mfehidk+efa6 )

Followup: MachineOwner

As you can see it points to MFEHIDK.sys - however i have found and removed this file!!! what do i do to stop the system from obviously trying to accessing this file???

please help!!
0
 
dmbgoCommented:
Did you search the system drive for all instances of this? Anyway, just removing the file will not get rid of any left over registry settings etc. Did the MCafeee uninstall cleanly? If it didn't you might try re-installing it, then uninstalling it again to make sure that the registry settings , services and all files are gone.
0
 
dazzywazzyCommented:
ok well im in a pickle

i look at this from the dump

Kernel base = 0xe0800000 PsLoadedModuleList = 0xe08af9c8
Debug session time: Mon Jan 14 05:41:26.390 2008 (GMT+10)


look at the date.!!

i then deleted the .dmp file and it rebooted several hours later, and didnt create another .dmp file!!!!

im at a wits end, obviously this isnt a driver thing??? please help i am willing to pay extra to you if needed!!!
0
  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now