Solved

MS09-006 breaks Remote Desktop XP

Posted on 2009-04-03
6
1,280 Views
Last Modified: 2012-06-27
After applying a critical update
http://www.microsoft.com/technet/security/bulletin/MS09-006.mspx
KB958690 to my Precision T3400s, they will crash after a user sends credentials over Remote Desktop.  The screen at the host will sometimes look corrupted with red colors at the top of the screen, or it will freeze, or it will reboot.  I setup for kernel dump collection and have attached here.  All machines are XP Pro SP3 32bit.  They have latest BIOS and drivers from Dell (this is a mature model anyways, and ISV certified).  This is a very repeatable problem.  If the update is not installed: no problem.  If it is installed: problem.  

I have set this update to Detect Only in WSUS as a temporary fix.  

Event Type:	Error
Event Source:	System Error
Event Category:	(102)
Event ID:	1003
Date:		3/31/2009
Time:		4:30:56 PM
User:		N/A
Computer:	DELL3
Description:
Error code 0000001a, parameter1 0004128b, parameter2 00005b70, parameter3 00000000, parameter4 bf400000.
 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 53 79 73 74 65 6d 20 45   System E
0008: 72 72 6f 72 20 20 45 72   rror  Er
0010: 72 6f 72 20 63 6f 64 65   ror code
0018: 20 30 30 30 30 30 30 31    0000001
0020: 61 20 20 50 61 72 61 6d   a  Param
0028: 65 74 65 72 73 20 30 30   eters 00
0030: 30 34 31 32 38 62 2c 20   04128b, 
0038: 30 30 30 30 35 62 37 30   00005b70
0040: 2c 20 30 30 30 30 30 30   , 000000
0048: 30 30 2c 20 62 66 34 30   00, bf40
0050: 30 30 30 30               0000    
 
 
 
----------------------------------
 
 
 
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
 
 
Loading Dump File [C:\mgd3.DMP]
Kernel Summary Dump File: Only kernel address space is available
 
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.080814-1236
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Tue Mar 31 16:09:42.659 2009 (GMT-5)
System Uptime: 0 days 0:01:33.625
Loading Kernel Symbols
......................................................................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 7ffde00c).  Type ".hh dbgerr001" for details
Loading unloaded module list
.......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
Use !analyze -v to get detailed debugging information.
 
BugCheck 1A, {4128b, 5b70, 0, bf400000}
 
PEB is paged out (Peb.Ldr = 7ffde00c).  Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffde00c).  Type ".hh dbgerr001" for details
Probably caused by : win32k.sys ( win32k!ldevLoadImage+1b5 )
 
Followup: MachineOwner
---------
 
1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
MEMORY_MANAGEMENT (1a)
    # Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0004128b, The subtype of the bugcheck.
Arg2: 00005b70
Arg3: 00000000
Arg4: bf400000
 
Debugging Details:
------------------
 
PEB is paged out (Peb.Ldr = 7ffde00c).  Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffde00c).  Type ".hh dbgerr001" for details
 
BUGCHECK_STR:  0x1a_4128b
 
DEFAULT_BUCKET_ID:  DRIVER_FAULT
 
PROCESS_NAME:  csrss.exe
 
LAST_CONTROL_TRANSFER:  from 8052365f to 804f9f43
 
STACK_TEXT:  
adabb468 8052365f 0000001a 0004128b 00005b70 nt!KeBugCheckEx+0x1b
adabb49c 8051d099 000005b6 0000000e bf400000 nt!MiSwapWslEntries+0x191
adabb4e0 8051d607 819ee4d0 00000100 00000000 nt!MiSessionCommitPageTables+0x263
adabb510 805ad558 bfffd000 00003000 adabb8f8 nt!MiSessionCommitImagePages+0xc3
adabb5d8 805ae80b e17c8960 adabb8f8 adabb89c nt!MiLoadImageSection+0x96
adabb780 8060fc6f adabb89c 00000000 00000000 nt!MmLoadSystemImage+0x4c9
adabb930 8054162c 0000001a e2be7a08 0000001c nt!NtSetSystemInformation+0x8a9
adabb930 8050100d 0000001a e2be7a08 0000001c nt!KiFastCallEntry+0xfc
adabb9b4 bf888fb5 0000001a e2be7a08 0000001c nt!ZwSetSystemInformation+0x11
adabbb28 bf88913c e3bd5b1a 00000000 adabbb60 win32k!ldevLoadImage+0x1b5
adabbb58 bf889214 00000000 00000001 e189bf80 win32k!ldevLoadDriver+0x39
adabbb70 bf88c35f e3bd5b1a 8983a6a0 adabbb98 win32k!ldevGetDriverModes+0x1b
adabbba0 bf88331c 00000001 0000d7b4 00000000 win32k!DrvBuildDevmodeList+0xa4
adabbbd8 bf88898e 00000000 e17c8b18 00000000 win32k!CheckAndNotifyDualView+0x174
adabbcb8 bf88ac52 00000000 e1b8a2d8 00000000 win32k!DrvChangeDisplaySettings+0x1f3
adabbcfc bf917e15 00000000 00000000 00000000 win32k!xxxUserChangeDisplaySettings+0x141
adabbd24 bf918ad3 00000011 004afe90 bf80111f win32k!RemoteSetDisconectDisplayMode+0x28
adabbd48 bf80113a adabbd64 004afe90 adabbd64 win32k!xxxRemoteDisconnect+0x18e
adabbd58 8054162c 00000011 004afea0 7c90e4f4 win32k!NtUserCallNoParam+0x1b
adabbd58 7c90e4f4 00000011 004afea0 7c90e4f4 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
004afea0 00000000 00000000 00000000 00000000 0x7c90e4f4
 
 
STACK_COMMAND:  kb
 
FOLLOWUP_IP: 
win32k!ldevLoadImage+1b5
bf888fb5 8985d4feffff    mov     dword ptr [ebp-12Ch],eax
 
SYMBOL_STACK_INDEX:  9
 
SYMBOL_NAME:  win32k!ldevLoadImage+1b5
 
FOLLOWUP_NAME:  MachineOwner
 
MODULE_NAME: win32k
 
IMAGE_NAME:  win32k.sys
 
DEBUG_FLR_IMAGE_TIMESTAMP:  49900eb7
 
FAILURE_BUCKET_ID:  0x1a_4128b_win32k!ldevLoadImage+1b5
 
BUCKET_ID:  0x1a_4128b_win32k!ldevLoadImage+1b5
 
Followup: MachineOwner

Open in new window

0
Comment
Question by:pcrequest
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 22

Accepted Solution

by:
Adam Leinss earned 500 total points
ID: 24063952
Same problem listed here, supposedly fixed by NVIDIA driver version 182.08 @ http://www.nvidia.co.uk/object/winxp_182.08_uk.html
Thread:
http://forums.techarena.in/windows-xp-support/1139973.htm
0
 
LVL 1

Author Comment

by:pcrequest
ID: 24063989
I will try those drivers.  I guess Dell didn't ship the latest.  I have 6.14.11.7805 dated late 2008 on Quadro NVS 290.
0
 
LVL 7

Expert Comment

by:Maeros
ID: 24064227
Just FYI to interpret NVIDIA driver "long" version numbers, read the last 5 digits of the version number.  For example your version of 6.14.11.7805 can be interpreted as version 178.05 .

Dell never ships with the latest version of drivers.  Due to the sheer variety of makes and models of hardware they build from, drivers are rarely updated unless it is considered critical.

If you ever have issues with drivers, and the standard drivers provided by your OEM doesn't resolve it, always try visiting the manufacturer's website and download the latest version from there.
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 1

Author Closing Comment

by:pcrequest
ID: 31566433
Thanks.  Kind of obvious in retrospect.  I got a little newer version of the drivers and they work great after installing the patch.
0
 
LVL 22

Expert Comment

by:Adam Leinss
ID: 24065287
Well, sometimes it's not obvious where to start.  I generally don't update drivers unless a user has a problem.  A string of ProE users were getting hard lock ups when opening complex assemblies.  Updated video driver from ATI: problem went away.

It doesn't help that the NVIDIA driver scan logic is broken.
0
 
LVL 7

Expert Comment

by:Maeros
ID: 24067701
Not updating drivers unless there is a problem is the de-facto standard in system administration, and for good reason.  It can take a significant portion of your time going seeking and installing driver updates (especially if you have a lot of workstations), and the potential for causing problems is very real.  

The adage "If it ain't broke, don't fix it" is definitely true in this regard.  I wouldn't feel bad about it.  A good 95% of sysadmins are pretty much the same way.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
rebuilding your XP box 15 164
Creating an XP virtual machine 38 181
Copy and Paste Windows 7 Files Not Working 6 109
Decrypting the Zepto Virus 21 661
If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article (http://rdsrc.us/u3GP7A) first and run the tool TDSSKiller (http://rdsrc.us/GDBBs4) to get rid of the infection. Once done, and if the …
Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question