• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1286
  • Last Modified:


I have an SBS 2003 server that is blue screening (seemingly randomly).  Here is the dump file:

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs) Free x86 compatible
Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS
Built by: 3790.srv03_sp2_gdr.080813-1204
Machine Name:
Kernel base = 0x80800000 PsLoadedModuleList = 0x808a6ea8
Debug session time: Wed Apr  1 09:16:35.796 2009 (GMT-7)
System Uptime: 0 days 10:51:21.218
Loading Kernel Symbols
Loading User Symbols
PEB is paged out (Peb.Ldr = 7ffd500c).  Type ".hh dbgerr001" for details
Loading unloaded module list
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

Use !analyze -v to get detailed debugging information.

BugCheck 27, {baad0080, b5fcf8e8, b5fcf5e4, 80959d1f}

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for TmPreFlt.sys -
PEB is paged out (Peb.Ldr = 7ffd500c).  Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffd500c).  Type ".hh dbgerr001" for details
Probably caused by : mrxdav.sys ( mrxdav!MRxDAVOuterStop+92 )

Followup: MachineOwner

3: kd> !analyze -v
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

    If you see RxExceptionFilter on the stack then the 2nd and 3rd parameters are the
    exception record and context record. Do a .cxr on the 3rd parameter and then kb to
    obtain a more informative stack trace.
    The high 16 bits of the first parameter is the RDBSS bugcheck code, which is defined
    as follows:
     RDBSS_BUG_CHECK_CACHESUP  = 0xca550000,
     RDBSS_BUG_CHECK_CLEANUP   = 0xc1ee0000,
     RDBSS_BUG_CHECK_CLOSE     = 0xc10e0000,
     RDBSS_BUG_CHECK_NTEXCEPT  = 0xbaad0000,
Arg1: baad0080
Arg2: b5fcf8e8
Arg3: b5fcf5e4
Arg4: 80959d1f

Debugging Details:

PEB is paged out (Peb.Ldr = 7ffd500c).  Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffd500c).  Type ".hh dbgerr001" for details

EXCEPTION_RECORD:  b5fcf8e8 -- (.exr 0xffffffffb5fcf8e8)
ExceptionAddress: 80959d1f (nt!RtlDestroyHeap+0x00000023)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 00e70050
Attempt to read from address 00e70050

CONTEXT:  b5fcf5e4 -- (.cxr 0xffffffffb5fcf5e4)
eax=8a4b7404 ebx=00e70050 ecx=b9646f00 edx=00000000 esi=8a4b7404 edi=00e70000
eip=80959d1f esp=b5fcf9b0 ebp=b5fcf9c0 iopl=0         nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010206
80959d1f 8b33            mov     esi,dword ptr [ebx]  ds:0023:00e70050=????????
Resetting default scope


PROCESS_NAME:  svchost.exe


ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".



READ_ADDRESS:  00e70050

b96483dc 6800800000      push    8000h

80959d1f 8b33            mov     esi,dword ptr [ebx]


LAST_CONTROL_TRANSFER:  from b96483dc to 80959d1f

b5fcf9c0 b96483dc 00e70000 00000000 87c5e5a0 nt!RtlDestroyHeap+0x23
b5fcf9f8 b964866c 87c5e5a0 00000000 87c5e5a0 mrxdav!MRxDAVOuterStop+0x92
b5fcfa38 b9652bd7 01c5e5a0 b964eb9a 88983120 mrxdav!MRxDAVDevFcbXXXControlFile+0x204
b5fcfa50 b9652f83 87c5e5a0 88983120 889831fc mrxdav!RxXXXControlFileCallthru+0x67
b5fcfa74 b963ef72 87c5e5a0 00000000 8b084398 mrxdav!RxCommonDevFCBFsCtl+0x8d
b5fcfb04 b9652852 b96460f0 88983120 8b084398 mrxdav!RxFsdCommonDispatch+0x320
b5fcfb24 b964bfc4 8a4b7030 88983120 8a4f1020 mrxdav!RxFsdDispatch+0xd4
b5fcfb98 8081df85 8a4b7030 88983120 88983120 mrxdav!MRxDAVFsdDispatch+0x1f0
b5fcfbac f76f46c1 00000000 8a999d88 8b60ab50 nt!IofCallDriver+0x45
b5fcfbd8 8081df85 8a4f1020 88983120 88983120 fltmgr!FltpFsControl+0xd7
b5fcfbec b9e30070 8a549578 8a5041f0 b5fcfc10 nt!IofCallDriver+0x45
WARNING: Stack unwind information not available. Following frames may be wrong.
b5fcfbfc 8081df85 8a999d88 88983120 88983120 TmPreFlt!TmpQueryFullName+0x6376
b5fcfc10 f76f46c1 88983120 88983120 8b60ab50 nt!IofCallDriver+0x45
b5fcfc3c 8081df85 8a549578 88983120 8b084398 fltmgr!FltpFsControl+0xd7
b5fcfc50 808f5437 889831fc 8b084398 88983120 nt!IofCallDriver+0x45
b5fcfc64 808f61bf 8a549578 88983120 8b084398 nt!IopSynchronousServiceTail+0x10b
b5fcfd00 808eed3c 000002c8 00000000 00000000 nt!IopXxxControlFile+0x5e5
b5fcfd34 808897bc 000002c8 00000000 00000000 nt!NtFsControlFile+0x2a
b5fcfd34 7c8285ec 000002c8 00000000 00000000 nt!KiFastCallEntry+0xfc
00cfff20 00000000 00000000 00000000 00000000 0x7c8285ec


SYMBOL_NAME:  mrxdav!MRxDAVOuterStop+92

FOLLOWUP_NAME:  MachineOwner


IMAGE_NAME:  mrxdav.sys


STACK_COMMAND:  .cxr 0xffffffffb5fcf5e4 ; kb

FAILURE_BUCKET_ID:  0x27_mrxdav!MRxDAVOuterStop+92

BUCKET_ID:  0x27_mrxdav!MRxDAVOuterStop+92

Followup: MachineOwner

It seems to be a problem with the mrxdav.sys file.  We are using Sharepoint 2.0 extensively and hhave a desktop application (eCopy Desktop) that accesses the Sharepoint site using WebDav folders.  Any help is appreciated.
  • 3
  • 3
1 Solution
i would disable the eCopy Desktop and see if there is an update for it.
pgerardAuthor Commented:
eCopy is on the latest version.  They use eCopy Desktop too extensively to disable it.
are you running current on service packs?
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

pgerardAuthor Commented:
Yes.  The server is monitored and updated as soon as we have tested available updates.  It is on Server 2003 SP2 and the SBS Server has all available updates and SPs installed.
I would contact eCopy Desktop support and see if they can give some insight.
Are you getting any 2020 or 2019 events from the SRV service in the System event log?

Since you have figured out how to open the dump in a debugger, can you post the output of !vm?

Brian Desmond
Active Directory MVP
pgerardAuthor Commented:
It seems that the dump file is older that I origially thought and the BSOD issue is resolved.  The server was still rebooting, but I believe it was due to a faulty UPS.  I've plugged the server into a secondary power source and have had no down time since.  Thanks for taking a look at this post.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now