Solved

UREGNT: HP ProLiant 350ML G4p keeps rebooting or freezing

Posted on 2009-04-22
29
2,559 Views
Last Modified: 2012-05-06
Running: SBS 2003 SP2 with Exchange SP2, Bit Defender AV Console

It started about three days ago, the server froze (no mouse or keyboard inputs, but still could ping it but not remote to the server) and had to manually restart it. Profile would not load, so in Safe Mode disabled all Exchange services, server came back on, started the services and things were running OK, then in the middle of the day the server rebooted itself and came back online without any problem. Again today at midnight server stopped responding and had to shut it down, came back on with no problem.

What I've done so far:
Ran HP Smart Update and installed all (33)  latest drivers and BIOS for all the components
Event Logs don't show any critical errors, right before the unexpected reboots, only ID 11 Source      PlugPlayManager
All Windows Update are installed

The only major change that was made on the server was installation on Bit Defender server, but it could be just a coincident

Need some advice what else check and do?
0
Comment
Question by:piotrmikula108
29 Comments
 
LVL 3

Expert Comment

by:aligigi
ID: 24209145
You could look for hardware issues, overheating problems or maybe faulty powersupply, but the 350ML is a pretty well built machine. From the looks of it I believe it's the Bitdefender that's causing your problems. Other people have similar problems, you could see here for example: http://forum.bitdefender.com/index.php?s=26df78a2e154bbe60fe90fa0e7a7f2be&showtopic=9967
You could try uninstalling the bitdefender server for 1-2 days and if your server doesn't freeze then you know for sure.
0
 
LVL 22

Expert Comment

by:65td
ID: 24210462
Check the IML log on the server.
0
 
LVL 6

Expert Comment

by:bdesmond
ID: 24211719
There are a number of things this could be. We need to collect some data to investigate though.

Please add this registry setting - http://support.microsoft.com/kb/244139 and reboot. Next time the box is hung, hold down the /right/ Control key and press Scroll Lock twice. Your machine should generate a blue screen and write a dump out. If you could zip and attach the resulting file that would be a good start.

Since this is an HP box, do you have an ILO? If so follow the steps here as well: http://briandesmond.com/blog/forcing-a-blue-screen-via-ilo/. There is a link there to the ilo2 version although I think your server would be v1. You can either do the ILO NMI procedure or the keyboard procedure although the former is likely more reliable.

Note that occasionally KVMs eat the Scroll Lock key and don't pass it on to the system. Also if this doesn't work, hit caps lock a couple times - does the LED change state on the keyboard?

Thanks,
Brian Desmond
Active Directory MVP
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 3

Expert Comment

by:SimonL-UK
ID: 24218665
Hi,
  you can check a couple of things:
1. Check your anti-virus software is configured correctly with the correct exclusions for AD (http://support.microsoft.com/kb/822158) and Exchange (http://support.microsoft.com/default.aspx?scid=kb;en-us;823166)
2. Ensure your running the Microsoft Storport update which resolved an issue with random freezing and BSODs caused by HP Smart Array 5i / 6i drivers (http://support.microsoft.com/kb/932755)
3. If your using the last Proliant Support Pack, upgrade the HP ilo2 Management Controller Driver.  HP have released a customer advisoryand released an updated driver v1.11.0.0 to resolve the issue
4. Disable Automatic System Reboot (ASR) in both Windows and the server's BIOS.  This will enable you to capture the BSOD error message to troubleshoot.
5. Run system driver verifier to see if you have any corrupt drivers
6. Run perfmon and capture the basic counters to see if you have any kernel memory leaks

HTH
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24220358
So far I uninstalled the BitDefender agent for the server and I will watch it for couple day, will let you all now

thanks
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24229103
the server crashed again tonight (no idea why, logs don't show anything) and also an hour ago when I logged on to the HP Insight Diagnostics Online Edition for Windows, it started running that pre-diagnostic thing and the server started not responding. This is a remote server, so I'm limited what I can do right away, but when I go there today I would like to run a HP diagnostics CD. Can anyone send the link where I can download it?
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24229369
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24281499
I enabled the manual crash dump in registry. The server was running fine for about 5 days and hang this morning again. I generated the dump file:


Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\PMIKULA\Desktop\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

************************************************************
WARNING: Dump file has been truncated.  Data may be missing.
************************************************************
Symbol search path is: c:\symbols
Executable search path is:
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5

"nt" was not found in the image list.
Debugger will attempt to load "nt" at given base 00000000.

Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=<base>,<size>.
Unable to add module at 00000000
WARNING: .reload failed, module list may be incomplete
Debugger can not determine kernel base address
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS
Built by: 3790.srv03_sp2_gdr.080813-1204
Machine Name:
Kernel base = 0x80800000 PsLoadedModuleList = 0x808af9c8
Debug session time: Fri May  1 08:11:17.919 2009 (GMT-7)
System Uptime: 3 days 10:09:48.853
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5

"nt" was not found in the image list.
Debugger will attempt to load "nt" at given base 00000000.

Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=<base>,<size>.
Unable to add module at 00000000
WARNING: .reload failed, module list may be incomplete
Debugger can not determine kernel base address
Loading Kernel Symbols
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5

WARNING: .reload failed, module list may be incomplete
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck E2, {0, 0, 0, 0}

***** Debugger could not find nt in module list, module list might be corrupt, error 0x80070057.

Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5

****NOTE: Output truncated hundreds of same entries *****

Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
GetContextState failed, 0x80070005
Unable to read selector for PCR for processor 1
Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )

Followup: MachineOwner
---------

0: kd> !analyze -v
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MANUALLY_INITIATED_CRASH (e2)
The user manually initiated this crash dump.
Arguments:
Arg1: 00000000
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------

***** Debugger could not find nt in module list, module list might be corrupt, error 0x80070057.

Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5

****NOTE: Output truncated hundreds of same entries *****

Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
GetContextState failed, 0x80070005
Unable to read selector for PCR for processor 1

BUGCHECK_STR:  MANUALLY_INITIATED_CRASH

DEFAULT_BUCKET_ID:  DRIVER_FAULT

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from b9d8d532 to 8087c4a0

STACK_TEXT:  
WARNING: Frame IP not in any known module. Following frames may be wrong.
808a34d4 b9d8d532 000000e2 00000000 00000000 0x8087c4a0
808a3504 b9d8cd2c 000814f8 000008c6 00000000 0xb9d8d532
808a354c 808395a5 89d7a4d0 8a081440 0001000a 0xb9d8cd2c
808a3570 bac1bca2 badb0d00 000392aa 13cdb16d 0x808395a5
808a3600 80839b12 00000000 0000000e 00000000 0xbac1bca2
808a6b40 00000000 808a6b48 808a6b48 808a6b50 0x80839b12


STACK_COMMAND:  kb

SYMBOL_NAME:  ANALYSIS_INCONCLUSIVE

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Unknown_Module

IMAGE_NAME:  Unknown_Image

DEBUG_FLR_IMAGE_TIMESTAMP:  0

BUCKET_ID:  CORRUPT_MODULELIST

Followup: MachineOwner
---------

0
 
LVL 6

Expert Comment

by:bdesmond
ID: 24281506
I'm going to need the actual dump file.
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24281754
here you go, I changed the ext from .dmp to .jpg, .dmp is not allowed

thank you
MEMORY.jpg
0
 
LVL 6

Expert Comment

by:bdesmond
ID: 24282005
The dump is corrupt. Is the file on the filesystem only 5 megs?

Did you let the system write it all out before you rebooted it?

Thanks,
Brian Desmond
Active Directory MVP
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24282107
I had the guy at the remote site wait till the everything is written, but the server simply came back online so he didn't touch it, I assume the all data was written to the file. Too bad
0
 
LVL 6

Expert Comment

by:bdesmond
ID: 24282503
Well let's try again next time this occurs.

Make sure there is enough space free on the boot drive at least the same size as the pagefile.

Thanks,
Brian Desmond
Active Directory MVP
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24283390
I called HP and sent them the dump file as well, he said that even though the file is corrupt he was able to read from it that there was some error with the CPU #1, they are sending a tech to replace it. We will see if that fixes the problem
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24296686
got a new dump file :-) server froze again this morning. CPU was replaced on Friday. It may have something to do with i8042prt.sys file, keyboard driver. It's 300MB this time so I can't attach it here I will copy the debug output though. I know it has this error "Your debugger is not using the correct symbols" How do I download the correct symbols? I downloaded the main set from http://www.microsoft.com/whdc/devtools/debugging/symbolpkg.mspx#d for Server 2003

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
 
 
Loading Dump File [C:\Documents and Settings\PMIKULA\Desktop\MEMORY DUMP Monday.dmp]
Kernel Summary Dump File: Only kernel address space is available
 
Symbol search path is: c:\symbols
Executable search path is: 
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntkrnlmp.exe - 
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS
Built by: 3790.srv03_sp2_gdr.080813-1204
Machine Name:
Kernel base = 0x80800000 PsLoadedModuleList = 0x808af9c8
Debug session time: Mon May  4 08:07:51.256 2009 (GMT-7)
System Uptime: 2 days 15:07:36.314
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntkrnlmp.exe - 
Loading Kernel Symbols
...............................................................
................................................................
 
Loading User Symbols
 
Loading unloaded module list
.
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
Use !analyze -v to get detailed debugging information.
 
BugCheck E2, {0, 0, 0, 0}
 
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
 
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!KPRCB                                      ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!KPRCB                                      ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
Probably caused by : i8042prt.sys ( i8042prt!I8xProcessCrashDump+256 )
 
Followup: MachineOwner
---------
 
1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
MANUALLY_INITIATED_CRASH (e2)
The user manually initiated this crash dump.
Arguments:
Arg1: 00000000
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000
 
Debugging Details:
------------------
 
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
 
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!KPRCB                                      ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!KPRCB                                      ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
 
ADDITIONAL_DEBUG_TEXT:  
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
 
FAULTING_MODULE: 80800000 nt
 
DEBUG_FLR_IMAGE_TIMESTAMP:  45d6a110
 
BUGCHECK_STR:  MANUALLY_INITIATED_CRASH
 
DEFAULT_BUCKET_ID:  DRIVER_FAULT
 
CURRENT_IRQL:  0
 
LAST_CONTROL_TRANSFER:  from b9e5f532 to 8087c4a0
 
STACK_TEXT:  
WARNING: Stack unwind information not available. Following frames may be wrong.
f78aac24 b9e5f532 000000e2 00000000 00000000 nt!KeBugCheckEx+0x1b
f78aac54 b9e5ed2c 001f3550 8aace8c6 00000000 i8042prt!I8xProcessCrashDump+0x256
f78aac9c 808395a5 89bf0a40 8a1f3498 0101000a i8042prt!I8042KeyboardInterruptService+0x225
f78aace0 f71b5466 f78aacf8 00000000 b97d4790 nt!KeSynchronizeExecution+0x279
f78aad50 80839b12 00000000 0000000e 00000000 NDIS!ndisMDpcX+0x21
f78aad64 00000000 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x306
 
 
STACK_COMMAND:  kb
 
FOLLOWUP_IP: 
i8042prt!I8xProcessCrashDump+256
b9e5f532 83fe01          cmp     esi,1
 
SYMBOL_STACK_INDEX:  1
 
SYMBOL_NAME:  i8042prt!I8xProcessCrashDump+256
 
FOLLOWUP_NAME:  MachineOwner
 
MODULE_NAME: i8042prt
 
IMAGE_NAME:  i8042prt.sys
 
BUCKET_ID:  WRONG_SYMBOLS
 
Followup: MachineOwner
---------
 
1: kd> lmvm i8042prt
start    end        module name
b9e5c000 b9e6f000   i8042prt   (pdb symbols)          c:\symbols\sys\i8042prt.pdb
    Loaded symbol image file: i8042prt.sys
    Image path: \SystemRoot\system32\DRIVERS\i8042prt.sys
    Image name: i8042prt.sys
    Timestamp:        Fri Feb 16 22:30:40 2007 (45D6A110)
    CheckSum:         000184DF
    ImageSize:        00013000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Open in new window

0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24296990
I used the websymbols (srv*c:\websymbols*http://msdl.microsoft.com/download/symbols) and got the same output as before
WARNING: Whitespace at end of path element
 
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
 
 
Loading Dump File [C:\Documents and Settings\PMIKULA\Desktop\MEMORY DUMP Monday.dmp]
Kernel Summary Dump File: Only kernel address space is available
 
WARNING: Whitespace at end of path element
Symbol search path is: c:\symbols;srv*c:\websymbols*http://msdl.microsoft.com/download/symbols 
Executable search path is: 
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS
Built by: 3790.srv03_sp2_gdr.080813-1204
Machine Name:
Kernel base = 0x80800000 PsLoadedModuleList = 0x808af9c8
Debug session time: Mon May  4 08:07:51.256 2009 (GMT-7)
System Uptime: 2 days 15:07:36.314
Loading Kernel Symbols
...............................................................
................................................................
 
Loading User Symbols
 
Loading unloaded module list
.
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
Use !analyze -v to get detailed debugging information.
 
BugCheck E2, {0, 0, 0, 0}
 
Probably caused by : i8042prt.sys ( i8042prt!I8xProcessCrashDump+256 )
 
Followup: MachineOwner
---------
 
1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
MANUALLY_INITIATED_CRASH (e2)
The user manually initiated this crash dump.
Arguments:
Arg1: 00000000
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000
 
Debugging Details:
------------------
 
 
BUGCHECK_STR:  MANUALLY_INITIATED_CRASH
 
DEFAULT_BUCKET_ID:  DRIVER_FAULT
 
PROCESS_NAME:  Idle
 
CURRENT_IRQL:  a
 
LAST_CONTROL_TRANSFER:  from b9e5f532 to 8087c4a0
 
STACK_TEXT:  
f78aac24 b9e5f532 000000e2 00000000 00000000 nt!KeBugCheckEx+0x1b
f78aac54 b9e5ed2c 001f3550 8aace8c6 00000000 i8042prt!I8xProcessCrashDump+0x256
f78aac9c 808395a5 89bf0a40 8a1f3498 0101000a i8042prt!I8042KeyboardInterruptService+0x225
f78aac9c baba0ca2 89bf0a40 8a1f3498 0101000a nt!KiInterruptDispatch+0x49
f78aad50 80839b12 00000000 0000000e 00000000 intelppm!AcpiC1Idle+0x12
f78aad54 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0xa
 
 
STACK_COMMAND:  kb
 
FOLLOWUP_IP: 
i8042prt!I8xProcessCrashDump+256
b9e5f532 83fe01          cmp     esi,1
 
SYMBOL_STACK_INDEX:  1
 
SYMBOL_NAME:  i8042prt!I8xProcessCrashDump+256
 
FOLLOWUP_NAME:  MachineOwner
 
MODULE_NAME: i8042prt
 
IMAGE_NAME:  i8042prt.sys
 
DEBUG_FLR_IMAGE_TIMESTAMP:  45d6a110
 
FAILURE_BUCKET_ID:  MANUALLY_INITIATED_CRASH_i8042prt!I8xProcessCrashDump+256
 
BUCKET_ID:  MANUALLY_INITIATED_CRASH_i8042prt!I8xProcessCrashDump+256
 
Followup: MachineOwner
---------

Open in new window

0
 
LVL 6

Expert Comment

by:bdesmond
ID: 24300618
The i8042prt is normal - that's the keyboard initiating the crash.

Do a !analyze -v -hang and a !locks. If those aren't conclusive I'm going to need the actual dump.

Thanks,
Brian Desmond
Active Directory MVP
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24301556
Hello Brian

you can download the file from my server  http://s169178993.onlinehome.us/memory_dump_monday.dmp

thank you

0
 
LVL 6

Expert Comment

by:bdesmond
ID: 24310720
Can you zip this file? I've tried to download it three times now at varying times and it fails at some point each time.
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24311225
sorry for that, not sure why this happened, try this one:

https://www.yousendit.com/download/dVlwSmIzTmFwTVhIRGc9PQ
0
 
LVL 6

Expert Comment

by:bdesmond
ID: 24311251
Remove whatever it is you have from StorageCraft (ShadowProtect) and reboot. Call them up and provide them the dump and ask if they have a newer version you can upgrade to (this driver is about a year old) or what gives.

1: kd> lmvm stcvsm
start    end        module name
f728b000 f72a8880   stcvsm     (no symbols)          
    Loaded symbol image file: stcvsm.sys
    Image path: stcvsm.sys
    Image name: stcvsm.sys
    Timestamp:        Fri Mar 07 16:17:50 2008 (47D1BF0E)
    CheckSum:         0001FFD1
    ImageSize:        0001D880
    Translations:     0000.04b0 0000.04e0 0409.04b0 0409.04e0


Thanks,
Brian Desmond
Active Directory MVP
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24311324
yeah, I google'd little bit about too, we use ShadowProtect to backup to a BDR server that runs our backup that also allows us to virtualize the server from the backup snapshots in case the primary server goes down for good. There is an agent installed on the SBS 2003 that copies the data to the BDR server on 15 min incremental schedule, at night the updated snapshot is copied from the BDR server off site via internet, that's when the server hangs usually, but not every day. I will contact the vendor to find out more.

thanks, hopefully that is the main problem
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24337765
new dump file was created, can you pls take a look?

thank you
MEMORY-Thursday-5-7-09.zip
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24338688
by the way we have several other servers running sbs2003 and bitdefender that are having similar issues. we think it possible that this causes the hangs
0
 
LVL 6

Expert Comment

by:bdesmond
ID: 24345955
The hangs have similiar stacks but they're not the same. I still see Shadow Protect at the top of the stack.

Thanks,
Brian Desmond
Active Directory MVP
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24369007
I have two more files, one is from a different site that is having similar issues

https://rcpt.yousendit.com/686902422/09899735144b3c159ce5534145a391b0

https://download.yousendit.com/U0d6V28rK3h1Yk5MWEE9PQ

would you mind checking them?

What windb commands do you usually use? I know only !analyze -v -hangs, !locks and !lmvm module_name.

What is the command to list the stack?

Do you usually use the full symbols from Microsoft symbol server srv*c:\websymbols*http://msdl.microsoft.com/download/symbols or use a local copy?

Thanks

0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24387513
on of the previous files indicated intelppm.sys file, how can I update this file?
0
 
LVL 1

Accepted Solution

by:
piotrmikula108 earned 0 total points
ID: 24428787
After completely uninstalling BitDefender from the server the freezes stopped, now we need to figure out a fix for it :-)

thanks for all your help Brian
0
 
LVL 6

Expert Comment

by:bdesmond
ID: 24434423
Haven't gotten to looking at the second set of data he posted...
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now