Solved

UREGNT: HP ProLiant 350ML G4p keeps rebooting or freezing

Posted on 2009-04-22
29
2,557 Views
Last Modified: 2012-05-06
Running: SBS 2003 SP2 with Exchange SP2, Bit Defender AV Console

It started about three days ago, the server froze (no mouse or keyboard inputs, but still could ping it but not remote to the server) and had to manually restart it. Profile would not load, so in Safe Mode disabled all Exchange services, server came back on, started the services and things were running OK, then in the middle of the day the server rebooted itself and came back online without any problem. Again today at midnight server stopped responding and had to shut it down, came back on with no problem.

What I've done so far:
Ran HP Smart Update and installed all (33)  latest drivers and BIOS for all the components
Event Logs don't show any critical errors, right before the unexpected reboots, only ID 11 Source      PlugPlayManager
All Windows Update are installed

The only major change that was made on the server was installation on Bit Defender server, but it could be just a coincident

Need some advice what else check and do?
0
Comment
Question by:piotrmikula108
29 Comments
 
LVL 3

Expert Comment

by:aligigi
ID: 24209145
You could look for hardware issues, overheating problems or maybe faulty powersupply, but the 350ML is a pretty well built machine. From the looks of it I believe it's the Bitdefender that's causing your problems. Other people have similar problems, you could see here for example: http://forum.bitdefender.com/index.php?s=26df78a2e154bbe60fe90fa0e7a7f2be&showtopic=9967
You could try uninstalling the bitdefender server for 1-2 days and if your server doesn't freeze then you know for sure.
0
 
LVL 22

Expert Comment

by:65td
ID: 24210462
Check the IML log on the server.
0
 
LVL 6

Expert Comment

by:bdesmond
ID: 24211719
There are a number of things this could be. We need to collect some data to investigate though.

Please add this registry setting - http://support.microsoft.com/kb/244139 and reboot. Next time the box is hung, hold down the /right/ Control key and press Scroll Lock twice. Your machine should generate a blue screen and write a dump out. If you could zip and attach the resulting file that would be a good start.

Since this is an HP box, do you have an ILO? If so follow the steps here as well: http://briandesmond.com/blog/forcing-a-blue-screen-via-ilo/. There is a link there to the ilo2 version although I think your server would be v1. You can either do the ILO NMI procedure or the keyboard procedure although the former is likely more reliable.

Note that occasionally KVMs eat the Scroll Lock key and don't pass it on to the system. Also if this doesn't work, hit caps lock a couple times - does the LED change state on the keyboard?

Thanks,
Brian Desmond
Active Directory MVP
0
 
LVL 3

Expert Comment

by:SimonL-UK
ID: 24218665
Hi,
  you can check a couple of things:
1. Check your anti-virus software is configured correctly with the correct exclusions for AD (http://support.microsoft.com/kb/822158) and Exchange (http://support.microsoft.com/default.aspx?scid=kb;en-us;823166)
2. Ensure your running the Microsoft Storport update which resolved an issue with random freezing and BSODs caused by HP Smart Array 5i / 6i drivers (http://support.microsoft.com/kb/932755)
3. If your using the last Proliant Support Pack, upgrade the HP ilo2 Management Controller Driver.  HP have released a customer advisoryand released an updated driver v1.11.0.0 to resolve the issue
4. Disable Automatic System Reboot (ASR) in both Windows and the server's BIOS.  This will enable you to capture the BSOD error message to troubleshoot.
5. Run system driver verifier to see if you have any corrupt drivers
6. Run perfmon and capture the basic counters to see if you have any kernel memory leaks

HTH
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24220358
So far I uninstalled the BitDefender agent for the server and I will watch it for couple day, will let you all now

thanks
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24229103
the server crashed again tonight (no idea why, logs don't show anything) and also an hour ago when I logged on to the HP Insight Diagnostics Online Edition for Windows, it started running that pre-diagnostic thing and the server started not responding. This is a remote server, so I'm limited what I can do right away, but when I go there today I would like to run a HP diagnostics CD. Can anyone send the link where I can download it?
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24229369
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24281499
I enabled the manual crash dump in registry. The server was running fine for about 5 days and hang this morning again. I generated the dump file:


Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\PMIKULA\Desktop\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

************************************************************
WARNING: Dump file has been truncated.  Data may be missing.
************************************************************
Symbol search path is: c:\symbols
Executable search path is:
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5

"nt" was not found in the image list.
Debugger will attempt to load "nt" at given base 00000000.

Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=<base>,<size>.
Unable to add module at 00000000
WARNING: .reload failed, module list may be incomplete
Debugger can not determine kernel base address
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS
Built by: 3790.srv03_sp2_gdr.080813-1204
Machine Name:
Kernel base = 0x80800000 PsLoadedModuleList = 0x808af9c8
Debug session time: Fri May  1 08:11:17.919 2009 (GMT-7)
System Uptime: 3 days 10:09:48.853
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5

"nt" was not found in the image list.
Debugger will attempt to load "nt" at given base 00000000.

Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=<base>,<size>.
Unable to add module at 00000000
WARNING: .reload failed, module list may be incomplete
Debugger can not determine kernel base address
Loading Kernel Symbols
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5

WARNING: .reload failed, module list may be incomplete
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck E2, {0, 0, 0, 0}

***** Debugger could not find nt in module list, module list might be corrupt, error 0x80070057.

Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5

****NOTE: Output truncated hundreds of same entries *****

Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
GetContextState failed, 0x80070005
Unable to read selector for PCR for processor 1
Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )

Followup: MachineOwner
---------

0: kd> !analyze -v
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MANUALLY_INITIATED_CRASH (e2)
The user manually initiated this crash dump.
Arguments:
Arg1: 00000000
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------

***** Debugger could not find nt in module list, module list might be corrupt, error 0x80070057.

Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5

****NOTE: Output truncated hundreds of same entries *****

Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
GetContextState failed, 0x80070005
Unable to read selector for PCR for processor 1

BUGCHECK_STR:  MANUALLY_INITIATED_CRASH

DEFAULT_BUCKET_ID:  DRIVER_FAULT

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from b9d8d532 to 8087c4a0

STACK_TEXT:  
WARNING: Frame IP not in any known module. Following frames may be wrong.
808a34d4 b9d8d532 000000e2 00000000 00000000 0x8087c4a0
808a3504 b9d8cd2c 000814f8 000008c6 00000000 0xb9d8d532
808a354c 808395a5 89d7a4d0 8a081440 0001000a 0xb9d8cd2c
808a3570 bac1bca2 badb0d00 000392aa 13cdb16d 0x808395a5
808a3600 80839b12 00000000 0000000e 00000000 0xbac1bca2
808a6b40 00000000 808a6b48 808a6b48 808a6b50 0x80839b12


STACK_COMMAND:  kb

SYMBOL_NAME:  ANALYSIS_INCONCLUSIVE

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Unknown_Module

IMAGE_NAME:  Unknown_Image

DEBUG_FLR_IMAGE_TIMESTAMP:  0

BUCKET_ID:  CORRUPT_MODULELIST

Followup: MachineOwner
---------

0
 
LVL 6

Expert Comment

by:bdesmond
ID: 24281506
I'm going to need the actual dump file.
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24281754
here you go, I changed the ext from .dmp to .jpg, .dmp is not allowed

thank you
MEMORY.jpg
0
 
LVL 6

Expert Comment

by:bdesmond
ID: 24282005
The dump is corrupt. Is the file on the filesystem only 5 megs?

Did you let the system write it all out before you rebooted it?

Thanks,
Brian Desmond
Active Directory MVP
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24282107
I had the guy at the remote site wait till the everything is written, but the server simply came back online so he didn't touch it, I assume the all data was written to the file. Too bad
0
 
LVL 6

Expert Comment

by:bdesmond
ID: 24282503
Well let's try again next time this occurs.

Make sure there is enough space free on the boot drive at least the same size as the pagefile.

Thanks,
Brian Desmond
Active Directory MVP
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24283390
I called HP and sent them the dump file as well, he said that even though the file is corrupt he was able to read from it that there was some error with the CPU #1, they are sending a tech to replace it. We will see if that fixes the problem
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 1

Author Comment

by:piotrmikula108
ID: 24296686
got a new dump file :-) server froze again this morning. CPU was replaced on Friday. It may have something to do with i8042prt.sys file, keyboard driver. It's 300MB this time so I can't attach it here I will copy the debug output though. I know it has this error "Your debugger is not using the correct symbols" How do I download the correct symbols? I downloaded the main set from http://www.microsoft.com/whdc/devtools/debugging/symbolpkg.mspx#d for Server 2003


Microsoft (R) Windows Debugger Version 6.11.0001.404 X86

Copyright (c) Microsoft Corporation. All rights reserved.
 
 

Loading Dump File [C:\Documents and Settings\PMIKULA\Desktop\MEMORY DUMP Monday.dmp]

Kernel Summary Dump File: Only kernel address space is available
 

Symbol search path is: c:\symbols

Executable search path is: 

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntkrnlmp.exe - 

Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x86 compatible

Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS

Built by: 3790.srv03_sp2_gdr.080813-1204

Machine Name:

Kernel base = 0x80800000 PsLoadedModuleList = 0x808af9c8

Debug session time: Mon May  4 08:07:51.256 2009 (GMT-7)

System Uptime: 2 days 15:07:36.314

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntkrnlmp.exe - 

Loading Kernel Symbols

...............................................................

................................................................
 

Loading User Symbols
 

Loading unloaded module list

.

*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************
 

Use !analyze -v to get detailed debugging information.
 

BugCheck E2, {0, 0, 0, 0}
 

***** Kernel symbols are WRONG. Please fix symbols to do analysis.
 

*************************************************************************

***                                                                   ***

***                                                                   ***

***    Your debugger is not using the correct symbols                 ***

***                                                                   ***

***    In order for this command to work properly, your symbol path   ***

***    must point to .pdb files that have full type information.      ***

***                                                                   ***

***    Certain .pdb files (such as the public OS symbols) do not      ***

***    contain the required information.  Contact the group that      ***

***    provided you with these symbols if you need this command to    ***

***    work.                                                          ***

***                                                                   ***

***    Type referenced: nt!_KPRCB                                     ***

***                                                                   ***

*************************************************************************

*************************************************************************

***                                                                   ***

***                                                                   ***

***    Your debugger is not using the correct symbols                 ***

***                                                                   ***

***    In order for this command to work properly, your symbol path   ***

***    must point to .pdb files that have full type information.      ***

***                                                                   ***

***    Certain .pdb files (such as the public OS symbols) do not      ***

***    contain the required information.  Contact the group that      ***

***    provided you with these symbols if you need this command to    ***

***    work.                                                          ***

***                                                                   ***

***    Type referenced: nt!KPRCB                                      ***

***                                                                   ***

*************************************************************************

*************************************************************************

***                                                                   ***

***                                                                   ***

***    Your debugger is not using the correct symbols                 ***

***                                                                   ***

***    In order for this command to work properly, your symbol path   ***

***    must point to .pdb files that have full type information.      ***

***                                                                   ***

***    Certain .pdb files (such as the public OS symbols) do not      ***

***    contain the required information.  Contact the group that      ***

***    provided you with these symbols if you need this command to    ***

***    work.                                                          ***

***                                                                   ***

***    Type referenced: nt!_KPRCB                                     ***

***                                                                   ***

*************************************************************************

*************************************************************************

***                                                                   ***

***                                                                   ***

***    Your debugger is not using the correct symbols                 ***

***                                                                   ***

***    In order for this command to work properly, your symbol path   ***

***    must point to .pdb files that have full type information.      ***

***                                                                   ***

***    Certain .pdb files (such as the public OS symbols) do not      ***

***    contain the required information.  Contact the group that      ***

***    provided you with these symbols if you need this command to    ***

***    work.                                                          ***

***                                                                   ***

***    Type referenced: nt!KPRCB                                      ***

***                                                                   ***

*************************************************************************

*************************************************************************

***                                                                   ***

***                                                                   ***

***    Your debugger is not using the correct symbols                 ***

***                                                                   ***

***    In order for this command to work properly, your symbol path   ***

***    must point to .pdb files that have full type information.      ***

***                                                                   ***

***    Certain .pdb files (such as the public OS symbols) do not      ***

***    contain the required information.  Contact the group that      ***

***    provided you with these symbols if you need this command to    ***

***    work.                                                          ***

***                                                                   ***

***    Type referenced: nt!_KPRCB                                     ***

***                                                                   ***

*************************************************************************

*************************************************************************

***                                                                   ***

***                                                                   ***

***    Your debugger is not using the correct symbols                 ***

***                                                                   ***

***    In order for this command to work properly, your symbol path   ***

***    must point to .pdb files that have full type information.      ***

***                                                                   ***

***    Certain .pdb files (such as the public OS symbols) do not      ***

***    contain the required information.  Contact the group that      ***

***    provided you with these symbols if you need this command to    ***

***    work.                                                          ***

***                                                                   ***

***    Type referenced: nt!_KPRCB                                     ***

***                                                                   ***

*************************************************************************

*************************************************************************

***                                                                   ***

***                                                                   ***

***    Your debugger is not using the correct symbols                 ***

***                                                                   ***

***    In order for this command to work properly, your symbol path   ***

***    must point to .pdb files that have full type information.      ***

***                                                                   ***

***    Certain .pdb files (such as the public OS symbols) do not      ***

***    contain the required information.  Contact the group that      ***

***    provided you with these symbols if you need this command to    ***

***    work.                                                          ***

***                                                                   ***

***    Type referenced: nt!_KPRCB                                     ***

***                                                                   ***

*************************************************************************

*************************************************************************

***                                                                   ***

***                                                                   ***

***    Your debugger is not using the correct symbols                 ***

***                                                                   ***

***    In order for this command to work properly, your symbol path   ***

***    must point to .pdb files that have full type information.      ***

***                                                                   ***

***    Certain .pdb files (such as the public OS symbols) do not      ***

***    contain the required information.  Contact the group that      ***

***    provided you with these symbols if you need this command to    ***

***    work.                                                          ***

***                                                                   ***

***    Type referenced: nt!_KPRCB                                     ***

***                                                                   ***

*************************************************************************

Probably caused by : i8042prt.sys ( i8042prt!I8xProcessCrashDump+256 )
 

Followup: MachineOwner

---------
 

1: kd> !analyze -v

*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************
 

MANUALLY_INITIATED_CRASH (e2)

The user manually initiated this crash dump.

Arguments:

Arg1: 00000000

Arg2: 00000000

Arg3: 00000000

Arg4: 00000000
 

Debugging Details:

------------------
 

***** Kernel symbols are WRONG. Please fix symbols to do analysis.
 

*************************************************************************

***                                                                   ***

***                                                                   ***

***    Your debugger is not using the correct symbols                 ***

***                                                                   ***

***    In order for this command to work properly, your symbol path   ***

***    must point to .pdb files that have full type information.      ***

***                                                                   ***

***    Certain .pdb files (such as the public OS symbols) do not      ***

***    contain the required information.  Contact the group that      ***

***    provided you with these symbols if you need this command to    ***

***    work.                                                          ***

***                                                                   ***

***    Type referenced: nt!_KPRCB                                     ***

***                                                                   ***

*************************************************************************

*************************************************************************

***                                                                   ***

***                                                                   ***

***    Your debugger is not using the correct symbols                 ***

***                                                                   ***

***    In order for this command to work properly, your symbol path   ***

***    must point to .pdb files that have full type information.      ***

***                                                                   ***

***    Certain .pdb files (such as the public OS symbols) do not      ***

***    contain the required information.  Contact the group that      ***

***    provided you with these symbols if you need this command to    ***

***    work.                                                          ***

***                                                                   ***

***    Type referenced: nt!KPRCB                                      ***

***                                                                   ***

*************************************************************************

*************************************************************************

***                                                                   ***

***                                                                   ***

***    Your debugger is not using the correct symbols                 ***

***                                                                   ***

***    In order for this command to work properly, your symbol path   ***

***    must point to .pdb files that have full type information.      ***

***                                                                   ***

***    Certain .pdb files (such as the public OS symbols) do not      ***

***    contain the required information.  Contact the group that      ***

***    provided you with these symbols if you need this command to    ***

***    work.                                                          ***

***                                                                   ***

***    Type referenced: nt!_KPRCB                                     ***

***                                                                   ***

*************************************************************************

*************************************************************************

***                                                                   ***

***                                                                   ***

***    Your debugger is not using the correct symbols                 ***

***                                                                   ***

***    In order for this command to work properly, your symbol path   ***

***    must point to .pdb files that have full type information.      ***

***                                                                   ***

***    Certain .pdb files (such as the public OS symbols) do not      ***

***    contain the required information.  Contact the group that      ***

***    provided you with these symbols if you need this command to    ***

***    work.                                                          ***

***                                                                   ***

***    Type referenced: nt!KPRCB                                      ***

***                                                                   ***

*************************************************************************

*************************************************************************

***                                                                   ***

***                                                                   ***

***    Your debugger is not using the correct symbols                 ***

***                                                                   ***

***    In order for this command to work properly, your symbol path   ***

***    must point to .pdb files that have full type information.      ***

***                                                                   ***

***    Certain .pdb files (such as the public OS symbols) do not      ***

***    contain the required information.  Contact the group that      ***

***    provided you with these symbols if you need this command to    ***

***    work.                                                          ***

***                                                                   ***

***    Type referenced: nt!_KPRCB                                     ***

***                                                                   ***

*************************************************************************

*************************************************************************

***                                                                   ***

***                                                                   ***

***    Your debugger is not using the correct symbols                 ***

***                                                                   ***

***    In order for this command to work properly, your symbol path   ***

***    must point to .pdb files that have full type information.      ***

***                                                                   ***

***    Certain .pdb files (such as the public OS symbols) do not      ***

***    contain the required information.  Contact the group that      ***

***    provided you with these symbols if you need this command to    ***

***    work.                                                          ***

***                                                                   ***

***    Type referenced: nt!_KPRCB                                     ***

***                                                                   ***

*************************************************************************

*************************************************************************

***                                                                   ***

***                                                                   ***

***    Your debugger is not using the correct symbols                 ***

***                                                                   ***

***    In order for this command to work properly, your symbol path   ***

***    must point to .pdb files that have full type information.      ***

***                                                                   ***

***    Certain .pdb files (such as the public OS symbols) do not      ***

***    contain the required information.  Contact the group that      ***

***    provided you with these symbols if you need this command to    ***

***    work.                                                          ***

***                                                                   ***

***    Type referenced: nt!_KPRCB                                     ***

***                                                                   ***

*************************************************************************

*************************************************************************

***                                                                   ***

***                                                                   ***

***    Your debugger is not using the correct symbols                 ***

***                                                                   ***

***    In order for this command to work properly, your symbol path   ***

***    must point to .pdb files that have full type information.      ***

***                                                                   ***

***    Certain .pdb files (such as the public OS symbols) do not      ***

***    contain the required information.  Contact the group that      ***

***    provided you with these symbols if you need this command to    ***

***    work.                                                          ***

***                                                                   ***

***    Type referenced: nt!_KPRCB                                     ***

***                                                                   ***

*************************************************************************
 

ADDITIONAL_DEBUG_TEXT:  

Use '!findthebuild' command to search for the target build information.

If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
 

FAULTING_MODULE: 80800000 nt
 

DEBUG_FLR_IMAGE_TIMESTAMP:  45d6a110
 

BUGCHECK_STR:  MANUALLY_INITIATED_CRASH
 

DEFAULT_BUCKET_ID:  DRIVER_FAULT
 

CURRENT_IRQL:  0
 

LAST_CONTROL_TRANSFER:  from b9e5f532 to 8087c4a0
 

STACK_TEXT:  

WARNING: Stack unwind information not available. Following frames may be wrong.

f78aac24 b9e5f532 000000e2 00000000 00000000 nt!KeBugCheckEx+0x1b

f78aac54 b9e5ed2c 001f3550 8aace8c6 00000000 i8042prt!I8xProcessCrashDump+0x256

f78aac9c 808395a5 89bf0a40 8a1f3498 0101000a i8042prt!I8042KeyboardInterruptService+0x225

f78aace0 f71b5466 f78aacf8 00000000 b97d4790 nt!KeSynchronizeExecution+0x279

f78aad50 80839b12 00000000 0000000e 00000000 NDIS!ndisMDpcX+0x21

f78aad64 00000000 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x306
 
 

STACK_COMMAND:  kb
 

FOLLOWUP_IP: 

i8042prt!I8xProcessCrashDump+256

b9e5f532 83fe01          cmp     esi,1
 

SYMBOL_STACK_INDEX:  1
 

SYMBOL_NAME:  i8042prt!I8xProcessCrashDump+256
 

FOLLOWUP_NAME:  MachineOwner
 

MODULE_NAME: i8042prt
 

IMAGE_NAME:  i8042prt.sys
 

BUCKET_ID:  WRONG_SYMBOLS
 

Followup: MachineOwner

---------
 

1: kd> lmvm i8042prt

start    end        module name

b9e5c000 b9e6f000   i8042prt   (pdb symbols)          c:\symbols\sys\i8042prt.pdb

    Loaded symbol image file: i8042prt.sys

    Image path: \SystemRoot\system32\DRIVERS\i8042prt.sys

    Image name: i8042prt.sys

    Timestamp:        Fri Feb 16 22:30:40 2007 (45D6A110)

    CheckSum:         000184DF

    ImageSize:        00013000

    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Open in new window

0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24296990
I used the websymbols (srv*c:\websymbols*http://msdl.microsoft.com/download/symbols) and got the same output as before
WARNING: Whitespace at end of path element
 

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86

Copyright (c) Microsoft Corporation. All rights reserved.
 
 

Loading Dump File [C:\Documents and Settings\PMIKULA\Desktop\MEMORY DUMP Monday.dmp]

Kernel Summary Dump File: Only kernel address space is available
 

WARNING: Whitespace at end of path element

Symbol search path is: c:\symbols;srv*c:\websymbols*http://msdl.microsoft.com/download/symbols 

Executable search path is: 

Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x86 compatible

Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS

Built by: 3790.srv03_sp2_gdr.080813-1204

Machine Name:

Kernel base = 0x80800000 PsLoadedModuleList = 0x808af9c8

Debug session time: Mon May  4 08:07:51.256 2009 (GMT-7)

System Uptime: 2 days 15:07:36.314

Loading Kernel Symbols

...............................................................

................................................................
 

Loading User Symbols
 

Loading unloaded module list

.

*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************
 

Use !analyze -v to get detailed debugging information.
 

BugCheck E2, {0, 0, 0, 0}
 

Probably caused by : i8042prt.sys ( i8042prt!I8xProcessCrashDump+256 )
 

Followup: MachineOwner

---------
 

1: kd> !analyze -v

*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************
 

MANUALLY_INITIATED_CRASH (e2)

The user manually initiated this crash dump.

Arguments:

Arg1: 00000000

Arg2: 00000000

Arg3: 00000000

Arg4: 00000000
 

Debugging Details:

------------------
 
 

BUGCHECK_STR:  MANUALLY_INITIATED_CRASH
 

DEFAULT_BUCKET_ID:  DRIVER_FAULT
 

PROCESS_NAME:  Idle
 

CURRENT_IRQL:  a
 

LAST_CONTROL_TRANSFER:  from b9e5f532 to 8087c4a0
 

STACK_TEXT:  

f78aac24 b9e5f532 000000e2 00000000 00000000 nt!KeBugCheckEx+0x1b

f78aac54 b9e5ed2c 001f3550 8aace8c6 00000000 i8042prt!I8xProcessCrashDump+0x256

f78aac9c 808395a5 89bf0a40 8a1f3498 0101000a i8042prt!I8042KeyboardInterruptService+0x225

f78aac9c baba0ca2 89bf0a40 8a1f3498 0101000a nt!KiInterruptDispatch+0x49

f78aad50 80839b12 00000000 0000000e 00000000 intelppm!AcpiC1Idle+0x12

f78aad54 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0xa
 
 

STACK_COMMAND:  kb
 

FOLLOWUP_IP: 

i8042prt!I8xProcessCrashDump+256

b9e5f532 83fe01          cmp     esi,1
 

SYMBOL_STACK_INDEX:  1
 

SYMBOL_NAME:  i8042prt!I8xProcessCrashDump+256
 

FOLLOWUP_NAME:  MachineOwner
 

MODULE_NAME: i8042prt
 

IMAGE_NAME:  i8042prt.sys
 

DEBUG_FLR_IMAGE_TIMESTAMP:  45d6a110
 

FAILURE_BUCKET_ID:  MANUALLY_INITIATED_CRASH_i8042prt!I8xProcessCrashDump+256
 

BUCKET_ID:  MANUALLY_INITIATED_CRASH_i8042prt!I8xProcessCrashDump+256
 

Followup: MachineOwner

---------

Open in new window

0
 
LVL 6

Expert Comment

by:bdesmond
ID: 24300618
The i8042prt is normal - that's the keyboard initiating the crash.

Do a !analyze -v -hang and a !locks. If those aren't conclusive I'm going to need the actual dump.

Thanks,
Brian Desmond
Active Directory MVP
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24301556
Hello Brian

you can download the file from my server  http://s169178993.onlinehome.us/memory_dump_monday.dmp

thank you

0
 
LVL 6

Expert Comment

by:bdesmond
ID: 24310720
Can you zip this file? I've tried to download it three times now at varying times and it fails at some point each time.
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24311225
sorry for that, not sure why this happened, try this one:

https://www.yousendit.com/download/dVlwSmIzTmFwTVhIRGc9PQ
0
 
LVL 6

Expert Comment

by:bdesmond
ID: 24311251
Remove whatever it is you have from StorageCraft (ShadowProtect) and reboot. Call them up and provide them the dump and ask if they have a newer version you can upgrade to (this driver is about a year old) or what gives.

1: kd> lmvm stcvsm
start    end        module name
f728b000 f72a8880   stcvsm     (no symbols)          
    Loaded symbol image file: stcvsm.sys
    Image path: stcvsm.sys
    Image name: stcvsm.sys
    Timestamp:        Fri Mar 07 16:17:50 2008 (47D1BF0E)
    CheckSum:         0001FFD1
    ImageSize:        0001D880
    Translations:     0000.04b0 0000.04e0 0409.04b0 0409.04e0


Thanks,
Brian Desmond
Active Directory MVP
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24311324
yeah, I google'd little bit about too, we use ShadowProtect to backup to a BDR server that runs our backup that also allows us to virtualize the server from the backup snapshots in case the primary server goes down for good. There is an agent installed on the SBS 2003 that copies the data to the BDR server on 15 min incremental schedule, at night the updated snapshot is copied from the BDR server off site via internet, that's when the server hangs usually, but not every day. I will contact the vendor to find out more.

thanks, hopefully that is the main problem
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24337765
new dump file was created, can you pls take a look?

thank you
MEMORY-Thursday-5-7-09.zip
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24338688
by the way we have several other servers running sbs2003 and bitdefender that are having similar issues. we think it possible that this causes the hangs
0
 
LVL 6

Expert Comment

by:bdesmond
ID: 24345955
The hangs have similiar stacks but they're not the same. I still see Shadow Protect at the top of the stack.

Thanks,
Brian Desmond
Active Directory MVP
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24369007
I have two more files, one is from a different site that is having similar issues

https://rcpt.yousendit.com/686902422/09899735144b3c159ce5534145a391b0

https://download.yousendit.com/U0d6V28rK3h1Yk5MWEE9PQ

would you mind checking them?

What windb commands do you usually use? I know only !analyze -v -hangs, !locks and !lmvm module_name.

What is the command to list the stack?

Do you usually use the full symbols from Microsoft symbol server srv*c:\websymbols*http://msdl.microsoft.com/download/symbols or use a local copy?

Thanks

0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 24387513
on of the previous files indicated intelppm.sys file, how can I update this file?
0
 
LVL 1

Accepted Solution

by:
piotrmikula108 earned 0 total points
ID: 24428787
After completely uninstalling BitDefender from the server the freezes stopped, now we need to figure out a fix for it :-)

thanks for all your help Brian
0
 
LVL 6

Expert Comment

by:bdesmond
ID: 24434423
Haven't gotten to looking at the second set of data he posted...
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
Moving your enterprise fax infrastructure from in-house fax machines and servers to the cloud makes sense — from both an efficiency and productivity standpoint. But does migrating to a cloud fax solution mean you will no longer be able to send or re…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now