UREGNT: HP ProLiant 350ML G4p keeps rebooting or freezing
Running: SBS 2003 SP2 with Exchange SP2, Bit Defender AV Console
It started about three days ago, the server froze (no mouse or keyboard inputs, but still could ping it but not remote to the server) and had to manually restart it. Profile would not load, so in Safe Mode disabled all Exchange services, server came back on, started the services and things were running OK, then in the middle of the day the server rebooted itself and came back online without any problem. Again today at midnight server stopped responding and had to shut it down, came back on with no problem.
What I've done so far:
Ran HP Smart Update and installed all (33) latest drivers and BIOS for all the components
Event Logs don't show any critical errors, right before the unexpected reboots, only ID 11 Source PlugPlayManager
All Windows Update are installed
The only major change that was made on the server was installation on Bit Defender server, but it could be just a coincident
Need some advice what else check and do?
It started about three days ago, the server froze (no mouse or keyboard inputs, but still could ping it but not remote to the server) and had to manually restart it. Profile would not load, so in Safe Mode disabled all Exchange services, server came back on, started the services and things were running OK, then in the middle of the day the server rebooted itself and came back online without any problem. Again today at midnight server stopped responding and had to shut it down, came back on with no problem.
What I've done so far:
Ran HP Smart Update and installed all (33) latest drivers and BIOS for all the components
Event Logs don't show any critical errors, right before the unexpected reboots, only ID 11 Source PlugPlayManager
All Windows Update are installed
The only major change that was made on the server was installation on Bit Defender server, but it could be just a coincident
Need some advice what else check and do?
Check the IML log on the server.
There are a number of things this could be. We need to collect some data to investigate though.
Please add this registry setting - http://support.microsoft.com/kb/244139 and reboot. Next time the box is hung, hold down the /right/ Control key and press Scroll Lock twice. Your machine should generate a blue screen and write a dump out. If you could zip and attach the resulting file that would be a good start.
Since this is an HP box, do you have an ILO? If so follow the steps here as well: http://briandesmond.com/blog/forcing-a-blue-screen-via-ilo/. There is a link there to the ilo2 version although I think your server would be v1. You can either do the ILO NMI procedure or the keyboard procedure although the former is likely more reliable.
Note that occasionally KVMs eat the Scroll Lock key and don't pass it on to the system. Also if this doesn't work, hit caps lock a couple times - does the LED change state on the keyboard?
Thanks,
Brian Desmond
Active Directory MVP
Please add this registry setting - http://support.microsoft.com/kb/244139 and reboot. Next time the box is hung, hold down the /right/ Control key and press Scroll Lock twice. Your machine should generate a blue screen and write a dump out. If you could zip and attach the resulting file that would be a good start.
Since this is an HP box, do you have an ILO? If so follow the steps here as well: http://briandesmond.com/blog/forcing-a-blue-screen-via-ilo/. There is a link there to the ilo2 version although I think your server would be v1. You can either do the ILO NMI procedure or the keyboard procedure although the former is likely more reliable.
Note that occasionally KVMs eat the Scroll Lock key and don't pass it on to the system. Also if this doesn't work, hit caps lock a couple times - does the LED change state on the keyboard?
Thanks,
Brian Desmond
Active Directory MVP
Hi,
you can check a couple of things:
1. Check your anti-virus software is configured correctly with the correct exclusions for AD (http://support.microsoft.com/kb/822158) and Exchange (http://support.microsoft.com/default.aspx?scid=kb;en-us;823166)
2. Ensure your running the Microsoft Storport update which resolved an issue with random freezing and BSODs caused by HP Smart Array 5i / 6i drivers (http://support.microsoft.com/kb/932755)
3. If your using the last Proliant Support Pack, upgrade the HP ilo2 Management Controller Driver. HP have released a customer advisoryand released an updated driver v1.11.0.0 to resolve the issue
4. Disable Automatic System Reboot (ASR) in both Windows and the server's BIOS. This will enable you to capture the BSOD error message to troubleshoot.
5. Run system driver verifier to see if you have any corrupt drivers
6. Run perfmon and capture the basic counters to see if you have any kernel memory leaks
HTH
you can check a couple of things:
1. Check your anti-virus software is configured correctly with the correct exclusions for AD (http://support.microsoft.com/kb/822158) and Exchange (http://support.microsoft.com/default.aspx?scid=kb;en-us;823166)
2. Ensure your running the Microsoft Storport update which resolved an issue with random freezing and BSODs caused by HP Smart Array 5i / 6i drivers (http://support.microsoft.com/kb/932755)
3. If your using the last Proliant Support Pack, upgrade the HP ilo2 Management Controller Driver. HP have released a customer advisoryand released an updated driver v1.11.0.0 to resolve the issue
4. Disable Automatic System Reboot (ASR) in both Windows and the server's BIOS. This will enable you to capture the BSOD error message to troubleshoot.
5. Run system driver verifier to see if you have any corrupt drivers
6. Run perfmon and capture the basic counters to see if you have any kernel memory leaks
HTH
ASKER
So far I uninstalled the BitDefender agent for the server and I will watch it for couple day, will let you all now
thanks
thanks
ASKER
the server crashed again tonight (no idea why, logs don't show anything) and also an hour ago when I logged on to the HP Insight Diagnostics Online Edition for Windows, it started running that pre-diagnostic thing and the server started not responding. This is a remote server, so I'm limited what I can do right away, but when I go there today I would like to run a HP diagnostics CD. Can anyone send the link where I can download it?
ASKER
ASKER
I enabled the manual crash dump in registry. The server was running fine for about 5 days and hang this morning again. I generated the dump file:
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Documents and Settings\PMIKULA\Desktop\M
Kernel Summary Dump File: Only kernel address space is available
**************************
WARNING: Dump file has been truncated. Data may be missing.
**************************
Symbol search path is: c:\symbols
Executable search path is:
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
"nt" was not found in the image list.
Debugger will attempt to load "nt" at given base 00000000.
Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=<base>,<size>.
Unable to add module at 00000000
WARNING: .reload failed, module list may be incomplete
Debugger can not determine kernel base address
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS
Built by: 3790.srv03_sp2_gdr.080813-
Machine Name:
Kernel base = 0x80800000 PsLoadedModuleList = 0x808af9c8
Debug session time: Fri May 1 08:11:17.919 2009 (GMT-7)
System Uptime: 3 days 10:09:48.853
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
"nt" was not found in the image list.
Debugger will attempt to load "nt" at given base 00000000.
Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=<base>,<size>.
Unable to add module at 00000000
WARNING: .reload failed, module list may be incomplete
Debugger can not determine kernel base address
Loading Kernel Symbols
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
WARNING: .reload failed, module list may be incomplete
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
**************************
* *
* Bugcheck Analysis *
* *
**************************
Use !analyze -v to get detailed debugging information.
BugCheck E2, {0, 0, 0, 0}
***** Debugger could not find nt in module list, module list might be corrupt, error 0x80070057.
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
****NOTE: Output truncated hundreds of same entries *****
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
GetContextState failed, 0x80070005
Unable to read selector for PCR for processor 1
Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )
Followup: MachineOwner
---------
0: kd> !analyze -v
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
**************************
* *
* Bugcheck Analysis *
* *
**************************
MANUALLY_INITIATED_CRASH (e2)
The user manually initiated this crash dump.
Arguments:
Arg1: 00000000
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
***** Debugger could not find nt in module list, module list might be corrupt, error 0x80070057.
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
****NOTE: Output truncated hundreds of same entries *****
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
GetContextState failed, 0x80070005
Unable to read selector for PCR for processor 1
BUGCHECK_STR: MANUALLY_INITIATED_CRASH
DEFAULT_BUCKET_ID: DRIVER_FAULT
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from b9d8d532 to 8087c4a0
STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
808a34d4 b9d8d532 000000e2 00000000 00000000 0x8087c4a0
808a3504 b9d8cd2c 000814f8 000008c6 00000000 0xb9d8d532
808a354c 808395a5 89d7a4d0 8a081440 0001000a 0xb9d8cd2c
808a3570 bac1bca2 badb0d00 000392aa 13cdb16d 0x808395a5
808a3600 80839b12 00000000 0000000e 00000000 0xbac1bca2
808a6b40 00000000 808a6b48 808a6b48 808a6b50 0x80839b12
STACK_COMMAND: kb
SYMBOL_NAME: ANALYSIS_INCONCLUSIVE
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Unknown_Module
IMAGE_NAME: Unknown_Image
DEBUG_FLR_IMAGE_TIMESTAMP:
BUCKET_ID: CORRUPT_MODULELIST
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Documents and Settings\PMIKULA\Desktop\M
Kernel Summary Dump File: Only kernel address space is available
**************************
WARNING: Dump file has been truncated. Data may be missing.
**************************
Symbol search path is: c:\symbols
Executable search path is:
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
"nt" was not found in the image list.
Debugger will attempt to load "nt" at given base 00000000.
Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=<base>,<size>.
Unable to add module at 00000000
WARNING: .reload failed, module list may be incomplete
Debugger can not determine kernel base address
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS
Built by: 3790.srv03_sp2_gdr.080813-
Machine Name:
Kernel base = 0x80800000 PsLoadedModuleList = 0x808af9c8
Debug session time: Fri May 1 08:11:17.919 2009 (GMT-7)
System Uptime: 3 days 10:09:48.853
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
"nt" was not found in the image list.
Debugger will attempt to load "nt" at given base 00000000.
Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=<base>,<size>.
Unable to add module at 00000000
WARNING: .reload failed, module list may be incomplete
Debugger can not determine kernel base address
Loading Kernel Symbols
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
WARNING: .reload failed, module list may be incomplete
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
**************************
* *
* Bugcheck Analysis *
* *
**************************
Use !analyze -v to get detailed debugging information.
BugCheck E2, {0, 0, 0, 0}
***** Debugger could not find nt in module list, module list might be corrupt, error 0x80070057.
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
****NOTE: Output truncated hundreds of same entries *****
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
GetContextState failed, 0x80070005
Unable to read selector for PCR for processor 1
Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )
Followup: MachineOwner
---------
0: kd> !analyze -v
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
**************************
* *
* Bugcheck Analysis *
* *
**************************
MANUALLY_INITIATED_CRASH (e2)
The user manually initiated this crash dump.
Arguments:
Arg1: 00000000
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
***** Debugger could not find nt in module list, module list might be corrupt, error 0x80070057.
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
****NOTE: Output truncated hundreds of same entries *****
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
Unable to read KLDR_DATA_TABLE_ENTRY at 8abdd238 - Win32 error 0n5
GetContextState failed, 0x80070005
Unable to read selector for PCR for processor 1
BUGCHECK_STR: MANUALLY_INITIATED_CRASH
DEFAULT_BUCKET_ID: DRIVER_FAULT
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from b9d8d532 to 8087c4a0
STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
808a34d4 b9d8d532 000000e2 00000000 00000000 0x8087c4a0
808a3504 b9d8cd2c 000814f8 000008c6 00000000 0xb9d8d532
808a354c 808395a5 89d7a4d0 8a081440 0001000a 0xb9d8cd2c
808a3570 bac1bca2 badb0d00 000392aa 13cdb16d 0x808395a5
808a3600 80839b12 00000000 0000000e 00000000 0xbac1bca2
808a6b40 00000000 808a6b48 808a6b48 808a6b50 0x80839b12
STACK_COMMAND: kb
SYMBOL_NAME: ANALYSIS_INCONCLUSIVE
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Unknown_Module
IMAGE_NAME: Unknown_Image
DEBUG_FLR_IMAGE_TIMESTAMP:
BUCKET_ID: CORRUPT_MODULELIST
Followup: MachineOwner
---------
I'm going to need the actual dump file.
ASKER
The dump is corrupt. Is the file on the filesystem only 5 megs?
Did you let the system write it all out before you rebooted it?
Thanks,
Brian Desmond
Active Directory MVP
Did you let the system write it all out before you rebooted it?
Thanks,
Brian Desmond
Active Directory MVP
ASKER
I had the guy at the remote site wait till the everything is written, but the server simply came back online so he didn't touch it, I assume the all data was written to the file. Too bad
Well let's try again next time this occurs.
Make sure there is enough space free on the boot drive at least the same size as the pagefile.
Thanks,
Brian Desmond
Active Directory MVP
Make sure there is enough space free on the boot drive at least the same size as the pagefile.
Thanks,
Brian Desmond
Active Directory MVP
ASKER
I called HP and sent them the dump file as well, he said that even though the file is corrupt he was able to read from it that there was some error with the CPU #1, they are sending a tech to replace it. We will see if that fixes the problem
ASKER
got a new dump file :-) server froze again this morning. CPU was replaced on Friday. It may have something to do with i8042prt.sys file, keyboard driver. It's 300MB this time so I can't attach it here I will copy the debug output though. I know it has this error "Your debugger is not using the correct symbols" How do I download the correct symbols? I downloaded the main set from http://www.microsoft.com/whdc/devtools/debugging/symbolpkg.mspx#d for Server 2003
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Documents and Settings\PMIKULA\Desktop\MEMORY DUMP Monday.dmp]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: c:\symbols
Executable search path is:
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS
Built by: 3790.srv03_sp2_gdr.080813-1204
Machine Name:
Kernel base = 0x80800000 PsLoadedModuleList = 0x808af9c8
Debug session time: Mon May 4 08:07:51.256 2009 (GMT-7)
System Uptime: 2 days 15:07:36.314
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Loading Kernel Symbols
...............................................................
................................................................
Loading User Symbols
Loading unloaded module list
.
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck E2, {0, 0, 0, 0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Probably caused by : i8042prt.sys ( i8042prt!I8xProcessCrashDump+256 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MANUALLY_INITIATED_CRASH (e2)
The user manually initiated this crash dump.
Arguments:
Arg1: 00000000
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
FAULTING_MODULE: 80800000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 45d6a110
BUGCHECK_STR: MANUALLY_INITIATED_CRASH
DEFAULT_BUCKET_ID: DRIVER_FAULT
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from b9e5f532 to 8087c4a0
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
f78aac24 b9e5f532 000000e2 00000000 00000000 nt!KeBugCheckEx+0x1b
f78aac54 b9e5ed2c 001f3550 8aace8c6 00000000 i8042prt!I8xProcessCrashDump+0x256
f78aac9c 808395a5 89bf0a40 8a1f3498 0101000a i8042prt!I8042KeyboardInterruptService+0x225
f78aace0 f71b5466 f78aacf8 00000000 b97d4790 nt!KeSynchronizeExecution+0x279
f78aad50 80839b12 00000000 0000000e 00000000 NDIS!ndisMDpcX+0x21
f78aad64 00000000 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x306
STACK_COMMAND: kb
FOLLOWUP_IP:
i8042prt!I8xProcessCrashDump+256
b9e5f532 83fe01 cmp esi,1
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: i8042prt!I8xProcessCrashDump+256
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: i8042prt
IMAGE_NAME: i8042prt.sys
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
1: kd> lmvm i8042prt
start end module name
b9e5c000 b9e6f000 i8042prt (pdb symbols) c:\symbols\sys\i8042prt.pdb
Loaded symbol image file: i8042prt.sys
Image path: \SystemRoot\system32\DRIVERS\i8042prt.sys
Image name: i8042prt.sys
Timestamp: Fri Feb 16 22:30:40 2007 (45D6A110)
CheckSum: 000184DF
ImageSize: 00013000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4ASKER
I used the websymbols (srv*c:\websymbols*http://msdl.microsoft.com/download/symbols) and got the same output as before
WARNING: Whitespace at end of path element
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Documents and Settings\PMIKULA\Desktop\MEMORY DUMP Monday.dmp]
Kernel Summary Dump File: Only kernel address space is available
WARNING: Whitespace at end of path element
Symbol search path is: c:\symbols;srv*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS
Built by: 3790.srv03_sp2_gdr.080813-1204
Machine Name:
Kernel base = 0x80800000 PsLoadedModuleList = 0x808af9c8
Debug session time: Mon May 4 08:07:51.256 2009 (GMT-7)
System Uptime: 2 days 15:07:36.314
Loading Kernel Symbols
...............................................................
................................................................
Loading User Symbols
Loading unloaded module list
.
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck E2, {0, 0, 0, 0}
Probably caused by : i8042prt.sys ( i8042prt!I8xProcessCrashDump+256 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MANUALLY_INITIATED_CRASH (e2)
The user manually initiated this crash dump.
Arguments:
Arg1: 00000000
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
BUGCHECK_STR: MANUALLY_INITIATED_CRASH
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: Idle
CURRENT_IRQL: a
LAST_CONTROL_TRANSFER: from b9e5f532 to 8087c4a0
STACK_TEXT:
f78aac24 b9e5f532 000000e2 00000000 00000000 nt!KeBugCheckEx+0x1b
f78aac54 b9e5ed2c 001f3550 8aace8c6 00000000 i8042prt!I8xProcessCrashDump+0x256
f78aac9c 808395a5 89bf0a40 8a1f3498 0101000a i8042prt!I8042KeyboardInterruptService+0x225
f78aac9c baba0ca2 89bf0a40 8a1f3498 0101000a nt!KiInterruptDispatch+0x49
f78aad50 80839b12 00000000 0000000e 00000000 intelppm!AcpiC1Idle+0x12
f78aad54 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0xa
STACK_COMMAND: kb
FOLLOWUP_IP:
i8042prt!I8xProcessCrashDump+256
b9e5f532 83fe01 cmp esi,1
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: i8042prt!I8xProcessCrashDump+256
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: i8042prt
IMAGE_NAME: i8042prt.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 45d6a110
FAILURE_BUCKET_ID: MANUALLY_INITIATED_CRASH_i8042prt!I8xProcessCrashDump+256
BUCKET_ID: MANUALLY_INITIATED_CRASH_i8042prt!I8xProcessCrashDump+256
Followup: MachineOwner
---------
The i8042prt is normal - that's the keyboard initiating the crash.
Do a !analyze -v -hang and a !locks. If those aren't conclusive I'm going to need the actual dump.
Thanks,
Brian Desmond
Active Directory MVP
Do a !analyze -v -hang and a !locks. If those aren't conclusive I'm going to need the actual dump.
Thanks,
Brian Desmond
Active Directory MVP
ASKER
Hello Brian
you can download the file from my server http://s169178993.onlinehome.us/memory_dump_monday.dmp
thank you
you can download the file from my server http://s169178993.onlinehome.us/memory_dump_monday.dmp
thank you
Can you zip this file? I've tried to download it three times now at varying times and it fails at some point each time.
ASKER
sorry for that, not sure why this happened, try this one:
https://www.yousendit.com/download/dVlwSmIzTmFwTVhIRGc9PQ
https://www.yousendit.com/download/dVlwSmIzTmFwTVhIRGc9PQ
Remove whatever it is you have from StorageCraft (ShadowProtect) and reboot. Call them up and provide them the dump and ask if they have a newer version you can upgrade to (this driver is about a year old) or what gives.
1: kd> lmvm stcvsm
start end module name
f728b000 f72a8880 stcvsm (no symbols)
Loaded symbol image file: stcvsm.sys
Image path: stcvsm.sys
Image name: stcvsm.sys
Timestamp: Fri Mar 07 16:17:50 2008 (47D1BF0E)
CheckSum: 0001FFD1
ImageSize: 0001D880
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
Thanks,
Brian Desmond
Active Directory MVP
1: kd> lmvm stcvsm
start end module name
f728b000 f72a8880 stcvsm (no symbols)
Loaded symbol image file: stcvsm.sys
Image path: stcvsm.sys
Image name: stcvsm.sys
Timestamp: Fri Mar 07 16:17:50 2008 (47D1BF0E)
CheckSum: 0001FFD1
ImageSize: 0001D880
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
Thanks,
Brian Desmond
Active Directory MVP
ASKER
yeah, I google'd little bit about too, we use ShadowProtect to backup to a BDR server that runs our backup that also allows us to virtualize the server from the backup snapshots in case the primary server goes down for good. There is an agent installed on the SBS 2003 that copies the data to the BDR server on 15 min incremental schedule, at night the updated snapshot is copied from the BDR server off site via internet, that's when the server hangs usually, but not every day. I will contact the vendor to find out more.
thanks, hopefully that is the main problem
thanks, hopefully that is the main problem
ASKER
ASKER
by the way we have several other servers running sbs2003 and bitdefender that are having similar issues. we think it possible that this causes the hangs
The hangs have similiar stacks but they're not the same. I still see Shadow Protect at the top of the stack.
Thanks,
Brian Desmond
Active Directory MVP
Thanks,
Brian Desmond
Active Directory MVP
ASKER
I have two more files, one is from a different site that is having similar issues
https://rcpt.yousendit.com/686902422/09899735144b3c159ce5534145a391b0
https://download.yousendit.com/U0d6V28rK3h1Yk5MWEE9PQ
would you mind checking them?
What windb commands do you usually use? I know only !analyze -v -hangs, !locks and !lmvm module_name.
What is the command to list the stack?
Do you usually use the full symbols from Microsoft symbol server srv*c:\websymbols*http://msdl.microsoft.com/download/symbols or use a local copy?
Thanks
https://rcpt.yousendit.com/686902422/09899735144b3c159ce5534145a391b0
https://download.yousendit.com/U0d6V28rK3h1Yk5MWEE9PQ
would you mind checking them?
What windb commands do you usually use? I know only !analyze -v -hangs, !locks and !lmvm module_name.
What is the command to list the stack?
Do you usually use the full symbols from Microsoft symbol server srv*c:\websymbols*http://msdl.microsoft.com/download/symbols or use a local copy?
Thanks
ASKER
on of the previous files indicated intelppm.sys file, how can I update this file?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Haven't gotten to looking at the second set of data he posted...
You could try uninstalling the bitdefender server for 1-2 days and if your server doesn't freeze then you know for sure.