Doasli
asked on
How do I read this debug logfile for Windows 2003 Server?
My Windows 2003 server crashed. I am using a Supermicro motherboard with dual Xeon processors and intergrated Intel SATA Raid controller using Raid 5. The system crashed with a blue screen so I ran debug and am pasting it here to see if anyone can give me a clue where the problem may lie.
Thanks
Thanks
Opened log file 'c:\debuglog.txt'
0: kd> .sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Expanded Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
0: kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q
Loading Kernel Symbols
...............................................................
................................................
Loading User Symbols
Loading unloaded module list
.......
Unable to load image iaStor.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for iaStor.sys
*** ERROR: Module load completed but symbols could not be loaded for iaStor.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Unknown bugcheck code (8086)
Unknown bugcheck description
Arguments:
Arg1: 00000000
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0x8086
PROCESS_NAME: ctfmon.exe
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from f71feaf5 to 80827c5e
STACK_TEXT:
f78aae3c f71feaf5 00008086 8b386000 8aefab68 nt!KeBugCheck+0x14
WARNING: Stack unwind information not available. Following frames may be wrong.
f78aae58 f71c97e4 8b38b9c0 8087230c 8b386000 iaStor+0x39af5
f78aaef4 f71ca397 8b386000 f7204b2c ffdffa40 iaStor+0x47e4
f78aaf8c f7204b6b 8b386000 00000000 f78aaff4 iaStor+0x5397
f78aaf9c 80832110 8b38c0f0 8b38b9c0 00000000 iaStor+0x3fb6b
f78aaff4 8088db57 a6d1548c 00000000 00000000 nt!KiRetireDpcList+0xca
f78aaff8 a6d1548c 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x37
f78aaffc 00000000 00000000 00000000 00000000 0xa6d1548c
STACK_COMMAND: kb
FOLLOWUP_IP:
iaStor+39af5
f71feaf5 ?? ???
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: iaStor+39af5
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: iaStor
IMAGE_NAME: iaStor.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 46018619
FAILURE_BUCKET_ID: 0x8086_iaStor+39af5
BUCKET_ID: 0x8086_iaStor+39af5
Followup: MachineOwner
---------
eax=ffdff13c ebx=00000000 ecx=00000000 edx=ffffffff esi=ffdff120 edi=8b38c300
eip=80827c5e esp=f78aae24 ebp=f78aae3c iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
nt!KeBugCheck+0x14:
80827c5e 5d pop ebp
ChildEBP RetAddr Args to Child
f78aae3c f71feaf5 00008086 8b386000 8aefab68 nt!KeBugCheck+0x14 (FPO: [1,0,0])
WARNING: Stack unwind information not available. Following frames may be wrong.
f78aae58 f71c97e4 8b38b9c0 8087230c 8b386000 iaStor+0x39af5
f78aaef4 f71ca397 8b386000 f7204b2c ffdffa40 iaStor+0x47e4
f78aaf8c f7204b6b 8b386000 00000000 f78aaff4 iaStor+0x5397
f78aaf9c 80832110 8b38c0f0 8b38b9c0 00000000 iaStor+0x3fb6b
f78aaff4 8088db57 a6d1548c 00000000 00000000 nt!KiRetireDpcList+0xca (FPO: [0,13,4])
f78aaff8 a6d1548c 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x37 (FPO: [Uses EBP] [0,0,1])
f78aaffc 00000000 00000000 00000000 00000000 0xa6d1548c
start end module name
80800000 80a5a000 nt ntkrpamp.exe Wed Aug 13 04:42:13 2008 (48A2AC75)
80a5a000 80a86000 hal halmacpi.dll Fri Feb 16 23:48:26 2007 (45D6972A)
b7f1e000 b7f27000 asyncmac asyncmac.sys Tue Mar 25 02:11:27 2003 (3E80011F)
b97e6000 b97fb000 Cdfs Cdfs.SYS Sat Feb 17 00:27:08 2007 (45D6A03C)
b9a03000 b9a2e000 RDPWD RDPWD.SYS Fri Feb 16 23:44:38 2007 (45D69646)
b9be8000 b9bea300 uphcleanhlp uphcleanhlp.sys Wed Apr 27 13:58:56 2005 (426FE0F0)
b9c98000 b9cf6000 srv srv.sys Thu Dec 11 05:35:59 2008 (4940FB1F)
b9de6000 b9ead000 dump_iaStor dump_iaStor.sys Wed Mar 21 14:23:05 2007 (46018619)
b9ead000 b9ed7000 Fastfat Fastfat.SYS Sat Feb 17 00:27:55 2007 (45D6A06B)
bae7a000 bae80c80 avg7rsxp avg7rsxp.sys Tue Jan 30 09:08:42 2007 (45BF5F7A)
bf800000 bf9d0000 win32k win32k.sys Mon Feb 09 05:30:06 2009 (499013BE)
bf9d0000 bf9e7000 dxg dxg.sys Sat Feb 17 00:14:39 2007 (45D69D4F)
bff40000 bff48000 framebuf framebuf.dll Tue Mar 25 04:46:25 2003 (3E802571)
bff60000 bff7e000 RDPDD RDPDD.dll Sat Feb 17 08:01:19 2007 (45D70AAF)
bffa0000 bffea000 ATMFD ATMFD.DLL Sat Feb 17 07:59:31 2007 (45D70A43)
f1916000 f1921000 TDTCP TDTCP.SYS Fri Feb 16 23:44:32 2007 (45D69640)
f2206000 f2207080 avg7rsw avg7rsw.sys Tue Jul 26 07:10:51 2005 (42E6284B)
f2536000 f253dd80 usbccgp usbccgp.sys Sat Feb 17 00:13:08 2007 (45D69CF4)
f2887000 f294fa60 avg7core avg7core.sys Wed Oct 10 11:23:39 2007 (470CFC8B)
f2950000 f2961000 Fips Fips.SYS Sat Feb 17 00:26:33 2007 (45D6A019)
f2961000 f29d7000 mrxsmb mrxsmb.sys Fri Sep 05 10:26:52 2008 (48C14FBC)
f29ff000 f2a2f000 rdbss rdbss.sys Sat Feb 17 00:27:37 2007 (45D6A059)
f2a2f000 f2a59000 afd afd.sys Thu Aug 14 05:46:56 2008 (48A40D20)
f2a59000 f2a8a000 netbt netbt.sys Sat Feb 17 00:28:57 2007 (45D6A0A9)
f2a8a000 f2b1a000 tcpip tcpip.sys Fri Jun 20 09:20:25 2008 (485BBCA9)
f2b1a000 f2b33000 ipsec ipsec.sys Sat Feb 17 00:29:28 2007 (45D6A0C8)
f2d13000 f2d1b000 mouhid mouhid.sys Tue Mar 25 02:03:12 2003 (3E7FFF30)
f2d4b000 f2d53000 rasacd rasacd.sys Tue Mar 25 02:11:50 2003 (3E800136)
f2e0c000 f2e16000 ndisuio ndisuio.sys Fri Feb 16 23:58:25 2007 (45D69981)
f2e1c000 f2e29000 netbios netbios.sys Fri Feb 16 23:58:29 2007 (45D69985)
f2e2c000 f2e39000 wanarp wanarp.sys Fri Feb 16 23:59:17 2007 (45D699B5)
f2e3c000 f2e4a000 msgpc msgpc.sys Fri Feb 16 23:58:37 2007 (45D6998D)
f2e4c000 f2e59000 Npfs Npfs.SYS Fri Feb 16 23:50:36 2007 (45D697AC)
f2e5c000 f2e67000 Msfs Msfs.SYS Fri Feb 16 23:50:33 2007 (45D697A9)
f2e8c000 f2e96000 flpydisk flpydisk.sys Tue Mar 25 02:04:32 2003 (3E7FFF80)
f3227000 f322f000 RDPCDD RDPCDD.sys Tue Mar 25 02:03:05 2003 (3E7FFF29)
f322f000 f3237000 mnmdd mnmdd.SYS Tue Mar 25 02:07:53 2003 (3E800049)
f3237000 f323d300 HIDPARSE HIDPARSE.SYS Sat Feb 17 00:12:35 2007 (45D69CD3)
f323f000 f3246000 Beep Beep.SYS Tue Mar 25 02:03:04 2003 (3E7FFF28)
f3247000 f324e000 Null Null.SYS Tue Mar 25 02:03:05 2003 (3E7FFF29)
f324f000 f3257000 Fs_Rec Fs_Rec.SYS Tue Mar 25 02:08:36 2003 (3E800074)
f378a000 f3793000 hidusb hidusb.sys Tue Mar 25 02:10:17 2003 (3E8000D9)
f3b4b000 f3b59000 HIDCLASS HIDCLASS.SYS Tue Mar 25 02:10:17 2003 (3E8000D9)
f4607000 f4611000 Dxapi Dxapi.sys Tue Mar 25 02:06:01 2003 (3E7FFFD9)
f4b09000 f4b1e000 usbhub usbhub.sys Sat Feb 17 00:13:05 2007 (45D69CF1)
f4bd7000 f4be0000 kbdhid kbdhid.sys Sat Feb 17 00:05:42 2007 (45D69B36)
f527c000 f528a000 NDProxy NDProxy.SYS Fri Feb 16 23:59:21 2007 (45D699B9)
f52cc000 f532b000 update update.sys Mon May 28 07:15:16 2007 (465AC7D4)
f532b000 f5362000 rdpdr rdpdr.sys Fri Feb 16 23:51:00 2007 (45D697C4)
f5362000 f5374000 raspptp raspptp.sys Sat Feb 17 00:29:20 2007 (45D6A0C0)
f5374000 f538d000 ndiswan ndiswan.sys Sat Feb 17 00:29:22 2007 (45D6A0C2)
f538d000 f53a1000 rasl2tp rasl2tp.sys Sat Feb 17 00:29:02 2007 (45D6A0AE)
f53a1000 f53b6000 serial serial.sys Sat Feb 17 00:06:46 2007 (45D69B76)
f53b6000 f53c9000 i8042prt i8042prt.sys Sat Feb 17 00:30:40 2007 (45D6A110)
f53c9000 f53e5000 VIDEOPRT VIDEOPRT.SYS Sat Feb 17 00:10:30 2007 (45D69C56)
f53e5000 f540c000 ks ks.sys Sat Feb 17 00:30:40 2007 (45D6A110)
f540c000 f5420000 redbook redbook.sys Sat Feb 17 00:07:26 2007 (45D69B9E)
f5420000 f5435000 cdrom cdrom.sys Sat Feb 17 00:07:48 2007 (45D69BB4)
f5435000 f5473000 e1e5132 e1e5132.sys Tue Dec 11 15:15:54 2007 (475EFE0A)
f5473000 f549d000 USBPORT USBPORT.SYS Sat Feb 17 00:12:59 2007 (45D69CEB)
f6021000 f6028000 dxgthk dxgthk.sys Tue Mar 25 02:05:52 2003 (3E7FFFD0)
f62e4000 f62ef000 TDI TDI.SYS Sat Feb 17 00:01:19 2007 (45D69A2F)
f7074000 f7093000 Mup Mup.sys Sat Feb 17 00:27:41 2007 (45D6A05D)
f7093000 f70d2000 NDIS NDIS.sys Sat Feb 17 00:28:49 2007 (45D6A0A1)
f70d2000 f7167000 Ntfs Ntfs.sys Sat Feb 17 00:27:23 2007 (45D6A04B)
f7167000 f718d000 KSecDD KSecDD.sys Fri Feb 16 23:46:32 2007 (45D696B8)
f718d000 f71b2000 fltmgr fltmgr.sys Fri Feb 16 23:51:08 2007 (45D697CC)
f71b2000 f71c5000 CLASSPNP CLASSPNP.SYS Sat Feb 17 00:28:16 2007 (45D6A080)
f71c5000 f728c000 iaStor iaStor.sys Wed Mar 21 14:23:05 2007 (46018619)
f728c000 f72a9000 atapi atapi.sys Sat Feb 17 00:07:34 2007 (45D69BA6)
f72a9000 f72d3000 volsnap volsnap.sys Sat Feb 17 00:08:23 2007 (45D69BD7)
f72d3000 f72ff000 dmio dmio.sys Sat Feb 17 00:10:44 2007 (45D69C64)
f72ff000 f7326000 ftdisk ftdisk.sys Sat Feb 17 00:08:05 2007 (45D69BC5)
f7326000 f733c000 pci pci.sys Fri Feb 16 23:59:03 2007 (45D699A7)
f733c000 f7370000 ACPI ACPI.sys Fri Feb 16 23:58:47 2007 (45D69997)
f7370000 f7386000 sacdrv sacdrv.sys Sat Feb 17 00:06:42 2007 (45D69B72)
f7487000 f7490000 WMILIB WMILIB.SYS Tue Mar 25 02:13:00 2003 (3E80017C)
f7497000 f74a6000 isapnp isapnp.sys Fri Feb 16 23:58:57 2007 (45D699A1)
f74a7000 f74b4000 PCIIDEX PCIIDEX.SYS Sat Feb 17 00:07:32 2007 (45D69BA4)
f74b7000 f74c7000 MountMgr MountMgr.sys Sat Feb 17 00:05:35 2007 (45D69B2F)
f74c7000 f74d2000 PartMgr PartMgr.sys Sat Feb 17 00:29:25 2007 (45D6A0C5)
f74d7000 f74e7000 disk disk.sys Sat Feb 17 00:07:51 2007 (45D69BB7)
f74e7000 f74f3000 Dfs Dfs.sys Fri Feb 16 23:51:17 2007 (45D697D5)
f74f7000 f7503000 ioatdma ioatdma.sys Fri Jan 18 10:41:41 2008 (4790D6C5)
f7507000 f7511000 crcdisk crcdisk.sys Sat Feb 17 00:09:50 2007 (45D69C2E)
f7557000 f7561000 mouclass mouclass.sys Tue Mar 25 02:03:09 2003 (3E7FFF2D)
f7567000 f7576000 raspppoe raspppoe.sys Fri Feb 16 23:59:23 2007 (45D699BB)
f7577000 f7580000 raspti raspti.sys Fri Feb 16 23:59:23 2007 (45D699BB)
f75b7000 f75c5000 imapi imapi.sys Sat Feb 17 00:08:22 2007 (45D69BD6)
f75d7000 f75e0000 ndistapi ndistapi.sys Fri Feb 16 23:59:19 2007 (45D699B7)
f7607000 f7612000 kbdclass kbdclass.sys Sat Feb 17 00:05:39 2007 (45D69B33)
f7617000 f7622000 ptilink ptilink.sys Sat Feb 17 00:06:38 2007 (45D69B6E)
f7637000 f7642000 fdc fdc.sys Sat Feb 17 00:07:16 2007 (45D69B94)
f7647000 f7651000 serenum serenum.sys Sat Feb 17 00:06:44 2007 (45D69B74)
f7657000 f7660000 watchdog watchdog.sys Sat Feb 17 00:11:45 2007 (45D69CA1)
f7667000 f7676000 termdd termdd.sys Fri Feb 16 23:44:32 2007 (45D69640)
f7687000 f7696000 intelppm intelppm.sys Fri Feb 16 23:48:30 2007 (45D6972E)
f76a7000 f76b3000 vgapnp vgapnp.sys Sat Feb 17 00:10:30 2007 (45D69C56)
f76b7000 f76c0000 mssmbios mssmbios.sys Fri Feb 16 23:59:12 2007 (45D699B0)
f7707000 f770f000 kdcom kdcom.dll Tue Mar 25 02:08:00 2003 (3E800050)
f770f000 f7717000 BOOTVID BOOTVID.dll Tue Mar 25 02:07:58 2003 (3E80004E)
f7717000 f771e000 pciide pciide.sys Tue Mar 25 02:04:46 2003 (3E7FFF8E)
f771f000 f7726000 dmload dmload.sys Tue Mar 25 02:08:08 2003 (3E800058)
f77a7000 f77ac180 usbuhci usbuhci.sys Sat Feb 17 00:13:02 2007 (45D69CEE)
f77b7000 f77bdb80 usbehci usbehci.sys Sat Feb 17 00:12:56 2007 (45D69CE8)
f77bf000 f77c7000 audstub audstub.sys Tue Mar 25 02:09:12 2003 (3E800098)
f7897000 f7899980 compbatt compbatt.sys Fri Feb 16 23:58:51 2007 (45D6999B)
f789b000 f789e900 BATTC BATTC.SYS Fri Feb 16 23:58:46 2007 (45D69996)
f79ab000 f79ac360 avgtdi avgtdi.sys Thu Aug 25 04:59:58 2005 (430D969E)
f79ed000 f79ee280 swenum swenum.sys Sat Feb 17 00:05:56 2007 (45D69B44)
f79ff000 f7a00580 USBD USBD.SYS Tue Mar 25 02:10:39 2003 (3E8000EF)
f7a93000 f7a94000 avgclean avgclean.sys Mon Dec 03 06:09:01 2007 (4753F1DD)
Unloaded modules:
ae392000 ae39e000 USBSTOR.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
af8aa000 af8b9000 DgiVecp.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f31a7000 f31b3000 USBSTOR.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f7677000 f7686000 DgiVecp.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f2e6c000 f2e78000 vga.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f2e7c000 f2e85000 kbdhid.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f3257000 f325f000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\debuglog.txt
The crash is caused by iastor.sys which is the driver for your Intel SATA controller. Try checking for the latest drivers. You can also check out this article. http://mitchgarvis.com/blogs/mitch/archive/2008/06/03/getting-past-iastor-sys-errors-in-vista-deployment-with-the-microsoft-deployment-toolkit.aspx
ASKER
Is it more likely a corrupt driver or possibly failing hard drive. We have 3 hard drives in a Raid 5 with a 4th as a spare. I guess it possibly could be spyware as well, but the server is not used for browsing and it does have protection. This is the first time this has happened since the new server was installed several months ago.
Thanks for the help.
Thanks for the help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Doasli:
What was your fix exactly? Drivers? I have been wrestling with the same issue but new drivers have not helped.
What was your fix exactly? Drivers? I have been wrestling with the same issue but new drivers have not helped.
ASKER
It's at a customer's location, so I'm not sure if they've had the error again. I accessed remoteley today, but didn't remember to check for that. I need to check and see if they are still having it. I need to look at my logs and see, but I may have updated the drivers. Too many things going on since to remember. If I do find anything that solved it, I'll let you know.