System Error - Error code 000000d1, parameter1 00000000, parameter2 d0000002, parameter3 00000001, parameter4 b9915650.

Posted on 2009-04-24
Last Modified: 2012-05-06
We are getting the following errors on  our Exchange 2003 server.  We feel that they may be related to corrupt memory.  We have new modules on the way and will be installing next week. It is causing the server to blue screen and restart randomly.   Has anyone seen this before?  

Event Type:     Error
Event Source:   System Error
Event Category: (102)
Event ID:       1003
Date:           4/24/2009
Time:           8:36:20 AM
User:           N/A
Computer:       EXCHANGE
Error code 000000d1, parameter1 00000000, parameter2 d0000002, parameter3 00000001, parameter4 b9915650.

For more information, see Help and Support Center at
0000: 53 79 73 74 65 6d 20 45   System E
0008: 72 72 6f 72 20 20 45 72   rror  Er
0010: 72 6f 72 20 63 6f 64 65   ror code
0018: 20 30 30 30 30 30 30 64    000000d
0020: 31 20 20 50 61 72 61 6d   1  Param
0028: 65 74 65 72 73 20 30 30   eters 00
0030: 30 30 30 30 30 30 2c 20   000000,
0038: 64 30 30 30 30 30 30 32   d0000002
0040: 2c 20 30 30 30 30 30 30   , 000000
0048: 30 31 2c 20 62 39 39 31   01, b991
0050: 35 36 35 30               5650    

Event Type:     Warning
Event Source:   USER32
Event Category: None
Event ID:       1076
Date:           4/24/2009
Time:           8:36:12 AM
User:           CAPEFEARCOM\administrator
Computer:       EXCHANGE
The reason supplied by user CAPEFEARCOM\Administrator for the last unexpected shutdown of this computer is: Other (Unplanned)
 Reason Code: 0xa000000
 Bug ID:
 Bugcheck String:
 Comment: frozen screen

For more information, see Help and Support Center at
0000: 00 00 00 0a        
Question by:infranetsupport
    LVL 11

    Expert Comment

    It would be super if you could save and post the dump file to debug it. You can attempt to view it on your own. Simple instructions are here:

    My prediagnosis opinion, don't think it's ram. I seen the 0000..d1 error before and it always related to a driver/service that's crashing. Notorious ones are the symantec services (antivirus), raid controller drivers, like intel raid, etc. Some type of backup service like veritas..again from symantec..and others.

    You can view the dump file, and you'll usually see the offending file/service in there. Once I learned to use the debugging tools, the has been a godsend to help analyze.

    My personal opinion for future disaster prevention: Once a pc/server is running, leave automatic updates OFF. Windows want to update drivers for known items and at times it can just cause things to go haywire. I always do updates manually and I read each update to see what it does/fixes. Something crashes, you know the last thing done.

    I would browse thru event viewer, see if any logs hints toward the problems. Try to remember anything that was done/installed and problem started happening. If new driver, roll back. New software, uninstall it and/or go back to previous version see if it remedies problem. If so, check with manufacturer for any hotfixes/updates.

    Do standard quick maintenance on your own..chkdsk /f, oh and delete the pagefile.sys, some corrupted pagefiles causes havoc, especially when they are set static.  Boot into some type of dos environment, attrib -h -s -r pagefile.sys, then del pagefile.sys. Booting back in windows creates a new one.

    See if you can post debug from dump file.

    Author Comment


    Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
    Copyright (c) Microsoft Corporation. All rights reserved.

    Loading Dump File [C:\Documents and Settings\dbickel\Desktop\Mini042609-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    WARNING: Whitespace at end of path element
    Symbol search path is: SRV*c:\websymbols*
    Executable search path is:
    Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs) Free x86 compatible
    Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS
    Built by: 3790.srv03_sp2_gdr.090319-1204
    Machine Name:
    Kernel base = 0x80800000 PsLoadedModuleList = 0x808a6ea8
    Debug session time: Sun Apr 26 08:27:07.625 2009 (GMT-4)
    System Uptime: 0 days 23:57:16.671
    Loading Kernel Symbols
    Loading User Symbols
    Loading unloaded module list
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *

    Use !analyze -v to get detailed debugging information.

    BugCheck D1, {0, d0000002, 1, b9706650}

    Unable to load image \SystemRoot\system32\DRIVERS\tmtdi.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for tmtdi.sys
    *** ERROR: Module load completed but symbols could not be loaded for tmtdi.sys
    Probably caused by : tmtdi.sys ( tmtdi+1650 )

    Followup: MachineOwner
    LVL 11

    Accepted Solution

    Whats causing you to crash is that tmtdi.sys file, which seems to be related to Trend Micro, perhaps you using trendmicro antivirus?

    Here's a quick link on how to resolve it direct from TrendMicro:

    LVL 11

    Expert Comment

    Seems this issue came about december 2008, due to some servicepack/update, you'll find truth to that when you read the link.

    I would update using the patch from TrendMicro. Worst case scenario I would completely uninstall Trendmicro, download the latest uptodate version, reinstall it, and use the existing key.

    For a server, I would stick with Symantec Endpoint protection.

    Keep us posted.

    Author Closing Comment

    That seemed to work!  Thank you for the insight to the windbg program!
    LVL 11

    Expert Comment

    Glad you got it under controlled...I hate those darn updates/patches that load automatically, something goes haywire and we panic not knowing why :( I like to shut automatic updates off and do on my own, so I can backtrack in times of pc sickness. Take care!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    Basic understanding on "OO- Object Orientation" is needed for designing a logical solution to solve a problem. Basic OOAD is a prerequisite for a coder to ensure that they follow the basic design of OO. This would help developers to understand the b…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now