Alex_Eremenko
asked on
Server 2008 rdbss.sys BSOD
I have a problem with Server 2008 Enterprise running on ESXi 3.5U3.
The only server role installed is Terminal Services.
I'm getting intermittent Blue Screens and cannot find the cause.
Other 2008VM's on the same host never experienced a BSOD.
The error is
DRIVER_IRQL_NOT_LESS_OR_EQ
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
Faulting Module: rdbss.sys.
Small dump is included.
It points to Adobe Reader at some point. However, I'm not a developer and can only guess....
Any help will be greatly appreciated.
Thanks,
Alex.
The only server role installed is Terminal Services.
I'm getting intermittent Blue Screens and cannot find the cause.
Other 2008VM's on the same host never experienced a BSOD.
The error is
DRIVER_IRQL_NOT_LESS_OR_EQ
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
Faulting Module: rdbss.sys.
Small dump is included.
It points to Adobe Reader at some point. However, I'm not a developer and can only guess....
Any help will be greatly appreciated.
Thanks,
Alex.
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00300086, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 8f8cb01c, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from 819416d8
Unable to read MiSystemVaType memory at 819222e0
00300086
CURRENT_IRQL: 2
FAULTING_IP:
rdbss!RxCancelRoutine+2b
8f8cb01c 8b02 mov eax,dword ptr [edx]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0xD1
PROCESS_NAME: AcroRd32.exe
LAST_CONTROL_TRANSFER: from 8184173f to 8f8cb01c
STACK_TEXT:
9ff7ac50 8184173f 86a5d630 87f4d428 81bc6226 rdbss!RxCancelRoutine+0x2b
9ff7ac7c 81a21402 87f4d428 87e8cab8 87de8998 nt!IoCancelIrp+0x83
9ff7aca8 81a20fc0 13230aa4 870328b8 87032658 nt!IoCancelThreadIo+0x3a
9ff7ad0c 81a21558 00000000 00000000 87032658 nt!PspExitThread+0x4bf
9ff7ad2c 819dd335 87032658 00000000 00000001 nt!PspTerminateThreadByPointer+0x5b
9ff7ad54 8186c97a 00000000 00000000 036efd14 nt!NtTerminateThread+0x74
9ff7ad54 77c99a94 00000000 00000000 036efd14 nt!KiFastCallEntry+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
036efd14 00000000 00000000 00000000 00000000 0x77c99a94
STACK_COMMAND: kb
FOLLOWUP_IP:
rdbss!RxCancelRoutine+2b
8f8cb01c 8b02 mov eax,dword ptr [edx]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: rdbss!RxCancelRoutine+2b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: rdbss
IMAGE_NAME: rdbss.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 47918a82
FAILURE_BUCKET_ID: 0xD1_rdbss!RxCancelRoutine+2b
BUCKET_ID: 0xD1_rdbss!RxCancelRoutine+2b
Followup: MachineOwner
---------
2: kd> lmvm rdbss
start end module name
8f8bf000 8f8fb000 rdbss (pdb symbols) C:\Program Files\Debugging Tools for Windows (x86)\sym\rdbss.pdb\7742D786868F409C8CB8545AFCA5AC022\rdbss.pdb
Loaded symbol image file: rdbss.sys
Mapped memory image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\rdbss.sys\47918A823c000\rdbss.sys
Image path: rdbss.sys
Image name: rdbss.sys
Timestamp: Sat Jan 19 00:28:34 2008 (47918A82)
CheckSum: 00039538
ImageSize: 0003C000
File version: 6.0.6001.18000
Product version: 6.0.6001.18000
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: rdbss.sys
OriginalFilename: RDBSS.Sys
ProductVersion: 6.0.6001.18000
FileVersion: 6.0.6001.18000 (longhorn_rtm.080118-1840)
FileDescription: Redirected Drive Buffering SubSystem Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
ASKER
Thanks for the reply.
I'm afraid it is not the acceptable solution not to have Adobe Reader on TS.
The latest version of Reader (9.1.0) is installed. I'll install all latest patches for Adobe tonight.
Anyway, it looks very strange. Such application shouldn't cause Blue Screen.
Server OS is fully updated.
Main problem is that server is already in production and service small branch that has only terminals installed.
If problem persists I'll bring the other server online and will monitor for occurrence.
Any other ideas will be appreciated.
Thanks,
Alex.
I'm afraid it is not the acceptable solution not to have Adobe Reader on TS.
The latest version of Reader (9.1.0) is installed. I'll install all latest patches for Adobe tonight.
Anyway, it looks very strange. Such application shouldn't cause Blue Screen.
Server OS is fully updated.
Main problem is that server is already in production and service small branch that has only terminals installed.
If problem persists I'll bring the other server online and will monitor for occurrence.
Any other ideas will be appreciated.
Thanks,
Alex.
Hi
i advised to uninstall adobe to rule out the possibility of adobe generating the fault as your dump shows adobe process running when rdbss.sys fault occurred.
first rule out that possibility and if problem still persists, we can work out other alternatives.
it is all about isolating probable problem areas using the logs
in the interim go through your event viewer and see if there are any application/system related errors.
revert back with the information
i advised to uninstall adobe to rule out the possibility of adobe generating the fault as your dump shows adobe process running when rdbss.sys fault occurred.
first rule out that possibility and if problem still persists, we can work out other alternatives.
it is all about isolating probable problem areas using the logs
in the interim go through your event viewer and see if there are any application/system related errors.
revert back with the information
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Brian,
I requested the hotfix and will perform the install tomorrow after the VM backup.
I hope it will help.
The server uptime is 37 hours now. It's really difficult to track this problem.
Regards,
Alex.
I requested the hotfix and will perform the install tomorrow after the VM backup.
I hope it will help.
The server uptime is 37 hours now. It's really difficult to track this problem.
Regards,
Alex.
ASKER
The server has been performing reliable since then...
I think MS should provide the link to the patch not only for HyperV users.
I think MS should provide the link to the patch not only for HyperV users.
For me (Windows Server 2008 R2 x64), upgrading to SP1 also fixed the issue.
i suggest you remove your existing acrobat reader and check if the problem persists.
in case your problem is solved by removing acrobat reader, u can install latest version of the reader on your PC
revert back if this does not solve your problem