stingcctv
asked on
SBS 2003 Crashing Once or Twice a Day
Here is just one of the mini dumps, I'm leaning towards bad RAM, what do you guys think?
Loading Dump File [C:\WINDOWS\Minidump\Mini0 52509-01.d mp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\WINDOWS\Symbols
Executable search path is: C:\WINDOWS\i386
Unable to load image \WINDOWS\system32\ntkrnlpa .exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS
Machine Name:
Kernel base = 0x80800000 PsLoadedModuleList = 0x808a8ec8
Debug session time: Mon May 25 11:00:19.985 2009 (GMT-7)
System Uptime: 1 days 0:37:04.326
Unable to load image \WINDOWS\system32\ntkrnlpa .exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
Loading Kernel Symbols
.......................... .......... .......... .......... .......
.......................... .......... .......... .......... ........
.......
Loading User Symbols
Loading unloaded module list
......
************************** ********** ********** ********** ********** ********** ***
* *
* Bugcheck Analysis *
* *
************************** ********** ********** ********** ********** ********** ***
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, 8096d931, b72abac0, 0}
Probably caused by : ntkrnlpa.exe ( nt!NtSetInformationToken+a 1b )
Followup: MachineOwner
---------
0: kd> !analyze -v
************************** ********** ********** ********** ********** ********** ***
* *
* Bugcheck Analysis *
* *
************************** ********** ********** ********** ********** ********** ***
KERNEL_MODE_EXCEPTION_NOT_ HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8096d931, The address that the exception occurred at
Arg3: b72abac0, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
nt!NtSetInformationToken+a 1b
8096d931 ?? ???
TRAP_FRAME: b72abac0 -- (.trap 0xffffffffb72abac0)
ErrCode = 00000002
eax=000000ce ebx=00000000 ecx=b72abb78 edx=00000000 esi=88cf05e8 edi=8b57c778
eip=8096d931 esp=b72abb34 ebp=b72abb38 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
nt!NtSetInformationToken+0 xa1b:
8096d931 ?? ???
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDU MP
BUGCHECK_STR: 0x8E
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 8093a9e1 to 8096d931
STACK_TEXT:
b72abb38 8093a9e1 e13cdc18 88cf0604 00000001 nt!NtSetInformationToken+0 xa1b
b72abb84 80937551 e13a3808 88cf05e8 00000001 nt!NtPowerInformation+0x48 3
b72abc48 80937b7c 00000001 895e4d88 e13a3808 nt!PopCreateHiberFile+0x10 7
b72abca8 80935f38 00000001 e13a3808 e1575210 nt!PopAllocateHiberContext +0x122
b72abcac 00000000 e13a3808 e1575210 88cf05e8 nt!ObSetDirectoryDeviceMap +0x8
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!NtSetInformationToken+a 1b
8096d931 ?? ???
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!NtSetInformationToken+a 1b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlpa.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4975cfa9
FAILURE_BUCKET_ID: 0x8E_nt!NtSetInformationTo ken+a1b
BUCKET_ID: 0x8E_nt!NtSetInformationTo ken+a1b
Followup: MachineOwner
---------
Loading Dump File [C:\WINDOWS\Minidump\Mini0
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\WINDOWS\Symbols
Executable search path is: C:\WINDOWS\i386
Unable to load image \WINDOWS\system32\ntkrnlpa
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS
Machine Name:
Kernel base = 0x80800000 PsLoadedModuleList = 0x808a8ec8
Debug session time: Mon May 25 11:00:19.985 2009 (GMT-7)
System Uptime: 1 days 0:37:04.326
Unable to load image \WINDOWS\system32\ntkrnlpa
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
Loading Kernel Symbols
..........................
..........................
.......
Loading User Symbols
Loading unloaded module list
......
**************************
* *
* Bugcheck Analysis *
* *
**************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, 8096d931, b72abac0, 0}
Probably caused by : ntkrnlpa.exe ( nt!NtSetInformationToken+a
Followup: MachineOwner
---------
0: kd> !analyze -v
**************************
* *
* Bugcheck Analysis *
* *
**************************
KERNEL_MODE_EXCEPTION_NOT_
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8096d931, The address that the exception occurred at
Arg3: b72abac0, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
nt!NtSetInformationToken+a
8096d931 ?? ???
TRAP_FRAME: b72abac0 -- (.trap 0xffffffffb72abac0)
ErrCode = 00000002
eax=000000ce ebx=00000000 ecx=b72abb78 edx=00000000 esi=88cf05e8 edi=8b57c778
eip=8096d931 esp=b72abb34 ebp=b72abb38 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
nt!NtSetInformationToken+0
8096d931 ?? ???
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDU
BUGCHECK_STR: 0x8E
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 8093a9e1 to 8096d931
STACK_TEXT:
b72abb38 8093a9e1 e13cdc18 88cf0604 00000001 nt!NtSetInformationToken+0
b72abb84 80937551 e13a3808 88cf05e8 00000001 nt!NtPowerInformation+0x48
b72abc48 80937b7c 00000001 895e4d88 e13a3808 nt!PopCreateHiberFile+0x10
b72abca8 80935f38 00000001 e13a3808 e1575210 nt!PopAllocateHiberContext
b72abcac 00000000 e13a3808 e1575210 88cf05e8 nt!ObSetDirectoryDeviceMap
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!NtSetInformationToken+a
8096d931 ?? ???
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!NtSetInformationToken+a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlpa.exe
DEBUG_FLR_IMAGE_TIMESTAMP:
FAILURE_BUCKET_ID: 0x8E_nt!NtSetInformationTo
BUCKET_ID: 0x8E_nt!NtSetInformationTo
Followup: MachineOwner
---------
ASKER
I've ran memtest, and the RAM appears to be fine. The Server itself is already using the minimum amount of hardware needed to function on a daily basis. I can't take the server offline too long, because the company needs this in place to function. Any ideas on narrowing it down? Here's another minidump I had the other day...
Loading Dump File [C:\WINDOWS\Minidump\Mini0 52209-01.d mp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\WINDOWS\Symbols
Executable search path is: C:\WINDOWS\i386
Unable to load image \WINDOWS\system32\ntkrnlpa .exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS
Machine Name:
Kernel base = 0x80800000 PsLoadedModuleList = 0x808a8ec8
Debug session time: Fri May 22 14:25:59.561 2009 (GMT-7)
System Uptime: 1 days 6:03:12.034
Unable to load image \WINDOWS\system32\ntkrnlpa .exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
Loading Kernel Symbols
.......................... .......... .......... .......... .......
.......................... .......... .......... .......... ........
..........
Loading User Symbols
Loading unloaded module list
.............
*** WARNING: Unable to verify timestamp for afd.sys
************************** ********** ********** ********** ********** ********** ***
* *
* Bugcheck Analysis *
* *
************************** ********** ********** ********** ********** ********** ***
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, b9782257, b8337b70, 0}
Probably caused by : afd.sys ( afd!AfdPoll+196 )
Followup: MachineOwner
---------
0: kd> !analyze -v
************************** ********** ********** ********** ********** ********** ***
* *
* Bugcheck Analysis *
* *
************************** ********** ********** ********** ********** ********** ***
KERNEL_MODE_EXCEPTION_NOT_ HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: b9782257, The address that the exception occurred at
Arg3: b8337b70, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
afd!AfdPoll+196
b9782257 ?? ???
TRAP_FRAME: b8337b70 -- (.trap 0xffffffffb8337b70)
ErrCode = 00000003
eax=88c5d458 ebx=00000000 ecx=894b2ef0 edx=00002660 esi=01000000 edi=89934788
eip=b9782257 esp=b8337be4 ebp=b8337c2c iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286
afd!AfdPoll+0x196:
b9782257 ?? ???
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDU MP
BUGCHECK_STR: 0x8E
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from b9781097 to b9782257
STACK_TEXT:
b8337c2c b9781097 89934788 8a908748 b8337c50 afd!AfdPoll+0x196
b8337c3c 8081e087 8a90b4c0 89934788 8888fc38 afd!AfdDispatchDeviceContr ol+0x53
b8337c50 808f7601 89934864 89824410 89934788 nt!IoCsqRemoveNextIrp+0x25
b8337c64 808f8389 8a90b4c0 89934788 89824410 nt!IopRemoveDeviceInterfac es+0x1fb
b8337d00 808f0eea 00000ce0 00002764 00000000 nt!IopNotifyHwProfileChang e+0xd3
b8337d34 8088b17b 00000ce0 00002764 00000000 nt!IopParseDevice+0xa04
b8337d64 7c8285ec badb0d00 0177fcc0 00000000 nt!MiAllocatePoolPages+0x1 175
WARNING: Frame IP not in any known module. Following frames may be wrong.
b8337d70 00000000 00000000 00000000 00000000 0x7c8285ec
STACK_COMMAND: kb
FOLLOWUP_IP:
afd!AfdPoll+196
b9782257 ?? ???
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: afd!AfdPoll+196
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: afd
IMAGE_NAME: afd.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 48f76164
FAILURE_BUCKET_ID: 0x8E_afd!AfdPoll+196
BUCKET_ID: 0x8E_afd!AfdPoll+196
Followup: MachineOwner
---------
Loading Dump File [C:\WINDOWS\Minidump\Mini0
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\WINDOWS\Symbols
Executable search path is: C:\WINDOWS\i386
Unable to load image \WINDOWS\system32\ntkrnlpa
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS
Machine Name:
Kernel base = 0x80800000 PsLoadedModuleList = 0x808a8ec8
Debug session time: Fri May 22 14:25:59.561 2009 (GMT-7)
System Uptime: 1 days 6:03:12.034
Unable to load image \WINDOWS\system32\ntkrnlpa
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
Loading Kernel Symbols
..........................
..........................
..........
Loading User Symbols
Loading unloaded module list
.............
*** WARNING: Unable to verify timestamp for afd.sys
**************************
* *
* Bugcheck Analysis *
* *
**************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, b9782257, b8337b70, 0}
Probably caused by : afd.sys ( afd!AfdPoll+196 )
Followup: MachineOwner
---------
0: kd> !analyze -v
**************************
* *
* Bugcheck Analysis *
* *
**************************
KERNEL_MODE_EXCEPTION_NOT_
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: b9782257, The address that the exception occurred at
Arg3: b8337b70, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
afd!AfdPoll+196
b9782257 ?? ???
TRAP_FRAME: b8337b70 -- (.trap 0xffffffffb8337b70)
ErrCode = 00000003
eax=88c5d458 ebx=00000000 ecx=894b2ef0 edx=00002660 esi=01000000 edi=89934788
eip=b9782257 esp=b8337be4 ebp=b8337c2c iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286
afd!AfdPoll+0x196:
b9782257 ?? ???
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDU
BUGCHECK_STR: 0x8E
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from b9781097 to b9782257
STACK_TEXT:
b8337c2c b9781097 89934788 8a908748 b8337c50 afd!AfdPoll+0x196
b8337c3c 8081e087 8a90b4c0 89934788 8888fc38 afd!AfdDispatchDeviceContr
b8337c50 808f7601 89934864 89824410 89934788 nt!IoCsqRemoveNextIrp+0x25
b8337c64 808f8389 8a90b4c0 89934788 89824410 nt!IopRemoveDeviceInterfac
b8337d00 808f0eea 00000ce0 00002764 00000000 nt!IopNotifyHwProfileChang
b8337d34 8088b17b 00000ce0 00002764 00000000 nt!IopParseDevice+0xa04
b8337d64 7c8285ec badb0d00 0177fcc0 00000000 nt!MiAllocatePoolPages+0x1
WARNING: Frame IP not in any known module. Following frames may be wrong.
b8337d70 00000000 00000000 00000000 00000000 0x7c8285ec
STACK_COMMAND: kb
FOLLOWUP_IP:
afd!AfdPoll+196
b9782257 ?? ???
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: afd!AfdPoll+196
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: afd
IMAGE_NAME: afd.sys
DEBUG_FLR_IMAGE_TIMESTAMP:
FAILURE_BUCKET_ID: 0x8E_afd!AfdPoll+196
BUCKET_ID: 0x8E_afd!AfdPoll+196
Followup: MachineOwner
---------
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://ultimatebootcd.com
Your crash dump though is more likely caused by other hardware or a bad driver, but I can't see any driver referenced in your dump. Remove all hardware from the server that is removable and check if the issue continues. Often a BIOS upgrade can also help with this issue.