SBS 2003 Crashing Once or Twice a Day

Here is just one of the mini dumps, I'm leaning towards bad RAM, what do you guys think?


Loading Dump File [C:\WINDOWS\Minidump\Mini052509-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: C:\WINDOWS\Symbols
Executable search path is: C:\WINDOWS\i386
Unable to load image \WINDOWS\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS
Machine Name:
Kernel base = 0x80800000 PsLoadedModuleList = 0x808a8ec8
Debug session time: Mon May 25 11:00:19.985 2009 (GMT-7)
System Uptime: 1 days 0:37:04.326
Unable to load image \WINDOWS\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
Loading Kernel Symbols
...............................................................
................................................................
.......
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 8096d931, b72abac0, 0}

Probably caused by : ntkrnlpa.exe ( nt!NtSetInformationToken+a1b )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8096d931, The address that the exception occurred at
Arg3: b72abac0, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
nt!NtSetInformationToken+a1b
8096d931 ??              ???

TRAP_FRAME:  b72abac0 -- (.trap 0xffffffffb72abac0)
ErrCode = 00000002
eax=000000ce ebx=00000000 ecx=b72abb78 edx=00000000 esi=88cf05e8 edi=8b57c778
eip=8096d931 esp=b72abb34 ebp=b72abb38 iopl=0         nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010202
nt!NtSetInformationToken+0xa1b:
8096d931 ??              ???
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP

BUGCHECK_STR:  0x8E

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 8093a9e1 to 8096d931

STACK_TEXT:  
b72abb38 8093a9e1 e13cdc18 88cf0604 00000001 nt!NtSetInformationToken+0xa1b
b72abb84 80937551 e13a3808 88cf05e8 00000001 nt!NtPowerInformation+0x483
b72abc48 80937b7c 00000001 895e4d88 e13a3808 nt!PopCreateHiberFile+0x107
b72abca8 80935f38 00000001 e13a3808 e1575210 nt!PopAllocateHiberContext+0x122
b72abcac 00000000 e13a3808 e1575210 88cf05e8 nt!ObSetDirectoryDeviceMap+0x8


STACK_COMMAND:  kb

FOLLOWUP_IP:
nt!NtSetInformationToken+a1b
8096d931 ??              ???

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt!NtSetInformationToken+a1b

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlpa.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4975cfa9

FAILURE_BUCKET_ID:  0x8E_nt!NtSetInformationToken+a1b

BUCKET_ID:  0x8E_nt!NtSetInformationToken+a1b

Followup: MachineOwner
---------
stingcctvAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rindiCommented:
The best way to check your RAM is by testing it using memtest86+, which you'll find on the UBCD.

http://ultimatebootcd.com

Your crash dump though is more likely caused by other hardware or a bad driver, but I can't see any driver referenced in your dump. Remove all hardware from the server that is removable and check if the issue continues. Often a BIOS upgrade can also help with this issue.
0
stingcctvAuthor Commented:
I've ran memtest, and the RAM appears to be fine. The Server itself is already using the minimum amount of hardware needed to function on a daily basis. I can't take the server offline too long, because the company needs this in place to function. Any ideas on narrowing it down? Here's another minidump I had the other day...

Loading Dump File [C:\WINDOWS\Minidump\Mini052209-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: C:\WINDOWS\Symbols
Executable search path is: C:\WINDOWS\i386
Unable to load image \WINDOWS\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS
Machine Name:
Kernel base = 0x80800000 PsLoadedModuleList = 0x808a8ec8
Debug session time: Fri May 22 14:25:59.561 2009 (GMT-7)
System Uptime: 1 days 6:03:12.034
Unable to load image \WINDOWS\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
Loading Kernel Symbols
...............................................................
................................................................
..........
Loading User Symbols
Loading unloaded module list
.............
*** WARNING: Unable to verify timestamp for afd.sys
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, b9782257, b8337b70, 0}

Probably caused by : afd.sys ( afd!AfdPoll+196 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: b9782257, The address that the exception occurred at
Arg3: b8337b70, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
afd!AfdPoll+196
b9782257 ??              ???

TRAP_FRAME:  b8337b70 -- (.trap 0xffffffffb8337b70)
ErrCode = 00000003
eax=88c5d458 ebx=00000000 ecx=894b2ef0 edx=00002660 esi=01000000 edi=89934788
eip=b9782257 esp=b8337be4 ebp=b8337c2c iopl=0         nv up ei ng nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010286
afd!AfdPoll+0x196:
b9782257 ??              ???
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP

BUGCHECK_STR:  0x8E

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from b9781097 to b9782257

STACK_TEXT:  
b8337c2c b9781097 89934788 8a908748 b8337c50 afd!AfdPoll+0x196
b8337c3c 8081e087 8a90b4c0 89934788 8888fc38 afd!AfdDispatchDeviceControl+0x53
b8337c50 808f7601 89934864 89824410 89934788 nt!IoCsqRemoveNextIrp+0x25
b8337c64 808f8389 8a90b4c0 89934788 89824410 nt!IopRemoveDeviceInterfaces+0x1fb
b8337d00 808f0eea 00000ce0 00002764 00000000 nt!IopNotifyHwProfileChange+0xd3
b8337d34 8088b17b 00000ce0 00002764 00000000 nt!IopParseDevice+0xa04
b8337d64 7c8285ec badb0d00 0177fcc0 00000000 nt!MiAllocatePoolPages+0x1175
WARNING: Frame IP not in any known module. Following frames may be wrong.
b8337d70 00000000 00000000 00000000 00000000 0x7c8285ec


STACK_COMMAND:  kb

FOLLOWUP_IP:
afd!AfdPoll+196
b9782257 ??              ???

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  afd!AfdPoll+196

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: afd

IMAGE_NAME:  afd.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  48f76164

FAILURE_BUCKET_ID:  0x8E_afd!AfdPoll+196

BUCKET_ID:  0x8E_afd!AfdPoll+196

Followup: MachineOwner
---------

0
rindiCommented:
That dump points to the afd.sys driver, which as far as I know has something to do with winsock. You might want to try running the system file checker (sfc/ scannow) to replace corrupt system files (you need the windows installation CD for that, and should also rerun the windows updates afterwards).

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.