Solved

Need help interpreting Crash dump analysis

Posted on 2009-06-30
6
500 Views
Last Modified: 2013-12-01
I have a win2k3 R2 SP2 server that randomly BSODs.  The only hardware I have tried replacing is the RAM chips though that doesn't seem to have made a difference.  I recently ran a crash dump analysis with Microsofts tool.  I have never used it before and am not very familiar with how to read it but my impression is it's a driver issue.  Any additional input would be appreciated, thanks.  Let me know if I need to submit something further to help.
Loading unloaded module list
.................
0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: d0000002, IRQL
Arg3: 00000008, value 0 = read operation, 1 = write operation
Arg4: 00000000, address which referenced memory
 
Debugging Details:
------------------
 
GetContextState failed, 0x80070026
Unable to read selector for PCR for processor 1
*** WARNING: Unable to verify timestamp for cdrom.sys
*** ERROR: Module load completed but symbols could not be loaded for cdrom.sys
GetContextState failed, 0x80070026
Unable to read selector for PCR for processor 1
 
READ_ADDRESS:  00000000 
 
CURRENT_IRQL:  2
 
FAULTING_IP: 
+1b9952f00e8dfe0
00000000 ??              ???
 
PROCESS_NAME:  Idle
 
DEFAULT_BUCKET_ID:  DRIVER_FAULT
 
BUGCHECK_STR:  0xD1
 
TRAP_FRAME:  8089a538 -- (.trap 0xffffffff8089a538)
ErrCode = 00000010
eax=89ecd000 ebx=00000000 ecx=ffdffa48 edx=ffdffa40 esi=8a544240 edi=ffdffa40
eip=00000000 esp=8089a5ac ebp=8089a600 iopl=0     vif nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00090246
00000000 ??              ???
Resetting default scope
 
LAST_CONTROL_TRANSFER:  from 00000000 to 8088c963
 
FAILED_INSTRUCTION_ADDRESS: 
+1b9952f00e8dfe0
00000000 ??              ???
 
STACK_TEXT:  
8089a538 00000000 badb0d00 ffdffa40 8a5188bc nt!KiTrap0E+0x2a7
WARNING: Frame IP not in any known module. Following frames may be wrong.
8089a5a8 808320f0 8a544240 00000000 b9c9e160 0x0
8089a600 8088de1f 00000000 0000000e 00000000 nt!KiRetireDpcList+0xca
8089a604 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x37
 
 
STACK_COMMAND:  kb
 
FOLLOWUP_IP: 
nt!KiTrap0E+2a7
8088c963 833da0628a8000  cmp     dword ptr [nt!KiFreezeFlag (808a62a0)],0
 
SYMBOL_STACK_INDEX:  0
 
SYMBOL_NAME:  nt!KiTrap0E+2a7
 
FOLLOWUP_NAME:  MachineOwner
 
MODULE_NAME: nt
 
IMAGE_NAME:  ntkrpamp.exe
 
DEBUG_FLR_IMAGE_TIMESTAMP:  45d69710
 
FAILURE_BUCKET_ID:  0xD1_CODE_AV_NULL_IP_nt!KiTrap0E+2a7
 
BUCKET_ID:  0xD1_CODE_AV_NULL_IP_nt!KiTrap0E+2a7
 
Followup: MachineOwner
---------

Open in new window

0
Comment
Question by:CyberDocSupport
  • 4
  • 2
6 Comments
 
LVL 69

Assisted Solution

by:Qlemo
Qlemo earned 250 total points
ID: 24749421
Not very useful, that crash dump. The BSOD is caused by a driver, but as the information is almost completely invalid either the unknown driver corrupts memory (unlikely) or it is a memory failure. As you have exchanged RAM already, I'm stuck. Are you overclocking RAM?

If can get a hand on the next dump, compare it with this one. Should it show a completely different exception as D1, and/or changing module info, this confirms the suspicion. You should run a burn-in memory testing tool like MemTest86+ (http://www.memtest.org/) to make sure RAM and memory bus are ok.
0
 

Author Comment

by:CyberDocSupport
ID: 24750726
No overclocking on the memory.....I'll try something like memtest and keep an eye out for the next dump as well.
0
 

Author Comment

by:CyberDocSupport
ID: 24757175
Ran Memtest for 12+ hours with no errors reported.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 69

Expert Comment

by:Qlemo
ID: 24757345
So we have to wait for the next crash, I reckon ...
0
 

Author Comment

by:CyberDocSupport
ID: 24758166
Seems that way.  The way things are going that won't be very long..........
0
 

Accepted Solution

by:
CyberDocSupport earned 0 total points
ID: 24825595
Turns out it was a motherboard problem.  Replacing it seems to have fixed the issue
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now