Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Need help interpreting Crash dump analysis

Posted on 2009-06-30
6
Medium Priority
?
507 Views
Last Modified: 2013-12-01
I have a win2k3 R2 SP2 server that randomly BSODs.  The only hardware I have tried replacing is the RAM chips though that doesn't seem to have made a difference.  I recently ran a crash dump analysis with Microsofts tool.  I have never used it before and am not very familiar with how to read it but my impression is it's a driver issue.  Any additional input would be appreciated, thanks.  Let me know if I need to submit something further to help.
Loading unloaded module list
.................
0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: d0000002, IRQL
Arg3: 00000008, value 0 = read operation, 1 = write operation
Arg4: 00000000, address which referenced memory
 
Debugging Details:
------------------
 
GetContextState failed, 0x80070026
Unable to read selector for PCR for processor 1
*** WARNING: Unable to verify timestamp for cdrom.sys
*** ERROR: Module load completed but symbols could not be loaded for cdrom.sys
GetContextState failed, 0x80070026
Unable to read selector for PCR for processor 1
 
READ_ADDRESS:  00000000 
 
CURRENT_IRQL:  2
 
FAULTING_IP: 
+1b9952f00e8dfe0
00000000 ??              ???
 
PROCESS_NAME:  Idle
 
DEFAULT_BUCKET_ID:  DRIVER_FAULT
 
BUGCHECK_STR:  0xD1
 
TRAP_FRAME:  8089a538 -- (.trap 0xffffffff8089a538)
ErrCode = 00000010
eax=89ecd000 ebx=00000000 ecx=ffdffa48 edx=ffdffa40 esi=8a544240 edi=ffdffa40
eip=00000000 esp=8089a5ac ebp=8089a600 iopl=0     vif nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00090246
00000000 ??              ???
Resetting default scope
 
LAST_CONTROL_TRANSFER:  from 00000000 to 8088c963
 
FAILED_INSTRUCTION_ADDRESS: 
+1b9952f00e8dfe0
00000000 ??              ???
 
STACK_TEXT:  
8089a538 00000000 badb0d00 ffdffa40 8a5188bc nt!KiTrap0E+0x2a7
WARNING: Frame IP not in any known module. Following frames may be wrong.
8089a5a8 808320f0 8a544240 00000000 b9c9e160 0x0
8089a600 8088de1f 00000000 0000000e 00000000 nt!KiRetireDpcList+0xca
8089a604 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x37
 
 
STACK_COMMAND:  kb
 
FOLLOWUP_IP: 
nt!KiTrap0E+2a7
8088c963 833da0628a8000  cmp     dword ptr [nt!KiFreezeFlag (808a62a0)],0
 
SYMBOL_STACK_INDEX:  0
 
SYMBOL_NAME:  nt!KiTrap0E+2a7
 
FOLLOWUP_NAME:  MachineOwner
 
MODULE_NAME: nt
 
IMAGE_NAME:  ntkrpamp.exe
 
DEBUG_FLR_IMAGE_TIMESTAMP:  45d69710
 
FAILURE_BUCKET_ID:  0xD1_CODE_AV_NULL_IP_nt!KiTrap0E+2a7
 
BUCKET_ID:  0xD1_CODE_AV_NULL_IP_nt!KiTrap0E+2a7
 
Followup: MachineOwner
---------

Open in new window

0
Comment
Question by:CyberDocSupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 71

Assisted Solution

by:Qlemo
Qlemo earned 1000 total points
ID: 24749421
Not very useful, that crash dump. The BSOD is caused by a driver, but as the information is almost completely invalid either the unknown driver corrupts memory (unlikely) or it is a memory failure. As you have exchanged RAM already, I'm stuck. Are you overclocking RAM?

If can get a hand on the next dump, compare it with this one. Should it show a completely different exception as D1, and/or changing module info, this confirms the suspicion. You should run a burn-in memory testing tool like MemTest86+ (http://www.memtest.org/) to make sure RAM and memory bus are ok.
0
 

Author Comment

by:CyberDocSupport
ID: 24750726
No overclocking on the memory.....I'll try something like memtest and keep an eye out for the next dump as well.
0
 

Author Comment

by:CyberDocSupport
ID: 24757175
Ran Memtest for 12+ hours with no errors reported.
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 71

Expert Comment

by:Qlemo
ID: 24757345
So we have to wait for the next crash, I reckon ...
0
 

Author Comment

by:CyberDocSupport
ID: 24758166
Seems that way.  The way things are going that won't be very long..........
0
 

Accepted Solution

by:
CyberDocSupport earned 0 total points
ID: 24825595
Turns out it was a motherboard problem.  Replacing it seems to have fixed the issue
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article we have discussed the manual scenarios to recover data from Windows 10 through some backup and recovery tools which are offered by it.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question