RDP causes blue screen

odewulf
odewulf used Ask the Experts™
on
when I tried to RDP to 2 of our HP workstations, I just got the blue screen. It works fine on the 3rd PC (same model and installation).

here is the dump file:

Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [\\EMBARCADERO\RedirectedFolders\gaetanbarthelemy\My Documents\Business\techlinea\Mini012210-05.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\WINDOWS\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090804-1435
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805634c0
Debug session time: Fri Jan 22 11:27:21.406 2010 (GMT-8)
System Uptime: 0 days 0:02:42.421
Loading Kernel Symbols
.................................................................................................................................
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000007F, {8, f771fd70, 0, 0}

Probably caused by : ntkrnlmp.exe ( nt!KiTrap0E+be )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: f771fd70
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------


BUGCHECK_STR:  0x7f_8

CUSTOMER_CRASH_COUNT:  5

DEFAULT_BUCKET_ID:  COMMON_SYSTEM_FAULT

PROCESS_NAME:  csrss.exe

TRAP_FRAME:  b6d2f248 -- (.trap 0xffffffffb6d2f248)
ErrCode = 00000000
eax=c0300c00 ebx=8a956da0 ecx=8a956e6c edx=e1ca0066 esi=c0300c00 edi=c0300c00
eip=804e9cde esp=b6d2f2bc ebp=b6d2f2f0 iopl=0         nv up ei ng nz ac pe cy
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010297
nt!MmAccessFault+0x11a:
804e9cde f60701          test    byte ptr [edi],1           ds:0023:c0300c00=67
Resetting default scope

LAST_CONTROL_TRANSFER:  from 804e9cde to 804e0932

STACK_TEXT:  
b6d2f008 804e9cde badb0d00 e1ca0066 00000000 nt!KiTrap0E+0xbe
b6d2f0b0 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d2f0b0 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d2f170 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d2f170 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d2f230 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d2f230 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d2f2f0 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d2f2f0 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d2f3b0 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d2f3b0 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d2f470 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d2f470 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d2f530 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d2f530 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d2f5f0 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d2f5f0 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d2f6b0 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d2f6b0 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d2f770 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d2f770 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d2f830 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d2f830 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d2f8f0 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d2f8f0 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d2f9b0 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d2f9b0 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d2fa70 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d2fa70 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d2fb30 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d2fb30 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d2fbf0 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d2fbf0 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d2fcb0 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d2fcb0 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d2fd70 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d2fd70 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d2fe30 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d2fe30 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d2fef0 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d2fef0 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d2ffb0 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d2ffb0 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d30070 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d30070 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d30130 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d30130 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d301f0 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d301f0 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d302b0 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d302b0 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d30370 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d30370 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d30430 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d30430 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d304f0 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d304f0 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d305b0 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d305b0 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d30670 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d30670 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d30730 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d30730 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d307f0 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d307f0 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d308b0 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d308b0 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d30970 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d30970 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d30a30 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d30a30 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d30af0 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d30af0 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0
b6d30bb0 804e0944 00000000 c0300c00 00000000 nt!MmAccessFault+0x11a
b6d30bb0 804e9cde 00000000 c0300c00 00000000 nt!KiTrap0E+0xd0


STACK_COMMAND:  kb

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

FOLLOWUP_NAME:  MachineOwner

DEBUG_FLR_IMAGE_TIMESTAMP:  4a784ff9

FOLLOWUP_IP:
nt!KiTrap0E+be
804e0932 57              push    edi

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt!KiTrap0E+be

FAILURE_BUCKET_ID:  TRAP_FRAME_RECURSION

BUCKET_ID:  TRAP_FRAME_RECURSION

Followup: MachineOwner
---------

2: kd> lmvm nt
start    end        module name
804d7000 806ff000   nt       # (pdb symbols)          C:\WINDOWS\Symbols\ntkrnlmp.pdb\46DFBE2D3E484140A0909F7519B1700A2\ntkrnlmp.pdb
    Loaded symbol image file: ntkrnlmp.exe
    Mapped memory image file: C:\WINDOWS\Symbols\ntkrnlmp.exe\4A784FF9228000\ntkrnlmp.exe
    Image path: ntkrnlmp.exe
    Image name: ntkrnlmp.exe
    Timestamp:        Tue Aug 04 08:12:57 2009 (4A784FF9)
    CheckSum:         0020EBC7
    ImageSize:        00228000
    File version:     5.1.2600.5857
    Product version:  5.1.2600.5857
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        1.0 App
    File date:        00000000.00000000
    Translations:     0804.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft(R) Windows(R) Operating System
    InternalName:     ntkrnlmp.exe
    OriginalFilename: ntkrnlmp.exe
    ProductVersion:   5.1.2600.5857
    FileVersion:      5.1.2600.5857 (xpsp_sp3_gdr.090804-1435)
    FileDescription:  NT Kernel & System
    LegalCopyright:   (C) Microsoft Corporation. All rights reserved.


I ran a full virus and spyware scan and it came clean. I run a memory check and it was ok as well.
I updated windows drivers and PC drivers.
not sure what else to do here.
thanks for your help
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Try to tweak display settings, and see if that matters.
make sure you have the latest drivers of the display adapters.
Most Valuable Expert 2011
Top Expert 2011

Commented:
lmvm rdpdr.sys

ln f771fd70

And you got the BSOD on the HOST, or the one RDPing to?

Any device redirection? If so, tried without?
Premkumar YogeswaranSr. Analyst - System Administrator

Commented:
This could be because of Virus problem
Check this EE post below for the same.
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_22397953.html

You could try at least two of these free on-line virus scanners to remove the last remnants of virus Trojan.Muldrop.
http://housecall.trendmicro.com
http://www.grisoft.com/us/us_dwnl_free.php
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://www.avast.com/i_kat_207.php?lang=ENG

Or this online Trojan scanner "a-squared Free":
http://www.emsisoft.com/en/software/free/

Another option is try the 'Stinger' which is a utility that cleans the system of viruses, that block anti virus software.  Download with details here:
http://vil.nai.com/vil/stinger/
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

odewulfPresident

Author

Commented:
it causes the blue screen on the computer I am trying to remote to.

thanks Premgltiz, I saw that post and ran a few AV but no luck. I am going to try the stinger

I will work on some hardware solutions maybe this morning. I keep you updated

thanks
If you have an Nvidia graphics card, i would update the drivers.  Check in device manager under display adapters and see if that's the case.  You can download the latest version from here:

http://www.nvidia.com/page/drivers.html
odewulfPresident

Author

Commented:
thanks a lot

that worked perfectly. the drivers were not that old (beginning on 2009) but I guess it was in conflict with something else

have a great weekend

Gaetan

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial