troubleshooting Question

network machines crashing

Avatar of coloughl
coloughl asked on
Microsoft Legacy OS
6 Comments1 Solution699 ViewsLast Modified:
I am having a ongoing problem with machines crashing on two different client sites. Not all the machines on the site will crash but the same ones seam to do it maybe once a day or once every 2 days. The machines are all XP and have been patched completely and run for virus and spyware. Both sites are running 2003 server. The machines will crash at the same time or nearly the same time on each machine. I have formatted one of the affected machines and it seemed to be better for a while but is the same as the rest now.  I have the dump file attached.

I would be really grateful of any assistance on this as I am all out of ideas.


Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Debug file\Mini092810-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: C:\Debug file\symbol\xp sp3
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x80554040
Debug session time: Tue Sep 28 14:57:38.580 2010 (UTC + 1:00)
System Uptime: 1 days 2:13:55.915
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
..................................................
Loading User Symbols
Loading unloaded module list
.................................
Unable to load image netbt.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for netbt.sys
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000D1, {45b3f50, 2, 0, ee7ac817}

Unable to load image avgtdix.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for avgtdix.sys
*** ERROR: Module load completed but symbols could not be loaded for avgtdix.sys
Probably caused by : netbt.sys ( netbt!Inbound+2c )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 045b3f50, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: ee7ac817, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS:  045b3f50

CURRENT_IRQL:  2

FAULTING_IP:
netbt!Inbound+2c
ee7ac817 8a00            mov     al,byte ptr [eax]

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0xD1

PROCESS_NAME:  avgnsx.exe

LAST_CONTROL_TRANSFER:  from ee7a1a67 to ee7ac817

STACK_TEXT:  
ebc9aae8 ee7a1a67 84973288 84b00670 00000820 netbt!Inbound+0x2c
ebc9ab24 ee81ae56 84973288 84b00600 00000820 netbt!TdiReceiveHandler+0x4a7
WARNING: Stack unwind information not available. Following frames may be wrong.
ebc9ab84 ee81b1ac 00e45430 00000000 ba6b47d4 avgtdix+0x4e56
ebc9ab9c ee81bcd1 00e45430 ba6b47d4 00000002 avgtdix+0x51ac
ebc9abd8 ee8172a4 83d415f8 849f4028 84528da0 avgtdix+0x5cd1
ebc9ac24 ee81957f 8456ea28 83d415f8 ebc9ac58 avgtdix+0x12a4
ebc9ac34 804ee129 8456ea28 83d415f8 806d22d0 avgtdix+0x357f
ebc9ac58 80575c71 8456ea28 83d415f8 849f4028 nt!CcLazyWriteScan+0x398
ebc9ad00 8056e4de 00000268 000002bc 00000000 nt!RtlpNewSecurityObject+0x2eb
ebc9ad34 8053d668 00000268 000002bc 00000000 nt!MiQueryAddressState+0x5f
ebc9ad64 7c90e514 badb0d00 010ffd30 00000000 nt!PoRegisterDeviceNotify+0x15
ebc9ad80 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND:  kb

FOLLOWUP_IP:
netbt!Inbound+2c
ee7ac817 8a00            mov     al,byte ptr [eax]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  netbt!Inbound+2c

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: netbt

IMAGE_NAME:  netbt.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  48025d1b

FAILURE_BUCKET_ID:  0xD1_netbt!Inbound+2c

BUCKET_ID:  0xD1_netbt!Inbound+2c

Followup: MachineOwner
---------

kd> lmvm netbt
start    end        module name
ee7a0000 ee7c7c00   netbt    M (pdb symbols)          c:\debug file\symbol\xp sp3\sys\netbt.pdb
    Loaded symbol image file: netbt.sys
    Image path: netbt.sys
    Image name: netbt.sys
    Timestamp:        Sun Apr 13 20:20:59 2008 (48025D1B)
    CheckSum:         0002FE7A
    ImageSize:        00027C00
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4


thanks
Conor
Mini092810-01.dmp
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 6 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 6 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros