Virtual sbs 2008 keeps restarting.

Posted on 2011-02-23
Last Modified: 2012-05-11
Im trying to look into what is causing this machine to restart randomly - I have attached the minidump file - any suggestions.

Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (4 procs) Free x64
Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS
Built by: 6002.18327.amd64fre.vistasp2_gdr.101014-0432
Machine Name:
Kernel base = 0xfffff800`01c14000 PsLoadedModuleList = 0xfffff800`01dd8dd0
Debug session time: Mon Feb 21 13:23:57.717 2011 (UTC + 0:00)
System Uptime: 0 days 1:42:30.201
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

Use !analyze -v to get detailed debugging information.

BugCheck 34, {5077c, fffffa6001bbb668, fffffa6001bbb040, fffffa60012e7dc4}

Probably caused by : Ntfs.sys ( Ntfs!NtfsFilterCallbackAcquireForCreateSection+24 )

Followup: MachineOwner

2: kd> !analyze -v
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

    See the comment for FAT_FILE_SYSTEM (0x23)
Arg1: 000000000005077c
Arg2: fffffa6001bbb668
Arg3: fffffa6001bbb040
Arg4: fffffa60012e7dc4

Debugging Details:

OVERLAPPED_MODULE: Address regions for 'Dxapi' and 'crashdmp.sys' overlap

EXCEPTION_RECORD:  fffffa6001bbb668 -- (.exr 0xfffffa6001bbb668)
ExceptionAddress: fffffa60012e7dc4 (Ntfs!NtfsFilterCallbackAcquireForCreateSection+0x0000000000000024)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 0000000000000010
Attempt to read from address 0000000000000010

CONTEXT:  fffffa6001bbb040 -- (.cxr 0xfffffa6001bbb040)
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa6001bbb978
rdx=0000000000000000 rsi=0000000000000126 rdi=fffffa6001bbb978
rip=fffffa60012e7dc4 rsp=fffffa6001bbb8a0 rbp=fffffa800aa4cce0
 r8=fffffa60012e7da0  r9=fffffa6001bbb940 r10=fffffa8009fdf4a0
r11=0000000000000000 r12=0000000000000000 r13=fffffa6001bbb970
r14=fffffa800aa4cc00 r15=0000000000000000
iopl=0         nv up ei ng nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010286
fffffa60`012e7dc4 48837b1000      cmp     qword ptr [rbx+10h],0 ds:002b:00000000`00000010=????????????????
Resetting default scope





ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  0000000000000010

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80001e3b080

fffffa60`012e7dc4 48837b1000      cmp     qword ptr [rbx+10h],0

fffffa60`012e7dc4 48837b1000      cmp     qword ptr [rbx+10h],0


LAST_CONTROL_TRANSFER:  from fffff80001c94c06 to fffffa60012e7dc4

fffffa60`01bbb8a0 fffff800`01c94c06 : fffffa60`01bbb978 fffffa60`01bbb900 fffffa80`0afdc030 f8800c9c`80980400 : Ntfs!NtfsFilterCallbackAcquireForCreateSection+0x24
fffffa60`01bbb8e0 fffff800`01eca795 : 00000000`00000000 00000000`00000000 fffffa60`01bbb978 fffffa60`012e7da0 : nt!FsFilterPerformCallbacks+0xce
fffffa60`01bbb940 fffff800`01c588ab : fffffa80`0ade2e30 00000000`00000000 fffffa80`0aa4cce0 00000000`00000000 : nt!FsRtlAcquireFileExclusiveCommon+0xe1
fffffa60`01bbbbe0 fffff800`01c58f0a : fffffa60`01966700 fffffa60`019667f0 fffffa60`00000000 00000000`00000000 : nt!CcWriteBehind+0x347
fffffa60`01bbbc70 fffff800`01c758c3 : fffffa80`09d40510 fffff800`01e118c0 fffffa80`0ae40400 00000000`00000000 : nt!CcWorkerThread+0x186
fffffa60`01bbbcf0 fffff800`01e78f77 : fffffa80`09d40510 00000000`00000000 fffffa80`09d2d040 00000000`00000080 : nt!ExpWorkerThread+0xfb
fffffa60`01bbbd50 fffff800`01cab636 : fffffa60`019d8180 fffffa80`09d2d040 fffffa60`019e1d40 fffffa80`09d2e138 : nt!PspSystemThreadStartup+0x57
fffffa60`01bbbd80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16


SYMBOL_NAME:  Ntfs!NtfsFilterCallbackAcquireForCreateSection+24

FOLLOWUP_NAME:  MachineOwner


IMAGE_NAME:  Ntfs.sys


STACK_COMMAND:  .cxr 0xfffffa6001bbb040 ; kb

FAILURE_BUCKET_ID:  X64_0x34_Ntfs!NtfsFilterCallbackAcquireForCreateSection+24

BUCKET_ID:  X64_0x34_Ntfs!NtfsFilterCallbackAcquireForCreateSection+24

Followup: MachineOwner

Question by:BCSOnline
  • 3

Expert Comment

ID: 34961082
Verify If you have another Active Directory master domain controller in same network, if you have, remove it

The small business server restarts due a rule of small business server product.

Author Comment

ID: 34961435
No this is not the case, but thank you for your input

Expert Comment

ID: 35299722
I am currently having this same issues and it is caused by Symantec Endpoint Protection Small Business Edition. Once SEP is uninstalled, which has to be done via Symantec Clean Sweep, the issue goes away. Symantec claimed that the newest build, 12.0.1001.95, would fix the issue but it does not. After the first BSOD I received, I booted into Safe Mode and SEP popped up saying the the File System Auto Protect was malfunctioning. I suspect that is the cause. I am currently about 30 minutes into being on-hold with Symantec's Tech support. I would use a different AV solution but my client purchased a 3 year license so they are stuck.

Accepted Solution

BCSOnline earned 0 total points
ID: 35747129
The servers were reinstalled

Author Closing Comment

ID: 35775459
We reinstalled the server

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Shared folder access timeout in Remote Web Access 4 67
SBS 2008 cannot logon remotely 7 55
gpupdate /force gives errors and warnings that never correct 17 56
aws pricing 2 43
Introduction In one of my previous articles (, I explained how to create a native Windows 2012 Cluster.  The metho…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
In a recent question ( here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now