Virtual sbs 2008 keeps restarting.

Posted on 2011-02-23
Medium Priority
Last Modified: 2012-05-11
Im trying to look into what is causing this machine to restart randomly - I have attached the minidump file - any suggestions.

Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (4 procs) Free x64
Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS
Built by: 6002.18327.amd64fre.vistasp2_gdr.101014-0432
Machine Name:
Kernel base = 0xfffff800`01c14000 PsLoadedModuleList = 0xfffff800`01dd8dd0
Debug session time: Mon Feb 21 13:23:57.717 2011 (UTC + 0:00)
System Uptime: 0 days 1:42:30.201
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

Use !analyze -v to get detailed debugging information.

BugCheck 34, {5077c, fffffa6001bbb668, fffffa6001bbb040, fffffa60012e7dc4}

Probably caused by : Ntfs.sys ( Ntfs!NtfsFilterCallbackAcquireForCreateSection+24 )

Followup: MachineOwner

2: kd> !analyze -v
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

    See the comment for FAT_FILE_SYSTEM (0x23)
Arg1: 000000000005077c
Arg2: fffffa6001bbb668
Arg3: fffffa6001bbb040
Arg4: fffffa60012e7dc4

Debugging Details:

OVERLAPPED_MODULE: Address regions for 'Dxapi' and 'crashdmp.sys' overlap

EXCEPTION_RECORD:  fffffa6001bbb668 -- (.exr 0xfffffa6001bbb668)
ExceptionAddress: fffffa60012e7dc4 (Ntfs!NtfsFilterCallbackAcquireForCreateSection+0x0000000000000024)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 0000000000000010
Attempt to read from address 0000000000000010

CONTEXT:  fffffa6001bbb040 -- (.cxr 0xfffffa6001bbb040)
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa6001bbb978
rdx=0000000000000000 rsi=0000000000000126 rdi=fffffa6001bbb978
rip=fffffa60012e7dc4 rsp=fffffa6001bbb8a0 rbp=fffffa800aa4cce0
 r8=fffffa60012e7da0  r9=fffffa6001bbb940 r10=fffffa8009fdf4a0
r11=0000000000000000 r12=0000000000000000 r13=fffffa6001bbb970
r14=fffffa800aa4cc00 r15=0000000000000000
iopl=0         nv up ei ng nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010286
fffffa60`012e7dc4 48837b1000      cmp     qword ptr [rbx+10h],0 ds:002b:00000000`00000010=????????????????
Resetting default scope





ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  0000000000000010

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80001e3b080

fffffa60`012e7dc4 48837b1000      cmp     qword ptr [rbx+10h],0

fffffa60`012e7dc4 48837b1000      cmp     qword ptr [rbx+10h],0


LAST_CONTROL_TRANSFER:  from fffff80001c94c06 to fffffa60012e7dc4

fffffa60`01bbb8a0 fffff800`01c94c06 : fffffa60`01bbb978 fffffa60`01bbb900 fffffa80`0afdc030 f8800c9c`80980400 : Ntfs!NtfsFilterCallbackAcquireForCreateSection+0x24
fffffa60`01bbb8e0 fffff800`01eca795 : 00000000`00000000 00000000`00000000 fffffa60`01bbb978 fffffa60`012e7da0 : nt!FsFilterPerformCallbacks+0xce
fffffa60`01bbb940 fffff800`01c588ab : fffffa80`0ade2e30 00000000`00000000 fffffa80`0aa4cce0 00000000`00000000 : nt!FsRtlAcquireFileExclusiveCommon+0xe1
fffffa60`01bbbbe0 fffff800`01c58f0a : fffffa60`01966700 fffffa60`019667f0 fffffa60`00000000 00000000`00000000 : nt!CcWriteBehind+0x347
fffffa60`01bbbc70 fffff800`01c758c3 : fffffa80`09d40510 fffff800`01e118c0 fffffa80`0ae40400 00000000`00000000 : nt!CcWorkerThread+0x186
fffffa60`01bbbcf0 fffff800`01e78f77 : fffffa80`09d40510 00000000`00000000 fffffa80`09d2d040 00000000`00000080 : nt!ExpWorkerThread+0xfb
fffffa60`01bbbd50 fffff800`01cab636 : fffffa60`019d8180 fffffa80`09d2d040 fffffa60`019e1d40 fffffa80`09d2e138 : nt!PspSystemThreadStartup+0x57
fffffa60`01bbbd80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16


SYMBOL_NAME:  Ntfs!NtfsFilterCallbackAcquireForCreateSection+24

FOLLOWUP_NAME:  MachineOwner


IMAGE_NAME:  Ntfs.sys


STACK_COMMAND:  .cxr 0xfffffa6001bbb040 ; kb

FAILURE_BUCKET_ID:  X64_0x34_Ntfs!NtfsFilterCallbackAcquireForCreateSection+24

BUCKET_ID:  X64_0x34_Ntfs!NtfsFilterCallbackAcquireForCreateSection+24

Followup: MachineOwner

Question by:BCSOnline
  • 3

Expert Comment

ID: 34961082
Verify If you have another Active Directory master domain controller in same network, if you have, remove it

The small business server restarts due a rule of small business server product.

Author Comment

ID: 34961435
No this is not the case, but thank you for your input

Expert Comment

ID: 35299722
I am currently having this same issues and it is caused by Symantec Endpoint Protection Small Business Edition. Once SEP is uninstalled, which has to be done via Symantec Clean Sweep, the issue goes away. Symantec claimed that the newest build, 12.0.1001.95, would fix the issue but it does not. After the first BSOD I received, I booted into Safe Mode and SEP popped up saying the the File System Auto Protect was malfunctioning. I suspect that is the cause. I am currently about 30 minutes into being on-hold with Symantec's Tech support. I would use a different AV solution but my client purchased a 3 year license so they are stuck.

Accepted Solution

BCSOnline earned 0 total points
ID: 35747129
The servers were reinstalled

Author Closing Comment

ID: 35775459
We reinstalled the server

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Every once-in-a-while, when you try to add a XenServer host to the System Center Virtual Machine Manager console, it will generate a certificate error, and the XenServer host will not be added to Virtual Machine Manager: If you are experiencing t…
Microsoft Jet database engine errors can crop up out of nowhere to disrupt the working of the Exchange server. Decoding why a particular error occurs goes a long way in determining the right solution for it.
Watch the video to know how one can repair corrupt Exchange OST file effortlessly and convert OST emails to MS Outlook PST file format by using Kernel for OST to PST converter tool. It can convert OST to MSG, MBOX, EML to access them. It can migrate…
Did you know PowerShell can save you time with SaaS platforms? Simply leverage RESTfulAPIs to build your own PowerShell modules. These will kill repetitive tickets and tabs, using the command Invoke-RestMethod. Tune into this webinar to learn how…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question