Virtual sbs 2008 keeps restarting.

Posted on 2011-02-23
Last Modified: 2012-05-11
Im trying to look into what is causing this machine to restart randomly - I have attached the minidump file - any suggestions.

Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (4 procs) Free x64
Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS
Built by: 6002.18327.amd64fre.vistasp2_gdr.101014-0432
Machine Name:
Kernel base = 0xfffff800`01c14000 PsLoadedModuleList = 0xfffff800`01dd8dd0
Debug session time: Mon Feb 21 13:23:57.717 2011 (UTC + 0:00)
System Uptime: 0 days 1:42:30.201
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

Use !analyze -v to get detailed debugging information.

BugCheck 34, {5077c, fffffa6001bbb668, fffffa6001bbb040, fffffa60012e7dc4}

Probably caused by : Ntfs.sys ( Ntfs!NtfsFilterCallbackAcquireForCreateSection+24 )

Followup: MachineOwner

2: kd> !analyze -v
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

    See the comment for FAT_FILE_SYSTEM (0x23)
Arg1: 000000000005077c
Arg2: fffffa6001bbb668
Arg3: fffffa6001bbb040
Arg4: fffffa60012e7dc4

Debugging Details:

OVERLAPPED_MODULE: Address regions for 'Dxapi' and 'crashdmp.sys' overlap

EXCEPTION_RECORD:  fffffa6001bbb668 -- (.exr 0xfffffa6001bbb668)
ExceptionAddress: fffffa60012e7dc4 (Ntfs!NtfsFilterCallbackAcquireForCreateSection+0x0000000000000024)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 0000000000000010
Attempt to read from address 0000000000000010

CONTEXT:  fffffa6001bbb040 -- (.cxr 0xfffffa6001bbb040)
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa6001bbb978
rdx=0000000000000000 rsi=0000000000000126 rdi=fffffa6001bbb978
rip=fffffa60012e7dc4 rsp=fffffa6001bbb8a0 rbp=fffffa800aa4cce0
 r8=fffffa60012e7da0  r9=fffffa6001bbb940 r10=fffffa8009fdf4a0
r11=0000000000000000 r12=0000000000000000 r13=fffffa6001bbb970
r14=fffffa800aa4cc00 r15=0000000000000000
iopl=0         nv up ei ng nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010286
fffffa60`012e7dc4 48837b1000      cmp     qword ptr [rbx+10h],0 ds:002b:00000000`00000010=????????????????
Resetting default scope





ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  0000000000000010

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80001e3b080

fffffa60`012e7dc4 48837b1000      cmp     qword ptr [rbx+10h],0

fffffa60`012e7dc4 48837b1000      cmp     qword ptr [rbx+10h],0


LAST_CONTROL_TRANSFER:  from fffff80001c94c06 to fffffa60012e7dc4

fffffa60`01bbb8a0 fffff800`01c94c06 : fffffa60`01bbb978 fffffa60`01bbb900 fffffa80`0afdc030 f8800c9c`80980400 : Ntfs!NtfsFilterCallbackAcquireForCreateSection+0x24
fffffa60`01bbb8e0 fffff800`01eca795 : 00000000`00000000 00000000`00000000 fffffa60`01bbb978 fffffa60`012e7da0 : nt!FsFilterPerformCallbacks+0xce
fffffa60`01bbb940 fffff800`01c588ab : fffffa80`0ade2e30 00000000`00000000 fffffa80`0aa4cce0 00000000`00000000 : nt!FsRtlAcquireFileExclusiveCommon+0xe1
fffffa60`01bbbbe0 fffff800`01c58f0a : fffffa60`01966700 fffffa60`019667f0 fffffa60`00000000 00000000`00000000 : nt!CcWriteBehind+0x347
fffffa60`01bbbc70 fffff800`01c758c3 : fffffa80`09d40510 fffff800`01e118c0 fffffa80`0ae40400 00000000`00000000 : nt!CcWorkerThread+0x186
fffffa60`01bbbcf0 fffff800`01e78f77 : fffffa80`09d40510 00000000`00000000 fffffa80`09d2d040 00000000`00000080 : nt!ExpWorkerThread+0xfb
fffffa60`01bbbd50 fffff800`01cab636 : fffffa60`019d8180 fffffa80`09d2d040 fffffa60`019e1d40 fffffa80`09d2e138 : nt!PspSystemThreadStartup+0x57
fffffa60`01bbbd80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16


SYMBOL_NAME:  Ntfs!NtfsFilterCallbackAcquireForCreateSection+24

FOLLOWUP_NAME:  MachineOwner


IMAGE_NAME:  Ntfs.sys


STACK_COMMAND:  .cxr 0xfffffa6001bbb040 ; kb

FAILURE_BUCKET_ID:  X64_0x34_Ntfs!NtfsFilterCallbackAcquireForCreateSection+24

BUCKET_ID:  X64_0x34_Ntfs!NtfsFilterCallbackAcquireForCreateSection+24

Followup: MachineOwner

Question by:BCSOnline
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3

Expert Comment

ID: 34961082
Verify If you have another Active Directory master domain controller in same network, if you have, remove it

The small business server restarts due a rule of small business server product.

Author Comment

ID: 34961435
No this is not the case, but thank you for your input

Expert Comment

ID: 35299722
I am currently having this same issues and it is caused by Symantec Endpoint Protection Small Business Edition. Once SEP is uninstalled, which has to be done via Symantec Clean Sweep, the issue goes away. Symantec claimed that the newest build, 12.0.1001.95, would fix the issue but it does not. After the first BSOD I received, I booted into Safe Mode and SEP popped up saying the the File System Auto Protect was malfunctioning. I suspect that is the cause. I am currently about 30 minutes into being on-hold with Symantec's Tech support. I would use a different AV solution but my client purchased a 3 year license so they are stuck.

Accepted Solution

BCSOnline earned 0 total points
ID: 35747129
The servers were reinstalled

Author Closing Comment

ID: 35775459
We reinstalled the server

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question