Solved

BSOD - win32k.sys on 2003 Server R2

Posted on 2011-03-13
6
2,054 Views
Last Modified: 2012-05-11
After running Windows Update the server blue screens with the following message:.

A problem has been detected and Windows has been shut down to prevent damage to your computer.
win32k.sys
An attempt was made to write to read-only memory.
*****
Technical information:
STOP: 0x000000BE (0xBF9EA09B,0x791BF021,0xBA4548FC,0x0000000C)
win32k.sys - Address BF806436 base at BF800000, DateStamp 4d1ddf7b


I have run the Dell Utility memory tests - all passed.
It boots into Safe Mode however I am unable to get the minidump files until tomorrow when I am on site as I am currently connected using the DRAC.

Any suggestions what could be causing the problem?

Many thanks.
BSOD-BD02.jpg
0
Comment
Question by:morticcio
  • 4
6 Comments
 
LVL 8

Expert Comment

by:PenguinN
ID: 35123840
It's most likely a driver problem, check http://technet.microsoft.com/en-us/library/cc785339%28WS.10%29.aspx#BKMK_5
Quote from MS article link:

Stop message 0x000000BE Descriptive text: ATTEMPTED_WRITE_TO_READONLY_MEMORY
Usual cause: A device driver attempted to write to read-only memory. This problem can occur during an upgrade, although it is not limited to upgrades.

Solution:

1.Use the Online Crash Analysis tool at the Microsoft Web site. You can use this tool to send error reports to Microsoft and track their status by using your Microsoft Passport information. You can access the Online Crash Analysis Web site by using the Error Reporting service or by using your Web browser. When it is enabled, the Error Reporting service monitors your system for kernel and user mode faults that are related to operating system components and applications. With kernel-mode reporting, you can obtain more information about the problem or condition that caused the Stop error. For more information, see System and program error reporting overview.

2.Confirm that your hardware is designed for the Windows Server 2003 family by clicking the appropriate link in Support resources.

3.If the computer will not start normally, try starting it in Last Known Good Configuration or in Safe Mode, and then remove or disable newly added programs or drivers. For information about how to start your computer in Safe Mode, see Start the computer in Safe Mode. For more information about how to start your computer in Last Known Good Configuration, see Start the computer using the last known good configuration.

Important

When you use Last Known Good Configuration, system setting changes made after the last successful startup are lost.

0
 
LVL 1

Author Comment

by:morticcio
ID: 35127045
Server boots in Safe Mode
Would not boot with Last Known Good Configuration

Running MS memtest as I type...will post results when it finishes

minidump file uploaded below
0
 
LVL 1

Author Comment

by:morticcio
ID: 35127766
Ran memtest - passed all tests
output from minidump file below
minidump-output.txt
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 4

Accepted Solution

by:
evgeny_f31 earned 250 total points
ID: 35138583
" After running Windows Update " - maybe one of the updates  is the cause.
check what updates were installed, try to uninstall them.
0
 
LVL 1

Assisted Solution

by:morticcio
morticcio earned 0 total points
ID: 35138949
One of the updates was the culprit... KB2393802 to be exact. I raised a call with Microsoft and after some initial troubleshooting, they uninstalled the update and the server restarted.

Will post back if I hear the post mortem on the memoery dumps from Microsoft.

Many thanks.
0
 
LVL 1

Author Closing Comment

by:morticcio
ID: 35174527
KB2393802 was the actual update that caused the blue screen.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

My purpose is to describe the basic concepts of virtual memory as implemented in a modern Windows-based operating system. I will also describe the problems inherent in older systems and how virtual memory solves them. The dark ages - before virtu…
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now