New Windows 2008 R2 blue screen

I have a brand new server that starting crashing with bluescreen error.  The server reboots and on reboot gives the following error:

Problem signature:
  Problem Event Name:      BlueScreen
  OS Version:      6.1.7601.2.1.0.272.7
  Locale ID:      1033

Additional information about the problem:
  BCCode:      50
  BCP1:      FFFFF8A010C73008
  BCP2:      0000000000000000
  BCP3:      FFFFF880013812E6
  BCP4:      0000000000000000
  OS Version:      6_1_7601
  Service Pack:      1_0
  Product:      272_2

Files that help describe the problem:
  C:\Windows\Minidump\091311-33015-01.dmp
  C:\Users\Administrator\AppData\Local\Temp\2\WER-3053906-0.sysdata.xml

I have attached the dump file.  The server is actually a vmware vm (esxi 4.1).  This is the only vm running on the host.  There is a second host, identical hardware running a second windows 2008 r2 vm.  The two vms are on the same domain runing almost the same roles (ad, dns, dhcp, iis); the only difference is the one that is crashing is also a file and print server.  The second host/vm has no problems.

Hardware is HP Proliant DL380 G7, storage are hp drives in the server.  I have not spent that much time troubleshooting so sorry for the lack of info; I need to get this solved asap so i am posting before fully troubleshooting.  Any help is appreciated 091311-33015-01.dmp
jcwiletsAsked:
Who is Participating?
 
cbmmConnect With a Mentor Commented:
SystemRoot\system32\DRIVERS\zmsfsfltr.sys...

Seems to be the culprit
0
 
jcwiletsAuthor Commented:
can you explain a bit more
0
 
cbmmCommented:
sure, browse to to C:\Windows\System32\drivers and locate the file named zmsfsfltr.sys. the file may be hidden, so you may need to view all hidden files. right click the file--go to properties--go to details--take a screen shot of the info and post here.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
jcwiletsAuthor Commented:
See attached.  Looks like the driver is part of the zenith infotech backup and data recovery solution.  Basically there is another server that takes realtime images of the servers, there is an agent on the windows servers that connect them to the backup server.  I checked the second domain controller and it has this driver as well (it is being backed up in the same solution.  This is the bdr solution if it helps:
http://www.zenithinfotech.com/solutions/smartstyle%20computing/mirrorcloud.aspx Driver details Driver details
0
 
jcwiletsAuthor Commented:
not sure why it added it twice
0
 
jcwiletsAuthor Commented:
what led you to this the driver
0
 
Danny McDanielClinical Systems AnalystCommented:
how often does it crash?  Is there a correlation to the crash occurrences and any other operation?
0
 
jcwiletsAuthor Commented:
see picture (unexpected shutdown event).  Looks like about once every other day, random times Unexpected shutdown
0
 
jcwiletsAuthor Commented:
Just installed the debugging tools; looks like the zmsfsfltr.sys driver.  Now what to do about it, any ideas?  Why would an almost identical setup on the other server not have the same problem?
0
 
Danny McDanielClinical Systems AnalystCommented:
Suppose it could be a corrupt dll or another file.  Were there any other backup apps installed on the server?

Are the esx host build numbers identical?

First uninstall the zenith software after confirming that both servers are using the same versions by checking the file properties.  Let it run for a couple of days to confirm that it's the culprit and make other temporary backup arrangements
0
 
jcwiletsAuthor Commented:
Everything is identical between the servers.  Will try disabling the backup for a couple of days to see.  Will call support as well for the product although that usually leads to frustration.
0
 
Danny McDanielClinical Systems AnalystCommented:
I was looking at zenith for remote site backups a few months back, so I'd love to know how responsive their support is.
0
 
cbmmCommented:
Is the zmsfsfltr.sys file the same version on both servers? Maybe add an exclusion for your anti-virus software to not scan this file? just an idea
0
 
jcwiletsAuthor Commented:
I am testing with the services off for a couple days; Will contact support tomorrow as well.  I will post back what I find
0
 
jcwiletsAuthor Commented:
So the crash did occur again with the services off, so no go there.  BTW, support from Zenith is terrible.  I have not decided yet to scrap the product entirely but I am getting close based on the lack of support.  There is no phone number to call so you have to start a logmein session from an online support request.  This is all fine except I never get a tech in the logmein session which times out after about ten minutes saying there is no one available.  Just to test, on two separate days i kept starting support sessions my entire workday and never once did I get a tech - pretty poor support for a disaster and recovery solution.

Anyway back to the problem, I did add the problem file to the AV exclusions (Trend WFBS) and it has not crashed since 9/15.  The logs show a consistent crash about once every two days so it is looking better.  I will be convinced after a week or so.  Will post back
0
 
jcwiletsAuthor Commented:
Back to the drawing board.  Server crashed a couple hours after the last post
0
 
Danny McDanielClinical Systems AnalystCommented:
Did you check the dump file to see what file was the cause this last time?  sounds like a memory leak in another component that was exacerbated by the Zenith service.

2008 (r1) had an issue with one of the svchost processes but it doesn't appear that R2 has the same issue http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/76931dd2-6262-49be-b8bd-5e0a594c78ae 
0
 
jcwiletsAuthor Commented:
Closing the question and awarding the points for pointing out the source of the problem.  I was unable to actually resolve the issue so decided to remove the Zenith software and come up with a different solution for backup and data recovery.  As a company we actually decided to drop Zenith as a BDR solution.  Mostly due to bad/unresponsive tech support.  The product was also more complicated than needed and not intuitive at all.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.