Solved

Windows 2008 crash dump

Posted on 2012-03-18
12
940 Views
Last Modified: 2012-08-14
Hi,

I need your assistance to analyse the crash dump generated by Windows 2008 server??
0
Comment
Question by:solaris1975
  • 6
  • 6
12 Comments
 
LVL 91

Expert Comment

by:nobus
ID: 37736573
then plse post the dmp file here - attach as file
0
 

Author Comment

by:solaris1975
ID: 37736615
Thanks for the prompt response, as per the advice please find the attached dumps.
Mini030412-01.dmp
Mini030512-01.dmp
Mini031512-01.dmp
0
 
LVL 91

Expert Comment

by:nobus
ID: 37736675
0412 refers to IMAGE_NAME:  memory_corruption or bad hardware
0512 and 1512 says : IMAGE_NAME:  arcsas.sys  which seems to be an AMD file, but also links to bad hardware

so i suggest to run ram and disk diags first, to be sure about the basics - best download UBCD, and boot from it to run diags : http://www.ultimatebootcd.com/

you can also swap ram, or run with 1 or 2 sticks
0
 

Author Comment

by:solaris1975
ID: 37736907
So it means that it might be a faulty RAM that causes this kind of panic. Kindly send me the analysis report if you have.
0
 
LVL 91

Expert Comment

by:nobus
ID: 37737189
i deleted it - why do you want it?
and note that it can be bad RAM - but something else also - but ram is easy to test
0
 

Author Comment

by:solaris1975
ID: 37737201
hmm ok.... I just run the test could you kindly let me know what is the problem causing ... driver ???


Loading Dump File [D:\Mini031512-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Loading symbols for fffff800`01000000     ntkrnlmp.exe ->   ntkrnlmp.exe
ModLoad: fffff800`01000000 fffff800`01496000   ntkrnlmp.exe
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (8 procs) Free x64
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 3790.srv03_sp2_gdr.090805-1438
Machine Name:
Kernel base = 0xfffff800`01000000 PsLoadedModuleList = 0xfffff800`011d4140
Debug session time: Thu Mar 15 17:31:29.625 2012 (GMT+3)
System Uptime: 8 days 9:49:56.250
Loading symbols for fffff800`01000000     ntkrnlmp.exe ->   ntkrnlmp.exe
ModLoad: fffff800`01000000 fffff800`01496000   ntkrnlmp.exe
Loading Kernel Symbols
.ModLoad: fffff800`00800000 fffff800`0085e000   hal.dll
.ModLoad: fffffad9`879fb000 fffffad9`87a05000   kdcom.dll
.ModLoad: fffffad9`87a0b000 fffffad9`87a14000   \WINDOWS\system32\BOOTVID.dll
.ModLoad: fffffad9`875ce000 fffffad9`875f2000   sacdrv.sys
.ModLoad: fffffad9`8757a000 fffffad9`875ce000   ACPI.sys
.ModLoad: fffffad9`87a1b000 fffffad9`87a24000   \WINDOWS\system32\DRIVERS\WMILIB.SYS
.ModLoad: fffffad9`87559000 fffffad9`8757a000   pci.sys
.ModLoad: fffffad9`87a2b000 fffffad9`87a34000   isapnp.sys
.ModLoad: fffffad9`87543000 fffffad9`87559000   MountMgr.sys
.ModLoad: fffffad9`87503000 fffffad9`87543000   ftdisk.sys
.ModLoad: fffffad9`87dfb000 fffffad9`87e02000   dmload.sys
.ModLoad: fffffad9`874bc000 fffffad9`87503000   dmio.sys
.ModLoad: fffffad9`87471000 fffffad9`874bc000   volsnap.sys
.ModLoad: fffffad9`87a3b000 fffffad9`87a4b000   PartMgr.sys
.ModLoad: fffffad9`8734b000 fffffad9`87471000   ql2300.sys
.ModLoad: fffffad9`8731b000 fffffad9`8734b000   \WINDOWS\system32\DRIVERS\storport.sys
.ModLoad: fffffad9`87303000 fffffad9`8731b000   arcsas.sys
.ModLoad: fffffad9`872e0000 fffffad9`87303000   lsi_sas.sys
.ModLoad: fffffad9`872c2000 fffffad9`872e0000   nvgts64.sys
.ModLoad: fffffad9`87291000 fffffad9`872c2000   \WINDOWS\system32\drivers\SCSIPORT.SYS
.ModLoad: fffffad9`8727c000 fffffad9`87291000   disk.sys
.ModLoad: fffffad9`8725f000 fffffad9`8727c000   \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
.ModLoad: fffffad9`87221000 fffffad9`8725f000   fltMgr.sys
.ModLoad: fffffad9`876f3000 fffffad9`87704000   Dfs.sys
.ModLoad: fffffad9`871ed000 fffffad9`87221000   KSecDD.sys
.ModLoad: fffffad9`870e8000 fffffad9`871ed000   Ntfs.sys
.ModLoad: fffffad9`87082000 fffffad9`870e8000   NDIS.sys
.ModLoad: fffffad9`8704e000 fffffad9`87082000   Mup.sys
.ModLoad: fffffad9`87a4b000 fffffad9`87a56000   crcdisk.sys
.ModLoad: fffffad9`87fc9000 fffffad9`87fcf700   \SystemRoot\system32\DRIVERS\usbohci.sys
.ModLoad: fffffad9`85667000 fffffad9`856a1000   \SystemRoot\system32\DRIVERS\USBPORT.SYS
.ModLoad: fffffad9`87bfb000 fffffad9`87c05c80   \SystemRoot\system32\DRIVERS\usbehci.sys
.ModLoad: fffffad9`87c0b000 fffffad9`87c19000   \SystemRoot\system32\DRIVERS\vgapnp.sys
.ModLoad: fffffad9`85644000 fffffad9`85667000   \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
.ModLoad: fffffad9`87c1b000 fffffad9`87c24000   \SystemRoot\system32\DRIVERS\watchdog.sys
.ModLoad: fffffad9`87c2b000 fffffad9`87c38000   \SystemRoot\system32\DRIVERS\nvnetbus.sys
.ModLoad: fffffad9`854e2000 fffffad9`85643400   \SystemRoot\system32\DRIVERS\NVNRM.SYS
.ModLoad: fffffad9`87c3b000 fffffad9`87c44000   \SystemRoot\system32\DRIVERS\STKLIB.sys
.ModLoad: fffffad9`87c4b000 fffffad9`87c56000   \SystemRoot\system32\DRIVERS\MCD.SYS
.ModLoad: fffffad9`87c5b000 fffffad9`87c64000   \SystemRoot\system32\DRIVERS\hplto.sys
.ModLoad: fffffad9`87b1b000 fffffad9`87b29000   \SystemRoot\system32\DRIVERS\TAPE.SYS
.ModLoad: fffffad9`8772c000 fffffad9`8773d000   \SystemRoot\system32\DRIVERS\processr.sys
.ModLoad: fffffad9`87d73000 fffffad9`87d7b000   \SystemRoot\system32\DRIVERS\audstub.sys
.ModLoad: fffffad9`87fd0000 fffffad9`87fd5e80   \SystemRoot\system32\drivers\ksthunk.sys
.ModLoad: fffffad9`85483000 fffffad9`854cc000   \SystemRoot\system32\drivers\ks.sys
.ModLoad: fffffad9`8545d000 fffffad9`85483000   \SystemRoot\system32\DRIVERS\rasl2tp.sys
.ModLoad: fffffad9`85e53000 fffffad9`85e5d000   \SystemRoot\system32\DRIVERS\ndistapi.sys
.ModLoad: fffffad9`85431000 fffffad9`8545d000   \SystemRoot\system32\DRIVERS\ndiswan.sys
.ModLoad: fffffad9`8541d000 fffffad9`85431000   \SystemRoot\system32\DRIVERS\raspppoe.sys
.ModLoad: fffffad9`853fa000 fffffad9`8541d000   \SystemRoot\system32\DRIVERS\raspptp.sys
.ModLoad: fffffad9`85e43000 fffffad9`85e52000   \SystemRoot\system32\DRIVERS\TDI.SYS
.ModLoad: fffffad9`85e33000 fffffad9`85e40000   \SystemRoot\system32\DRIVERS\ptilink.sys
.ModLoad: fffffad9`85e23000 fffffad9`85e2e000   \SystemRoot\system32\DRIVERS\raspti.sys
.ModLoad: fffffad9`85303000 fffffad9`8535a000   \SystemRoot\system32\DRIVERS\rdpdr.sys
.ModLoad: fffffad9`852ed000 fffffad9`85303000   \SystemRoot\system32\DRIVERS\termdd.sys
.ModLoad: fffffad9`85e13000 fffffad9`85e21000   \SystemRoot\system32\DRIVERS\kbdclass.sys
.ModLoad: fffffad9`85e03000 fffffad9`85e10000   \SystemRoot\system32\DRIVERS\mouclass.sys
.ModLoad: fffffad9`862a5000 fffffad9`862a6400   \SystemRoot\system32\DRIVERS\swenum.sys
.ModLoad: fffffad9`852d2000 fffffad9`852ed000   \SystemRoot\system32\DRIVERS\update.sys
.ModLoad: fffffad9`85df3000 fffffad9`85e00000   \SystemRoot\system32\DRIVERS\mssmbios.sys
.ModLoad: fffffad9`8519e000 fffffad9`851be000   \SystemRoot\system32\DRIVERS\usbhub.sys
.ModLoad: fffffad9`862a1000 fffffad9`862a2d80   \SystemRoot\system32\DRIVERS\USBD.SYS
.
ModLoad: fffffad9`8512f000 fffffad9`85143000   \SystemRoot\System32\Drivers\NDProxy.SYS
.ModLoad: fffffad9`84fc0000 fffffad9`84fd5e00   \SystemRoot\system32\DRIVERS\NVENETFD.sys
.ModLoad: fffffad9`84f7e000 fffffad9`84fa0000   \SystemRoot\system32\DRIVERS\ClusDisk.sys
.ModLoad: fffffad9`87b2b000 fffffad9`87b35000   \SystemRoot\System32\Drivers\Fs_Rec.SYS
.ModLoad: fffffad9`87d23000 fffffad9`87d2b000   \SystemRoot\System32\Drivers\Null.SYS
.ModLoad: fffffad9`88040000 fffffad9`88047000   \SystemRoot\System32\Drivers\Beep.SYS
.ModLoad: fffffad9`87b4b000 fffffad9`87b55200   \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
.ModLoad: fffffad9`87b6b000 fffffad9`87b75000   \SystemRoot\System32\Drivers\mnmdd.SYS
.ModLoad: fffffad9`87b7b000 fffffad9`87b85000   \SystemRoot\System32\DRIVERS\RDPCDD.sys
.ModLoad: fffffad9`87b8b000 fffffad9`87b98000   \SystemRoot\System32\Drivers\Msfs.SYS
.ModLoad: fffffad9`84f6a000 fffffad9`84f7e000   \SystemRoot\System32\Drivers\Npfs.SYS
.ModLoad: fffffad9`87b9b000 fffffad9`87ba5000   \SystemRoot\system32\DRIVERS\rasacd.sys
.ModLoad: fffffad9`84e9f000 fffffad9`84eca000   \SystemRoot\system32\DRIVERS\ipsec.sys
.ModLoad: fffffad9`84e89000 fffffad9`84e9f000   \SystemRoot\system32\DRIVERS\msgpc.sys
.ModLoad: fffffad9`84d90000 fffffad9`84e89000   \SystemRoot\system32\DRIVERS\tcpip.sys
.ModLoad: fffffad9`84d36000 fffffad9`84d90000   \SystemRoot\system32\DRIVERS\netbt.sys
.ModLoad: fffffad9`84ce9000 fffffad9`84d36000   \SystemRoot\System32\drivers\afd.sys
.ModLoad: fffffad9`8773f000 fffffad9`87751000   \SystemRoot\system32\DRIVERS\wanarp.sys
.ModLoad: fffffad9`87752000 fffffad9`87764000   \SystemRoot\system32\DRIVERS\netbios.sys
.ModLoad: fffffad9`84c98000 fffffad9`84ce9000   \SystemRoot\system32\DRIVERS\rdbss.sys
.ModLoad: fffffad9`84b85000 fffffad9`84c52000   \SystemRoot\system32\DRIVERS\mrxsmb.sys
.ModLoad: fffffad9`87765000 fffffad9`87777000   \SystemRoot\System32\Drivers\Fips.SYS
.ModLoad: fffffad9`87778000 fffffad9`87789000   \SystemRoot\system32\DRIVERS\USBSTOR.SYS
.ModLoad: fffffad9`84b6e000 fffffad9`84b85000   \SystemRoot\system32\DRIVERS\imapi.sys
.ModLoad: fffffad9`84b53000 fffffad9`84b6e000   \SystemRoot\system32\DRIVERS\cdrom.sys
.ModLoad: fffffad9`84b3d000 fffffad9`84b53000   \SystemRoot\system32\DRIVERS\redbook.sys
.ModLoad: fffffad9`87beb000 fffffad9`87bf5700   \SystemRoot\system32\DRIVERS\usbccgp.sys
.ModLoad: fffffad9`853ea000 fffffad9`853f4000   \SystemRoot\system32\DRIVERS\hidusb.sys
.ModLoad: fffffad9`84b28000 fffffad9`84b3d000   \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
.ModLoad: fffffad9`853da000 fffffad9`853e6000   \SystemRoot\system32\DRIVERS\kbdhid.sys
.ModLoad: fffffad9`853ca000 fffffad9`853d4000   \SystemRoot\system32\DRIVERS\mouhid.sys
.ModLoad: fffffad9`84b07000 fffffad9`84b28000   \SystemRoot\System32\Drivers\Cdfs.SYS
.ModLoad: fffffad9`8538a000 fffffad9`85396000   \SystemRoot\System32\Drivers\dump_diskdump.sys
.ModLoad: fffffad9`84aef000 fffffad9`84b07000   \SystemRoot\System32\Drivers\dump_arcsas.sys
.ModLoad: fffff97f`ff000000 fffff97f`ff460000   \SystemRoot\System32\win32k.sys
.ModLoad: fffffad9`8537a000 fffffad9`85386000   \SystemRoot\System32\drivers\Dxapi.sys
.ModLoad: fffff97f`ff460000 fffff97f`ff488000   \SystemRoot\System32\drivers\dxg.sys
.ModLoad: fffff97f`ff488000 fffff97f`ff492000   \SystemRoot\System32\framebuf.dll
.ModLoad: fffffad9`87b5b000 fffffad9`87b67000   \SystemRoot\system32\DRIVERS\ndisuio.sys
.ModLoad: fffffad9`845fc000 fffffad9`84620000   \SystemRoot\system32\DRIVERS\clusnet.sys
.ModLoad: fffffad9`87dab000 fffffad9`87db3000   \SystemRoot\system32\DRIVERS\CdaC15BA.sys
.ModLoad: fffffad9`87dcb000 fffffad9`87dd3000   \SystemRoot\system32\DRIVERS\CdaD10BA.sys
.ModLoad: fffffad9`840a1000 fffffad9`84138000   \SystemRoot\System32\Drivers\HTTP.sys
.ModLoad: fffffad9`83f03000 fffffad9`83fcf000   \SystemRoot\system32\DRIVERS\srv.sys
.ModLoad: fffffad9`83bf7000 fffffad9`83c15000   \SystemRoot\system32\DRIVERS\rpcxdr.sys
.ModLoad: fffffad9`84292000 fffffad9`8429d000   \SystemRoot\system32\DRIVERS\secdrv.sys
.ModLoad: fffffad9`82a6a000 fffffad9`82ae5000   \??\C:\WINDOWS\system32\drivers\NfsRdr.sys
.ModLoad: fffffad9`87b3b000 fffffad9`87b49000   \SystemRoot\System32\Drivers\TDTCP.SYS
.ModLoad: fffffad9`8266c000 fffffad9`826aa000   \SystemRoot\System32\Drivers\RDPWD.SYS
.ModLoad: fffff97f`ff492000 fffff97f`ff4c0000   \SystemRoot\System32\RDPDD.dll

Loading User Symbols
Loading unloaded module list
........
Loaded dbghelp extension DLL
Loaded ext extension DLL
Loaded exts extension DLL
Loaded kext extension DLL
Loaded kdexts extension DLL
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {28, 8, 0, fffffad987310e34}

Unable to load image arcsas.sys, Win32 error 0n2
Loading symbols for fffffad9`87303000       arcsas.sys ->   arcsas.sys
*** WARNING: Unable to verify timestamp for arcsas.sys
*** ERROR: Module load completed but symbols could not be loaded for arcsas.sys
Probably caused by : arcsas.sys ( arcsas+de34 )

Followup: MachineOwner
---------

7: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000028, memory referenced
Arg2: 0000000000000008, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffffad987310e34, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS:  0000000000000028

CURRENT_IRQL:  8

FAULTING_IP:
arcsas+de34
fffffad9`87310e34 ??              ???

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP

BUGCHECK_STR:  0xD1

PROCESS_NAME:  Idle

TRAP_FRAME:  fffffad987e6a720 -- (.trap 0xfffffad987e6a720)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000000000000000e rbx=0000000000000000 rcx=fffffad9c0be3008
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffffad987310e34 rsp=fffffad987e6a8b0 rbp=fffffad987e6ac30
 r8=0000000000000001  r9=5b37b2c49a000000 r10=5b37b2c49b8e00fd
r11=fffffad987abd450 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na pe nc
arcsas+0xde34:
fffffad9`87310e34 ??              ???
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff8000102e5b4 to fffff8000102e890

STACK_TEXT:  
fffffad9`87e6a598 fffff800`0102e5b4 : 00000000`0000000a 00000000`00000028 00000000`00000008 00000000`00000000 : nt!KeBugCheckEx
fffffad9`87e6a5a0 fffff800`0102d547 : 00000000`00000002 fffffad9`bd85c050 00000000`00000000 fffffad9`bd86ac80 : nt!KiBugCheckDispatch+0x74
fffffad9`87e6a720 fffffad9`87310e34 : fffffad9`b92761a0 fffffad9`c0be3008 fffffad9`bcde6670 5b37b2c5`aa000000 : nt!KiPageFault+0x207
fffffad9`87e6a8b0 fffffad9`b92761a0 : fffffad9`c0be3008 fffffad9`bcde6670 5b37b2c5`aa000000 00000000`00000001 : arcsas+0xde34
fffffad9`87e6a8b8 fffffad9`c0be3008 : fffffad9`bcde6670 5b37b2c5`aa000000 00000000`00000001 fffff800`011b4900 : 0xfffffad9`b92761a0
fffffad9`87e6a8c0 fffffad9`bcde6670 : 5b37b2c5`aa000000 00000000`00000001 fffff800`011b4900 00000000`00000000 : 0xfffffad9`c0be3008
fffffad9`87e6a8c8 5b37b2c5`aa000000 : 00000000`00000001 fffff800`011b4900 00000000`00000000 00000000`0000000e : 0xfffffad9`bcde6670
fffffad9`87e6a8d0 00000000`00000001 : fffff800`011b4900 00000000`00000000 00000000`0000000e fffffad9`87afb000 : 0x5b37b2c5`aa000000
fffffad9`87e6a8d8 fffff800`011b4900 : 00000000`00000000 00000000`0000000e fffffad9`87afb000 fffffad9`873045ce : 0x1
fffffad9`87e6a8e0 00000000`00000000 : 00000000`0000000e fffffad9`87afb000 fffffad9`873045ce fffffad9`c0be3008 : nt!KiInitialThread+0x400


STACK_COMMAND:  kb

FOLLOWUP_IP:
arcsas+de34
fffffad9`87310e34 ??              ???

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  arcsas+de34

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: arcsas

IMAGE_NAME:  arcsas.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  474cbeee

FAILURE_BUCKET_ID:  X64_0xD1_arcsas+de34

BUCKET_ID:  X64_0xD1_arcsas+de34

Followup: MachineOwner
---------
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 91

Expert Comment

by:nobus
ID: 37738141
Not sure i understand what you mean with : " let me know what is the problem causing ... driver ???"
it points to the AMD file as i said above, and it also refers to memory

did you run the Ram test yet?  use memtst86+ from the uBCD
0
 

Author Comment

by:solaris1975
ID: 37740765
Not yet ... is it save to run on the production environment especially into the government sector..??
0
 
LVL 91

Accepted Solution

by:
nobus earned 500 total points
ID: 37740929
it only tests the ram - does not touch disk at all
make the CD on another PC
0
 

Author Comment

by:solaris1975
ID: 37762146
we upgrade the ILOM firmware of the server seems so far so good. Kindly close this question & thanks for your support.
0
 

Author Closing Comment

by:solaris1975
ID: 37762162
kindly close the case
0
 
LVL 91

Expert Comment

by:nobus
ID: 37762240
may i ask what was the solution ?
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now