Solved

Unexpected Stop Errors running Windows Server 2003 x64 w/sp2

Posted on 2012-04-03
6
1,153 Views
Last Modified: 2012-06-21
We have a Windows Server 2003 x64 SP2 Terminal Server,that for the most part function just fine.  But it has as of yesterday had Blue Screen and Stop error occur twice, the other time being 6mths ago, I realize this isn't so bad, but I'd like to resolve or at least attempt to resolve the issue.

The Microsoft support article KB937455, seems to describe the errors that we are getting when it happened. Which are REASON Code:0x805000f both times with different bug strings.  Should I go ahead and apply the hotfix? file name is fix201603.

I've never applied a hotfix manually on a Server, guess I just never needed too. I hesitate as I don't want to make the situation worse by updating the NTFS file as this hotfix will do or cause another issue. I do not have a non-productive server to test the hotfix on as MS suggests,
so what pre-cautions should I take prior to install, other than backing up the data.

Our current NTSF.sys file is version 5.2.3790.3959 03/22/06.

FYI - We also have another Windows Server 2003 x86 SP2 that is the DC and File/Print Server.
0
Comment
Question by:CATHY-IT
  • 3
  • 3
6 Comments
 
LVL 87

Expert Comment

by:rindi
ID: 37804969
Zip your last 3 minidump files and attach them in your next comment. Where those files are depends on how the system is configured (Usually you'll find those files in \Windows\Minidump, just search for *.dmp files, and make sure you can see hidden files, as they are hidden).
0
 

Author Comment

by:CATHY-IT
ID: 37805777
Here are the memory dumps I found for dates I mentioned above and one other date March 14, 2011 that shows no events in the Log for that time and is around the time this new server replaced the orginal terminal server.
Server-Memory-Dumps.zip
0
 
LVL 87

Accepted Solution

by:
rindi earned 500 total points
ID: 37805880
One of the dumps point to the driver srtsp64.sys as the cause of the BSOD, and that is part of the Symantec Software. Another Dump showed snapvol.sys as the cause (I think that is part of the Volume Shadow Copy part of the OS), and the other dump didn't show too much to be of help. The problem is that all 3 dumps have a different cause and also a different crash code. That makes it hard to properly say what you need to do to fix this. I wouldn't apply the hotfix, particularly since you haven't had the issue very often.

What I'd suggest (and that I'd generally suggest for Terminal Servers), is to reboot the server regularly (maybe each weekend). On TS's it is possible that users are running software which doesn't properly release the resources when the software is closed, and that can cause memory issues etc when these add up. A reboot will clear such memory leaks.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:CATHY-IT
ID: 37806179
May I ask, what are you using to look at the Memory dump files?  so I can see what you see and learn to read these dumps better. I'm using Nirsoft blue screenview and all though I see a whole list of drivers, it states that the two last crashes are caused by driver NTOSKRNL.exe
0
 
LVL 87

Expert Comment

by:rindi
ID: 37806210
I use M$'s Debugging Tools for Windows:

http://msdn.microsoft.com/en-us/windows/hardware/gg463009
0
 

Author Comment

by:CATHY-IT
ID: 37823034
I'll install the MS Debugging tool and take a closer look myself. Otherwise, I'm not going to install this particular hotfix if there's a great chance that its not the solution.

Thanks for your input.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now