Server 2003 blue screen twice in 1 month.

Server 2003 is VM, on Hyper-V.  Has been running for over 1 year until these issues.  I haven't been able to figure out why it is happening.  The log files are not giving indication to why the crash happened.  What/where can I begin to figure this out?
Robert GilliattSystem AdministratorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Joshua GrantomSenior Systems AdministratorCommented:
Have you made any changes to the VM? additional memory, disk space, CPU? What about the host? Any changes?
0
CHENGHCommented:
This can be caused by many things. If there are many other VMs running on the same hyper visor without problem, maybe focus on the change you made on this VM. Start with finding out the difference to other VMs.

Another thought is storage. If you are using shared network storage, I suggest start with monitor the network connection and traffic when it went to blue screen.
0
Ratnesh MishraCommented:
Few steps which can help you :-
1. Check the error in event log of VM and Host machine when the crash happens. Anything relevant you may find[less chance] ?
2. You can check with Event log of VM in system for and Bugcheck code or crash related or memory leak etc such as event id 333, 2019 or 2020 . Don't forget to look in Application logs as well ?
3. Most importent, when machine crash based on the dump configuration in "Startup and recovery" option it dump the file so first check you may have .dmp file either in c:\windows\memory.dmp or xxxxxx.dmp files in "c:\windows\minidump"
If its not configured do feel free to go through the link below mention for how to configure memory dump.
http://sangnak.com/memory-dump-its-configuration-and-method-to-do-it/
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Robert GilliattSystem AdministratorAuthor Commented:
Thank you for your comments.
Joshua, I have not made any changes to the VM, additional memory,CPU.  The disk space hasn't change.

Chengh - The other VM's are not having this issue.  I will check out network storage issues.
0
nobusCommented:
post the minidump here for more info !
0
Joshua GrantomSenior Systems AdministratorCommented:
Have you had any power failures or hard shutdowns in your environment? System files could have been corrupted and causing this. I would run a "sfc /scannow" on the VM. This will check for any damaged system files and if it detects any, it will ask for a server 2003 cd, mount the iso to the vm and it will repair
0
Robert GilliattSystem AdministratorAuthor Commented:
i don't have a minidump file, but I have a MEMORY.DMP file in c:\windows.  We have hard a hard shutdown.  The host server ran out of disk space a few weeks ago.  All the VM's were paused to save them by the Hyper-V server.  But 2 weeks before that, this machine blue screened.
0
nobusCommented:
if you don't post the dmp - we can't look at it...
0
Ratnesh MishraCommented:
Good to know that you have memory.dmp file . We can expect a compressed memory dump which will save your space and bandwidth. to be send to us for analysis.
If you still not feel fine with it, least you can help us with Bugcheck code which is in the critical Event id 1001.
0
Robert GilliattSystem AdministratorAuthor Commented:
the memorydump file is 590 megs uncompressed, 115 compressed and is too big to attach.
0
Ratnesh MishraCommented:
Are you attaching it here [an option as "attach file" below the comment], what error you are facing. If there is any, you can request attention of moderator so that we can have the memory dump file for analysis.
0
Robert GilliattSystem AdministratorAuthor Commented:
Hey I just realized my subject has the wrong OS, I am running Server 2008 R2, 64 bit.  I didn't realize I typed in 2003.  The limit to attach a file is 50mb.  I am downloading windows sdk to see if I can open the file and troubleshoot this issue.
0
Ratnesh MishraCommented:
No worries, 2003 or 2008 R2 dump will give you the reason and suspect for causing the issue. It seems that you have kernal memory dump. Good to know that you can debug yourself ,at any point you need assistance do feel free to ping us . Don't forget to check the faulting IP and match it with the loded module address , if the address mentioned in faulting IP is lieing in the range of the loaded module which is considered as suspect then you should try to update the file. However in most case if its ntoskrnl then actually something else is calling and trap lies some where else.
If you are facing 0xc0000005 error  in one of parameter of the bug code it means you are having memory address violation .
0
Robert GilliattSystem AdministratorAuthor Commented:
i thought I could read in the dump file, but I need to get my symbol definitions and symbol files.  is there a default location or download? I thought incorrectly it would come with the windows debugger.
0
Robert GilliattSystem AdministratorAuthor Commented:
Dump.txt is what the debugger is telling me.  I am getting closer to reading it in, but still limping along.
0
Robert GilliattSystem AdministratorAuthor Commented:
0
Ratnesh MishraCommented:
This shows svchost causing issue, however since svchost is a container to execute one or multiple services at a time. Now you may need to transfer complete dump file to know which service has caused it. you can use winrar or winzip to silce the dump file into 45 mb multiple files which we can use to recreate a single file. Without that its not possible to provide you more accurate answer.
Did you check the address 76f6747a , it belongs to which thread and that thread belongs to which process. ?

Hoping you have already updated all the post SP1- hotfixes to the 2008 R2 machine.
0
nobusCommented:
it also says vista driver fault  and RAISED_IRQL_FAULT
so updating your drivers can help also  - look also to connected devices!
btw - you can upload large files to skydrive, or such
0
Robert GilliattSystem AdministratorAuthor Commented:
Here is the compressed DMP file. it will only be available until saturday, October 18th. I can reupload it if need be.
https://www.zeta-uploader.com/830422834
0
nobusCommented:
0
Robert GilliattSystem AdministratorAuthor Commented:
i have none of those programs installed on my server though?
0
Robert GilliattSystem AdministratorAuthor Commented:
I just verified that this server is running the desktop version of ESET AV, I will remove it and install the server version.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nobusCommented:
the compressed file holds no more info for me
0
Robert GilliattSystem AdministratorAuthor Commented:
This appears to have fixed it.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.