Solved

Server 2003 blue screen twice in 1 month.

Posted on 2014-09-22
24
146 Views
Last Modified: 2014-11-04
Server 2003 is VM, on Hyper-V.  Has been running for over 1 year until these issues.  I haven't been able to figure out why it is happening.  The log files are not giving indication to why the crash happened.  What/where can I begin to figure this out?
0
Comment
Question by:Robert Gilliatt
  • 11
  • 5
  • 5
  • +2
24 Comments
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40337278
Have you made any changes to the VM? additional memory, disk space, CPU? What about the host? Any changes?
0
 
LVL 2

Expert Comment

by:CHENGH
ID: 40337334
This can be caused by many things. If there are many other VMs running on the same hyper visor without problem, maybe focus on the change you made on this VM. Start with finding out the difference to other VMs.

Another thought is storage. If you are using shared network storage, I suggest start with monitor the network connection and traffic when it went to blue screen.
0
 
LVL 8

Expert Comment

by:Ratnesh Mishra
ID: 40337399
Few steps which can help you :-
1. Check the error in event log of VM and Host machine when the crash happens. Anything relevant you may find[less chance] ?
2. You can check with Event log of VM in system for and Bugcheck code or crash related or memory leak etc such as event id 333, 2019 or 2020 . Don't forget to look in Application logs as well ?
3. Most importent, when machine crash based on the dump configuration in "Startup and recovery" option it dump the file so first check you may have .dmp file either in c:\windows\memory.dmp or xxxxxx.dmp files in "c:\windows\minidump"
If its not configured do feel free to go through the link below mention for how to configure memory dump.
http://sangnak.com/memory-dump-its-configuration-and-method-to-do-it/
0
 

Author Comment

by:Robert Gilliatt
ID: 40337710
Thank you for your comments.
Joshua, I have not made any changes to the VM, additional memory,CPU.  The disk space hasn't change.

Chengh - The other VM's are not having this issue.  I will check out network storage issues.
0
 
LVL 91

Expert Comment

by:nobus
ID: 40338473
post the minidump here for more info !
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40339028
Have you had any power failures or hard shutdowns in your environment? System files could have been corrupted and causing this. I would run a "sfc /scannow" on the VM. This will check for any damaged system files and if it detects any, it will ask for a server 2003 cd, mount the iso to the vm and it will repair
0
 

Author Comment

by:Robert Gilliatt
ID: 40339446
i don't have a minidump file, but I have a MEMORY.DMP file in c:\windows.  We have hard a hard shutdown.  The host server ran out of disk space a few weeks ago.  All the VM's were paused to save them by the Hyper-V server.  But 2 weeks before that, this machine blue screened.
0
 
LVL 91

Expert Comment

by:nobus
ID: 40339649
if you don't post the dmp - we can't look at it...
0
 
LVL 8

Expert Comment

by:Ratnesh Mishra
ID: 40340132
Good to know that you have memory.dmp file . We can expect a compressed memory dump which will save your space and bandwidth. to be send to us for analysis.
If you still not feel fine with it, least you can help us with Bugcheck code which is in the critical Event id 1001.
0
 

Author Comment

by:Robert Gilliatt
ID: 40340137
the memorydump file is 590 megs uncompressed, 115 compressed and is too big to attach.
0
 
LVL 8

Expert Comment

by:Ratnesh Mishra
ID: 40340176
Are you attaching it here [an option as "attach file" below the comment], what error you are facing. If there is any, you can request attention of moderator so that we can have the memory dump file for analysis.
0
 

Author Comment

by:Robert Gilliatt
ID: 40340211
Hey I just realized my subject has the wrong OS, I am running Server 2008 R2, 64 bit.  I didn't realize I typed in 2003.  The limit to attach a file is 50mb.  I am downloading windows sdk to see if I can open the file and troubleshoot this issue.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 8

Expert Comment

by:Ratnesh Mishra
ID: 40340227
No worries, 2003 or 2008 R2 dump will give you the reason and suspect for causing the issue. It seems that you have kernal memory dump. Good to know that you can debug yourself ,at any point you need assistance do feel free to ping us . Don't forget to check the faulting IP and match it with the loded module address , if the address mentioned in faulting IP is lieing in the range of the loaded module which is considered as suspect then you should try to update the file. However in most case if its ntoskrnl then actually something else is calling and trap lies some where else.
If you are facing 0xc0000005 error  in one of parameter of the bug code it means you are having memory address violation .
0
 

Author Comment

by:Robert Gilliatt
ID: 40340300
i thought I could read in the dump file, but I need to get my symbol definitions and symbol files.  is there a default location or download? I thought incorrectly it would come with the windows debugger.
0
 

Author Comment

by:Robert Gilliatt
ID: 40340330
Dump.txt is what the debugger is telling me.  I am getting closer to reading it in, but still limping along.
0
 

Author Comment

by:Robert Gilliatt
ID: 40340332
0
 
LVL 8

Expert Comment

by:Ratnesh Mishra
ID: 40340372
This shows svchost causing issue, however since svchost is a container to execute one or multiple services at a time. Now you may need to transfer complete dump file to know which service has caused it. you can use winrar or winzip to silce the dump file into 45 mb multiple files which we can use to recreate a single file. Without that its not possible to provide you more accurate answer.
Did you check the address 76f6747a , it belongs to which thread and that thread belongs to which process. ?

Hoping you have already updated all the post SP1- hotfixes to the 2008 R2 machine.
0
 
LVL 91

Expert Comment

by:nobus
ID: 40340910
it also says vista driver fault  and RAISED_IRQL_FAULT
so updating your drivers can help also  - look also to connected devices!
btw - you can upload large files to skydrive, or such
0
 

Author Comment

by:Robert Gilliatt
ID: 40380549
Here is the compressed DMP file. it will only be available until saturday, October 18th. I can reupload it if need be.
https://www.zeta-uploader.com/830422834
0
 
LVL 91

Expert Comment

by:nobus
ID: 40381513
0
 

Author Comment

by:Robert Gilliatt
ID: 40383247
i have none of those programs installed on my server though?
0
 

Accepted Solution

by:
Robert Gilliatt earned 0 total points
ID: 40383275
I just verified that this server is running the desktop version of ESET AV, I will remove it and install the server version.
0
 
LVL 91

Expert Comment

by:nobus
ID: 40383724
the compressed file holds no more info for me
0
 

Author Closing Comment

by:Robert Gilliatt
ID: 40421198
This appears to have fixed it.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now