Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 158
  • Last Modified:

Server 2003 blue screen twice in 1 month.

Server 2003 is VM, on Hyper-V.  Has been running for over 1 year until these issues.  I haven't been able to figure out why it is happening.  The log files are not giving indication to why the crash happened.  What/where can I begin to figure this out?
0
Robert Gilliatt
Asked:
Robert Gilliatt
  • 11
  • 5
  • 5
  • +2
1 Solution
 
Joshua GrantomSenior EngineerCommented:
Have you made any changes to the VM? additional memory, disk space, CPU? What about the host? Any changes?
0
 
CHENGHCommented:
This can be caused by many things. If there are many other VMs running on the same hyper visor without problem, maybe focus on the change you made on this VM. Start with finding out the difference to other VMs.

Another thought is storage. If you are using shared network storage, I suggest start with monitor the network connection and traffic when it went to blue screen.
0
 
Ratnesh MishraCommented:
Few steps which can help you :-
1. Check the error in event log of VM and Host machine when the crash happens. Anything relevant you may find[less chance] ?
2. You can check with Event log of VM in system for and Bugcheck code or crash related or memory leak etc such as event id 333, 2019 or 2020 . Don't forget to look in Application logs as well ?
3. Most importent, when machine crash based on the dump configuration in "Startup and recovery" option it dump the file so first check you may have .dmp file either in c:\windows\memory.dmp or xxxxxx.dmp files in "c:\windows\minidump"
If its not configured do feel free to go through the link below mention for how to configure memory dump.
http://sangnak.com/memory-dump-its-configuration-and-method-to-do-it/
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Robert GilliattAuthor Commented:
Thank you for your comments.
Joshua, I have not made any changes to the VM, additional memory,CPU.  The disk space hasn't change.

Chengh - The other VM's are not having this issue.  I will check out network storage issues.
0
 
nobusCommented:
post the minidump here for more info !
0
 
Joshua GrantomSenior EngineerCommented:
Have you had any power failures or hard shutdowns in your environment? System files could have been corrupted and causing this. I would run a "sfc /scannow" on the VM. This will check for any damaged system files and if it detects any, it will ask for a server 2003 cd, mount the iso to the vm and it will repair
0
 
Robert GilliattAuthor Commented:
i don't have a minidump file, but I have a MEMORY.DMP file in c:\windows.  We have hard a hard shutdown.  The host server ran out of disk space a few weeks ago.  All the VM's were paused to save them by the Hyper-V server.  But 2 weeks before that, this machine blue screened.
0
 
nobusCommented:
if you don't post the dmp - we can't look at it...
0
 
Ratnesh MishraCommented:
Good to know that you have memory.dmp file . We can expect a compressed memory dump which will save your space and bandwidth. to be send to us for analysis.
If you still not feel fine with it, least you can help us with Bugcheck code which is in the critical Event id 1001.
0
 
Robert GilliattAuthor Commented:
the memorydump file is 590 megs uncompressed, 115 compressed and is too big to attach.
0
 
Ratnesh MishraCommented:
Are you attaching it here [an option as "attach file" below the comment], what error you are facing. If there is any, you can request attention of moderator so that we can have the memory dump file for analysis.
0
 
Robert GilliattAuthor Commented:
Hey I just realized my subject has the wrong OS, I am running Server 2008 R2, 64 bit.  I didn't realize I typed in 2003.  The limit to attach a file is 50mb.  I am downloading windows sdk to see if I can open the file and troubleshoot this issue.
0
 
Ratnesh MishraCommented:
No worries, 2003 or 2008 R2 dump will give you the reason and suspect for causing the issue. It seems that you have kernal memory dump. Good to know that you can debug yourself ,at any point you need assistance do feel free to ping us . Don't forget to check the faulting IP and match it with the loded module address , if the address mentioned in faulting IP is lieing in the range of the loaded module which is considered as suspect then you should try to update the file. However in most case if its ntoskrnl then actually something else is calling and trap lies some where else.
If you are facing 0xc0000005 error  in one of parameter of the bug code it means you are having memory address violation .
0
 
Robert GilliattAuthor Commented:
i thought I could read in the dump file, but I need to get my symbol definitions and symbol files.  is there a default location or download? I thought incorrectly it would come with the windows debugger.
0
 
Robert GilliattAuthor Commented:
Dump.txt is what the debugger is telling me.  I am getting closer to reading it in, but still limping along.
0
 
Robert GilliattAuthor Commented:
0
 
Ratnesh MishraCommented:
This shows svchost causing issue, however since svchost is a container to execute one or multiple services at a time. Now you may need to transfer complete dump file to know which service has caused it. you can use winrar or winzip to silce the dump file into 45 mb multiple files which we can use to recreate a single file. Without that its not possible to provide you more accurate answer.
Did you check the address 76f6747a , it belongs to which thread and that thread belongs to which process. ?

Hoping you have already updated all the post SP1- hotfixes to the 2008 R2 machine.
0
 
nobusCommented:
it also says vista driver fault  and RAISED_IRQL_FAULT
so updating your drivers can help also  - look also to connected devices!
btw - you can upload large files to skydrive, or such
0
 
Robert GilliattAuthor Commented:
Here is the compressed DMP file. it will only be available until saturday, October 18th. I can reupload it if need be.
https://www.zeta-uploader.com/830422834
0
 
nobusCommented:
0
 
Robert GilliattAuthor Commented:
i have none of those programs installed on my server though?
0
 
Robert GilliattAuthor Commented:
I just verified that this server is running the desktop version of ESET AV, I will remove it and install the server version.
0
 
nobusCommented:
the compressed file holds no more info for me
0
 
Robert GilliattAuthor Commented:
This appears to have fixed it.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 11
  • 5
  • 5
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now