• Status: Solved
  • Priority: High
  • Security: Private
  • Views: 60
  • Last Modified:

Server reboots daily bug check code 0x000000ab - how to find driver that is issue

BSOD couple of times a day. Server 2008 R2 Enterprise. TS. VM machine.

(last 4)
Bug Check String Session_HasValid_Pool_on_Exit
Bug Check code 0x000000ab
Param 1 0x11, 0x19, 0xf, 0xe
Param 2 0x350, 0x350, 0x350, 0x350
Param 3 0x0, 0x0, 0x0, 0x0
Param 4 0x1, 0x1, 0x1, 0x1

Tried to load: https://support.microsoft.com/en-us/help/2585233/stop-0x000000ab-session-has-valid-pool-on-exit-error-when-a-client-log but get:
Windows update  could not be installed because of error 2149842967 "" (Command line: ""C:\Windows\system32\wusa.exe" "C:\Users\Administrator.MKBCOLA\Downloads\Windows6.1-KB2617115-v2-x64.msu"        ")

most research says bad printer driver. Is there a way to tell which driver?

Bluescreenview shows file name of ntoskrnl.exe with a file description of NT Kernel & System
mini dump attached
031918-26863-01.dmp
0
nocluejoe
Asked:
nocluejoe
  • 11
  • 6
  • 4
  • +1
4 Solutions
 
J SSenior Systems AdministratorCommented:
Where any of the drivers recently updated or newly installed hardware?  Have you attempted to run a scandisk against the server?
0
 
nocluejoeAuthor Commented:
I am not aware of any new drivers being loaded or updated. I was hoping something in the dump could guide me to the malfunctioning driver.

I have not done a scandisk. Server is under heavy use for the next 6 to 7 weeks, need to see if I can find a resolution without being to intrusive.
0
 
J SSenior Systems AdministratorCommented:
I would recommend doing the following as time permits.

1. Review if any drivers have been updated or applications recently installed
2.  Establish a baseline of when and how often the server is rebooting.
3. Boot the server in to safe mode , use step 2 to establish a time line of how long to leave it in safemode in attempt to verify its a driver BSODing the server and not Windows.
4. Run Scandisk
5. Update all drivers.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
nocluejoeAuthor Commented:
Seems like a reasonable path to take.

Is there no other information to be gain from mini-dump that could assist me?

Rebooting happens 2 - 4 times daily at different times. No apparent consistant system load, specific users, or programs running.

Being this is a production server and a terminal server with many users and many printers, running safe mode and the scandisk is not the ideal option.

Any other options available to help narrow down the issue?

thanks for the help you have provided thus far.
0
 
J SSenior Systems AdministratorCommented:
I ran your dump file through the following website which gives more details then BluescreenView its showing the following


FOLLOWUP_IP:
nt!MiCheckSessionPoolAllocations+13f
fffff800`01df415f cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!MiCheckSessionPoolAllocations+13f

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP:  5aa1f203

IMAGE_NAME:  memory_corruption

It may be possible you have a bad memory module, you should be able to reboot the machine press F8 on boot up and run windows memory diagnostic tool.

OSRonline
http://www.osronline.com/page.cfm?name=analyze
0
 
arnoldCommented:
Does the host or a VM blue screens?
0
 
nocluejoeAuthor Commented:
@JS - This is a VM. The Host servers show no issue with memory modules. Should I still run memory diag on vm?
@arnold the vm blue screens.
0
 
arnoldCommented:
see if you can alocate more memory to the VM and see if that resolves it. VM has no physical memory so testing for memory issues......

potentially the memory it needs is more than is allocated and when it tries to swap/access additional memory it runs into an issue and crashes.
0
 
R@f@r P@NC3RVirtualization SpecialistCommented:
Hello,

What hardware requirements do you use for this server, such as memory, disk, cpu?

the vm is vmware or hyper-v?

Did you check the operating system's event viewer to validate what errors or warnings you have?

At the level of the operating system you can run the Reliability and Performance Monitor tool to detect if you have problems with the memory without restarting the operating system.

Go to Start / Administrative Tools / Reliability and Performance Monitor / System / diagnostic system / right click and click Start.

Once the diagnosis is completed.

Go to reports / system / system diagnostic / you will see two report one with graphics and another with a summary with everything that I evaluate, look for the item Basic System checks and there you can see the status of all your hardware and virtual software, I will tell you as normal, critical, warning, perform the tests and tell us.

Regards..
0
 
nocluejoeAuthor Commented:
- 2 processors, 2 cores each, 32 GB memory, 3 HD – 1 OS, 2 applications, 3 system reserved
- Vmware
- System log
-      Event 41 kernel-Power critical
-      eventID 1001 BugCheck – (same info as event 41 just notated as hex versus dec)
-      event 6008 previous system shutdown un expected
basic system checks all came back as passed
cpu utilization 14%, disk 18 /sec, memory 19%, network under 15%
working on printer drivers
-      found event 365 for HP 1006 that was added, removed from server
-      Removed old HP 4250 (has for long time given error 354 failed initialization, but never shut down server)

read somewhere that if really is a print driver issue, I could but drivers in isolation mode and that would keep the OS from BSOD? If this is true, can you point me to a resource about this?

When I tried to put in the hotfix (https://support.microsoft.com/en-us/help/2585233/stop-0x000000ab-session-has-valid-pool-on-exit-error-when-a-client-log) i get the message not support for this OS. I assumed it already had this installed. Could I have missed something while trying to install or is there another version I could not find. - in the applies to it has 2008 R2 Enterprise.
0
 
R@f@r P@NC3RVirtualization SpecialistCommented:
Hello

According to the link you publish, it refers to the win32k.sys driver, where it indicates problems with drivers installed incorrectly, corrupted or damaged, causing memory loss in your operating system, causing constant restarts. Validate the following:

1- Device manager to validate if you find a warning or error in one of the server's controllers.

2- Validate the installed updates of Windows update, to see if a failure.

3- Delete temporary files of the operating system. Execute a run and place% temp%, everything you find delete it.

4- Executes the Windows space liberator.

5- Check the windows system files. Open a command prompt as an administrator and place the command sfc / scannow. Wait for the check to end 100%.

6- Check the status of the hard disk by the chkdsk / f command, execute the prompt as administrator.

7- Execute a scan with your antivirus software, it can be a malware.

Note: All these actions can be performed without the need to restart the server.

Additional:

a- To apply the Hotfix that you indicate you must have servipack1 on your server server 2008, do you have servipack 1? if you do not have it, you should install it and then run the hotfix.

b- Can you make a repair of the operating system? as you indicate that it is a production server.

c- Do you have support from this server? You could also perform a restoration to a date where the restarts did not appear constantly.

I remain attentive to your comments.

Regards...
0
 
nocluejoeAuthor Commented:
No issues noted in device manager.

Windows update shows as updated. Last security update installed successfully on 3/18.
Installed updates does not show KB2617115 – how to get this update to work?

Temp folder cleared.

Windows resource protection did not find any integrity violations.

Anti-virus scan started.

Yes. Have Server 2008 R2 Enterprise SP1.

A repair of the OS would have to wait – not a good option. Any risk of not being able to use the server – which I think a OS repair would present, cannot be done now.

I do not. I might be able to get vmWare to assist me. If a bad driver was loaded, could I try and use a restore point like on a PC without loss of data in application files?

Everyone’s assistance is greatly appreciated!
0
 
nocluejoeAuthor Commented:
virus scan came back clean
0
 
arnoldCommented:
https://www.microsoft.com/en-us/download/details.aspx?id=29169

You have to identify whether a remote desktop connection that attaches their printer is the cause for your issue.

local Group policy disable of attaching of printers from a terminal server/remote session and see if the bug check reoccurs

Check login events or event logs after the system comes back what preceded the bugcheck event i.e. an attempt at setting up a spool/printer....
0
 
R@f@r P@NC3RVirtualization SpecialistCommented:
Hello,

"Installed updates do not show KB2617115: how to make this update work?"

You can install the update manually.

Validate the event viewer to see what other errors we can find regarding the problem.

Validate the log at the vmware level to see if there are any errors or unexpected reboots.

Regards...
0
 
nocluejoeAuthor Commented:
I think I have corrected printer driver issues. (at least I don't see any message in application and services, Microsoft, windows, printservice, adim.

In the process of reviewing to ensure no users have printers checked as a resource when connecting to tax server.


One of the software packages on the server shows printers being available that have been deleted. Is there a place to check for old drivers and remove them?

not seeing other errors in event log
0
 
R@f@r P@NC3RVirtualization SpecialistCommented:
good afternoon

You can share an image where the available and deleted printers appear.

I also recommend that you leave the server in monitereo where you present the problem for two days and thus validates that the problem does not appear again.

I remain attentive to your comments.

Regards...
0
 
nocluejoeAuthor Commented:
bsod, now stop 0x50
System Uptime: 0 days 18:02:12.930
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff900c2916990, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff960002008bd, If non-zero, the instruction address which referenced the bad memory
      address.
Arg4: 0000000000000000, (reserved)

Debugging Details:
------------------


Could not read faulting driver name
TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2

this is so frustrating.
0
 
arnoldCommented:
use memtest to test memory, it points to it ...
Arguments:
Arg1: fffff900c2916990, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff960002008bd, If non-zero, the instruction address which referenced the bad memory
0
 
R@f@r P@NC3RVirtualization SpecialistCommented:
Go to Start / Administrative Tools / Reliability and Performance Monitor / System / diagnostic system / right click and click Start.

Once the diagnosis is completed.

Go to reports / system / system diagnostic / you will see two report one with graphics and another with a summary with everything that I evaluate, look for the item Basic System checks and there you can see the status of all your hardware and virtual software, I will tell you as normal, critical, warning, perform the tests and tell us.

the server is in a productive environment,?, executes a memory diagnosis with Windows memory diagnostic, but the server must be restarted to start the diagnosis.

I remain attentive to your comments.

Regards..
0
 
R@f@r P@NC3RVirtualization SpecialistCommented:
Hello

if it is an update or driver problem, first validate the device manager see if there is an error with a driver.

Additional validates the updates installed on the computer, to see if a failure. you can see them in control panel / programs and installed features / updates.

Also check the Windows update.

I remain attentive to your comments.

regards..
0
 
nocluejoeAuthor Commented:
thanks for all the assistance. I appreciate it.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

  • 11
  • 6
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now