Link to home
Start Free TrialLog in
Avatar of KeatingSimons
KeatingSimons

asked on

Server running Windows Server 2008 R2 unexpectedly shuts down and restarts once every day or so

The server restarts and reports that it recovered from a serious error and offers to find a solution online. It never finds a solution, presumably because Server 2008 is no longer supported. Using Windbg I have reviewed the minidump files. Sometimes they refer to tcpip.sys, other times they refer to Rt64win7.sys. I think I understand what these drivers relate to but don't know how to address whatever is causing the problem.
Avatar of Andrew Porter
Andrew Porter
Flag of United States of America image

Is it rebooting at the same time each day?
Is it only ever once per day?
Have you tried running the server in safe mode for a day to test 3rd party app failures?
Avatar of KeatingSimons
KeatingSimons

ASKER

there are 8 dmp files in the minidump folder running from 3/25 to 4/5. most are a day or more apart. on one day there are two dmp files. they are not at the same time. have never run the server is safe mode. I am not aware that we're running any third party apps. Certainly haven't knowingly added anything recently. That said, I just looked and see that on 3/20 something called Team Viewer was installed. Have just uninstalled it. Will see if that makes a difference.
by the way, if you're interested, I have another open question about a problematic VPN connection between my remote workstation and the same server we're talking about in this one
is this an SBS?

It may point to an issue with a network traffic that possible saturates the tcp/ip stack.

is this system accessible from the internet?

i.e. does it serve an application exchange OWA, IIS, etc/

https://www.nirsoft.net/utils/blue_screen_view.html

have you tried running memtest.

you could have a faulty mauled that passes regular tests, but when there is a memory address if used causes a panic.
TeamViewer is a remote management/access tool. You may want to look into that. Are there any new/odd/suspicious local accounts on the machine? If you look at the C:\Users\* - do you see any new/additional logins?
both files refer to your lan card(s).  here a fix : download a driver  :  RT64win7.sys BSOD crashes when PC idle Solved - Windows 7 Help Forums (sevenforums.com) 
I have downloaded the driver file. It is the same version as the one already installed. I will replace the old with the new and see what happens. Unless there is some way to test, I won't know for several days whether replacing the driver file works. Thanks.
don't forget to uninstall the old driver first -and check for errors in device manager
you can also post the dmp file, maybe it has more info
While the error is in the TCP stack, the issue might be elsewhere, i.e. saturating/buffer overflow.

to understand better, what does the system do? what functions does it serve?
is it only internal or has external access?
does it rely on trying and connect to outside sources to transact?
I have been unable to replace the rt64win7.sys file. I have looked at more dmp files and see one referring to netio.sys. How do I upload the dmp files so someone who knows how can read them?
File upload restriction based on filename suffix.

Us the .dmp file minimal or full?
Sorry. Don't understand. I have a number of small dmp files from the minidump folder. Can read them with windbg but haven't learned how to save/print them to text
you can simply attach the minidump files by clicking on the icon shown :
User generated image
You are not answering what does the system do? You might have an issue on the network that saturates the network handler.

try the following, get into the properties of the adapter, get properties of the windows client and change it to max through put to see whether that changes the handler.
the oldest says   mssdmn.exe  which can be caused by extensive cpu use , see ::  mssdmn.exe using all server memory (microsoft.com) 
the latest one says tcpip.sys, like you said, but both say also :  DRIVER_IRQL_NOT_LESS_OR_EQUAL
this can also be caused by bad ram so run memtest86+  Memtest86+ - Advanced Memory Diagnostic Tool 

I am sorry but I don't understand the questions or suggestions.
What does the system do? We have a small office with about 6 workstations, 2 of whom connect remotely via windows vpn. The server acts as a file server and runs MS Exchange.
I looked at the properties of the NIC card. There isn't a setting for max through put. I must be looking in the wrong place.
Memtest looks like it must be run at boot from a usb. Am I missing something? Can I check the RAM while windows server is running?
I really appreciate the help. Just wish I were more knowledgeable.
MS Exchange, is it exposed to the Internet for incoming email?
how much memory does the system have? Consider increasing the memory.
The hardware might be on the old side.


check the health of your AD, dcdiag /v

perhaps I am getting the options in the older versions mixed up. I think the client for microsoft networks or file and print sharing had properties where network traffic can be prioritized. will have to revisit if can locate the older versions.

check what the OS operating mode is for. It should be set to application
properties of computer, advanced settings, performance settings, advanced, should reflect prioritization of CPU/memory for programs versus background......

exchange is what defines it as an application server, versus the background prioritization for file servers...

The suggestion nobus and I are making is to run a memory test to exclude it as the issue for the reboots.

Post reboot what event do you have in the system event log?
A memory fault triggers a reboot.
no- you cannot run the ram diag while it is running
maybe this can do it , but i never tried it :  Memory benchmark - test your PC memory speed (passmark.com) 
I ran the memory test. all tests passed.

device mgr showed problem with driver for AMDA00 interface. I have disabled the device. Perhaps related to problem?

in event logs, found entry from EventLog, #6008, "previous system shutdown at 2:58:04 PM on 4/5/2021 was unexpected." have been unable to find any events leading up to that time to explain the reason for the shutdown. Any ideas where I should look or what I might be looking for?
try updating all drivers then : H87-PLUS - Support (asus.com) 
select the OS first (win7 ?)  
Our MS Exchange doesn't access internet. We use it only internally
System has 16 gig of RAM
I didn't see a version of H87-Plus for windows server 2008. I tried to update drivers using driver easy, an app that I use on my windows 10 desktop. That made the server very unhappy, resulting in a crash that required turn off and turn on to get system to restart. Here is the dmp file that resulted.040821-65629-01.dmp
I did see H87-Plus for windows 7. Will that run on server 2008?
You may have altered the login preference to match using the email address for the OWA?

versus the username/password as the preferred.
Don't understand. We don't use OWA.
have successfully updated driver for network adapter using driver easy. will see what happens next.
The exchange provides an option to change the login to use different sign-in options being pushed by GPO.
ASKER CERTIFIED SOLUTION
Avatar of nobus
nobus
Flag of Belgium image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
The problem has not occurred in quite some time. I think the solution was to update the driver for the network adapter.
ok - let's hiope it stays that way