Server 2003 BSOD everytime a VPN is connected

Morning/Afternoon All,

I have a client with a server running MS windows server 2003. It runs fine in every way except when someone connects to it via VPN. The client connects and when it says verifying username and password the server crashes with a BSOD. This happens every time. The blue screen just gives a stop error like "Stop Error: 0x0000007e etc" and thats all that appears in the event viewer. I can't put up the exact stop error at the moment as I'm not onsite ( sorry ).

I have uninstalled and reinstalled the NIC. I have tried using the 2nd NIC instead of the first. I have tried using a USB wireless network adapter to connect to the network/internet and still get the BSOD. I have updated to the latest NIC drivers. I have googled the hell out of the problem with no luck.

I have attached a zip containing a selection of the minidumps, some with log files already that I looked at.

Any help would be greatly appreciated as I'm pulling my hair our over this one.

Regards,

Stu

P.S The Stop error is something like Stop Error: 0x0000007e (0x0000005, 0xb9525ff4, 0xb95c3aa8, 0xb95c37a4) but not exactly. the 7e is correct for the BSOD, at least most of the time anyway.
 

Attachments

  • dumps.zip
    173.1 KB · Views: 2
Of the seven files I read five were error code 0x0000007E: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
A system thread generated an exception which the error handler did not catch. There are numerous individual causes for this problem, including hardware incompatibility, a faulty device driver or system service, or some software issues. Check Event Viewer (EventVwr.msc) for additional information by noting any yellow triangles or red x's.

All five cited the Windows OS driver ndis.sys. Now normally OS drivers are usually too general to be of much diagnostic help. However, this driver ndis.sys is a network layer driver crucial for network interface controllers that access the internet. In lightof your issues it could be either your NIC card drivers need to be updated, or you have a bad NIC cqard, or there is a possibility you are infected.


Also, the other two error codes were both Stop 0xBE: ATTEMPTED_WRITE_TO_READONLY_MEMORY

This indicates that a driver attempted to write to read-only memory.Interpreting the Message


A Stop 0xBE message might occur after you install a faulty device driver, system service, or firmware. If a Stop message lists a driver by name, disable, remove, or roll back that driver to correct the problem. If disabling or removing drivers resolves the issues, contact the manufacturer about a possible update.
 
Thanks for the quick reply. I got ndis.sys from one of the early reads of the minidumps so have been working on the theory that it was something wrong with the NIC. It's also why I tried using a wireless usb network adapter ( which still BSOD ) instead of the onboard NIC to hopefully rule out a driver problem with the NIC.

Having an infected ndis.sys is something I hadn't even considered though probably should have. I will look at this next.

Thanks.

Stu
 
Still no luck. Scan suggest the ndis.sys file is not infected but i replace it with the one from service pack directory anyway to no affect. I even tried disabling both onboard NIC's in CMOS ( they no longer appeared in windwos ) and just used a wireless network adapter to connect the server to the network. Still got the BSOD. I'm not holding out much hope that anyone has any more suggestions but throwing it out there anyway.

The stop error it was giving me last night was

0x0000000a (0x00000035, 0x000000ff, 0x00000001, 0x8088c34f)

it did mainly used to be a 0x000007e, not sure why it's changed.

Regards,

Stu
 
Back