commission
Posts: 26 +0
Hello please help
My Windows 2003 server keeps blue screening. I have included the mini dump below.
I would be very grateful if someone could make sense of this
P.S First time poster
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Documents and Settings\shaner\Desktop\CB MinDump\Mini112107-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\WINDOWS\symbolsServer2003
Executable search path is:
Unable to load image \WINDOWS\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS
Kernel base = 0x80800000 PsLoadedModuleList = 0x808af9c8
Debug session time: Wed Nov 21 12:14:57.875 2007 (GMT+11)
System Uptime: 2 days 23:17:50.192
Unable to load image \WINDOWS\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
.......................................................................................................................................
Loading User Symbols
Loading unloaded module list
.................................................
*** WARNING: Unable to verify timestamp for Ntfs.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007F, {8, 80042000, 0, 0}
Probably caused by : Ntfs.sys ( Ntfs!_SEH_prolog+1a )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 80042000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 00000000 to f71c7e8a
STACK_TEXT:
a3707fa4 00000000 00000000 00000000 00000000 Ntfs!_SEH_prolog+0x1a
STACK_COMMAND: kb
FOLLOWUP_IP:
Ntfs!_SEH_prolog+1a
f71c7e8a ?? ???
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: Ntfs!_SEH_prolog+1a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 45d6a04b
FAILURE_BUCKET_ID: 0x7f_8_Ntfs!_SEH_prolog+1a
BUCKET_ID: 0x7f_8_Ntfs!_SEH_prolog+1a
Followup: MachineOwner
---------
0: kd> lmvm Ntfs
start end module name
f71c2000 f7257000 Ntfs M (pdb symbols) C:\WINDOWS\symbolsServer2003\sys\Ntfs.pdb
Loaded symbol image file: Ntfs.sys
Image path: Ntfs.sys
Image name: Ntfs.sys
Timestamp: Sat Feb 17 17:27:23 2007 (45D6A04B)
CheckSum: 00097DDD
ImageSize: 00095000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
My Windows 2003 server keeps blue screening. I have included the mini dump below.
I would be very grateful if someone could make sense of this
P.S First time poster
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Documents and Settings\shaner\Desktop\CB MinDump\Mini112107-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\WINDOWS\symbolsServer2003
Executable search path is:
Unable to load image \WINDOWS\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS
Kernel base = 0x80800000 PsLoadedModuleList = 0x808af9c8
Debug session time: Wed Nov 21 12:14:57.875 2007 (GMT+11)
System Uptime: 2 days 23:17:50.192
Unable to load image \WINDOWS\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
.......................................................................................................................................
Loading User Symbols
Loading unloaded module list
.................................................
*** WARNING: Unable to verify timestamp for Ntfs.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007F, {8, 80042000, 0, 0}
Probably caused by : Ntfs.sys ( Ntfs!_SEH_prolog+1a )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 80042000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 00000000 to f71c7e8a
STACK_TEXT:
a3707fa4 00000000 00000000 00000000 00000000 Ntfs!_SEH_prolog+0x1a
STACK_COMMAND: kb
FOLLOWUP_IP:
Ntfs!_SEH_prolog+1a
f71c7e8a ?? ???
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: Ntfs!_SEH_prolog+1a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 45d6a04b
FAILURE_BUCKET_ID: 0x7f_8_Ntfs!_SEH_prolog+1a
BUCKET_ID: 0x7f_8_Ntfs!_SEH_prolog+1a
Followup: MachineOwner
---------
0: kd> lmvm Ntfs
start end module name
f71c2000 f7257000 Ntfs M (pdb symbols) C:\WINDOWS\symbolsServer2003\sys\Ntfs.pdb
Loaded symbol image file: Ntfs.sys
Image path: Ntfs.sys
Image name: Ntfs.sys
Timestamp: Sat Feb 17 17:27:23 2007 (45D6A04B)
CheckSum: 00097DDD
ImageSize: 00095000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
