Hi All,
I need some help on diagnosing a Minidump from our Domain Controller. It is a Windows Server 2008 OS running with VMWare.
Loading User Symbols
Loading unloaded module list
......
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 8266e643, address which referenced memory
Debugging Details:
------------------
Unable to load image \SystemRoot\System32\drivers\tcpip.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for tcpip.sys
*** ERROR: Module load completed but symbols could not be loaded for tcpip.sys
READ_ADDRESS: GetPointerFromAddress: unable to read from 8177b868
Unable to read MiSystemVaType memory at 8175b420
00000000
CURRENT_IRQL: 2
FAULTING_IP:
tcpip+6d643
8266e643 ?? ???
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: 81739990 -- (.trap 0xffffffff81739990)
ErrCode = 00000000
eax=00000000 ebx=861f9430 ecx=503b0004 edx=503a0003 esi=860efaa0 edi=fffff7bf
eip=8266e643 esp=81739a04 ebp=81739a18 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282
tcpip+0x6d643:
8266e643 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from 8266e643 to 8169edc4
STACK_TEXT:
81739990 8266e643 badb0d00 503a0003 00000002 nt!KiTrap0E+0x2ac
WARNING: Stack unwind information not available. Following frames may be wrong.
81739a00 00000000 860efa18 860efa38 00000000 tcpip+0x6d643
STACK_COMMAND: kb
FOLLOWUP_IP:
tcpip+6d643
8266e643 ?? ???
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: tcpip+6d643
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: tcpip
IMAGE_NAME: tcpip.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4b7d2a0b
FAILURE_BUCKET_ID: 0xD1_tcpip+6d643
BUCKET_ID: 0xD1_tcpip+6d643
Followup: MachineOwner
---------
I need some help on diagnosing a Minidump from our Domain Controller. It is a Windows Server 2008 OS running with VMWare.
Loading User Symbols
Loading unloaded module list
......
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 8266e643, address which referenced memory
Debugging Details:
------------------
Unable to load image \SystemRoot\System32\drivers\tcpip.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for tcpip.sys
*** ERROR: Module load completed but symbols could not be loaded for tcpip.sys
READ_ADDRESS: GetPointerFromAddress: unable to read from 8177b868
Unable to read MiSystemVaType memory at 8175b420
00000000
CURRENT_IRQL: 2
FAULTING_IP:
tcpip+6d643
8266e643 ?? ???
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: 81739990 -- (.trap 0xffffffff81739990)
ErrCode = 00000000
eax=00000000 ebx=861f9430 ecx=503b0004 edx=503a0003 esi=860efaa0 edi=fffff7bf
eip=8266e643 esp=81739a04 ebp=81739a18 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282
tcpip+0x6d643:
8266e643 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from 8266e643 to 8169edc4
STACK_TEXT:
81739990 8266e643 badb0d00 503a0003 00000002 nt!KiTrap0E+0x2ac
WARNING: Stack unwind information not available. Following frames may be wrong.
81739a00 00000000 860efa18 860efa38 00000000 tcpip+0x6d643
STACK_COMMAND: kb
FOLLOWUP_IP:
tcpip+6d643
8266e643 ?? ???
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: tcpip+6d643
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: tcpip
IMAGE_NAME: tcpip.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4b7d2a0b
FAILURE_BUCKET_ID: 0xD1_tcpip+6d643
BUCKET_ID: 0xD1_tcpip+6d643
Followup: MachineOwner
---------
