Windows Server 2003 Crashing

Status
Not open for further replies.
All of my servers are built to a uniform standard as far as hardware, disk space, memory are concerned based on the roles that will be assigned. This weekend all three of my servers that run Exchange 2003 sp2 crashed. Other than running Exchange, these three servers have two distinct differences from the rest of my server population. They are running Trend ScanMail for Exchange and McAffee AntiVirus with the proper exclusions to protect Exchange.

Event Log has the following entry: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x00000002, 0xb458fdfe). A dump was saved in C:\Windows\Memory.dmp. I have attached minidump file. Nothing else in Event Log gives me a clue as to what is causing the crash.

Any help reading the dmp file would be greatly appreciated.
 
After searching Microsoft site for Bugchecks with that code in server 2003, it led me to that conclusion and on that site is the fix to it.

Simon
 
It looks like a conflict between the NIC driver and McAffee. Mfehidk01.sys doesn't look right to me, maybe an update that has taken? Should mfehidk01.sys and mfehidk.sys be the same file?

BugCheck D1, {0, 2, 0, b5388dfe}
*** WARNING: Unable to verify timestamp for mfehidk01.sys <--?
*** ERROR: Module load completed but symbols could not be loaded for mfehidk01.sys
*** WARNING: Unable to verify timestamp for mfetdik.sys
*** ERROR: Module load completed but symbols could not be loaded for mfetdik.sys
*** WARNING: Unable to verify timestamp for tcpip.sys
Unable to load image NDIS.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for NDIS.sys
*** WARNING: Unable to verify timestamp for n100325.sys
Probably caused by : mfeapfk.sys ( mfeapfk+4dfe )

0: kd> lmvm mfehidk*
start end module name
b5273000 b529b2a0 mfehidk01 T (no symbols)
Loaded symbol image file: mfehidk01.sys
Image path: \Device\mfehidk01.sys
Image name: mfehidk01.sys Timestamp: Thu Jul 19 00:20:58 2007 (469E3DEA)

b6b4f000 b6b76e60 mfehidk (deferred)
Image path: \SystemRoot\system32\drivers\mfehidk.sys
Image name: mfehidk.sys Timestamp: Thu Dec 21 00:47:27 2006 (4589691F)
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
 
Status
Not open for further replies.
Back