Can't seem to find any solutions to this ongoing problem. Currently using WinDbg to debug issue; however, I am not having much luck.Here are the two latest BSOD:
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Loading Dump File [C:\WINDOWS\Minidump\Mini070809-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: msdl
Executable search path is:
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs) Free x86 compatible
Product: LanManNt, suite: TerminalServer SingleUserTS
Built by: 3790.srv03_sp2_gdr.090319-1204
Machine Name:
Kernel base = 0x80800000 PsLoadedModuleList = 0x808af9c8
Debug session time: Wed Jul 8 09:28:58.521 2009 (GMT-6)
System Uptime: 1 days 0:31:53.448
Loading Kernel Symbols
...............................................................
........................................................
Loading User Symbols
Loading unloaded module list
................
Unable to load image navex15.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for navex15.sys
*** ERROR: Module load completed but symbols could not be loaded for navex15.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, b73d51ba, b7936500, 0}
Probably caused by : navex15.sys ( navex15+5f1ba )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: b73d51ba, The address that the exception occurred at
Arg3: b7936500, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
navex15+5f1ba
b73d51ba ffb1c83a0000 push dword ptr [ecx+3AC8h]
TRAP_FRAME: b7936500 -- (.trap 0xffffffffb7936500)
ErrCode = 00000000
eax=00000000 ebx=e4658010 ecx=00000000 edx=00000000 esi=e8390caa edi=e838e2a9
eip=b73d51ba esp=b7936574 ebp=b7936590 iopl=0 nv up ei pl nz ac po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010213
navex15+0x5f1ba:
b73d51ba ffb1c83a0000 push dword ptr [ecx+3AC8h] ds:0023:00003ac8=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0x8E
PROCESS_NAME: vbda.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from b73d466e to b73d51ba
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
b7936590 b73d466e e838d008 1e658010 e838e2a9 navex15+0x5f1ba
b79365bc b73d4707 b79365e0 e87f43e8 00000001 navex15+0x5e66e
b79365d8 b73a07c4 e838d008 000000ff b79366ac navex15+0x5e707
b7936608 b73a2e38 e87f43f4 e9dd9acd b79366ac navex15+0x2a7c4
b79366b4 b73a344e e5791570 e6d6c870 e9dd9acd navex15+0x2ce38
b7936774 8089c347 b79367d4 00000000 00000004 navex15+0x2d44e
b79367c4 00000000 e5791570 00000000 e6d6c870 nt!ExFreePoolWithTag+0x21a
STACK_COMMAND: kb
FOLLOWUP_IP:
navex15+5f1ba
b73d51ba ffb1c83a0000 push dword ptr [ecx+3AC8h]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: navex15+5f1ba
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: navex15
IMAGE_NAME: navex15.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4994b2c3
FAILURE_BUCKET_ID: 0x8E_navex15+5f1ba
BUCKET_ID: 0x8E_navex15+5f1ba
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini070809-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: msdl
Executable search path is:
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs) Free x86 compatible
Product: LanManNt, suite: TerminalServer SingleUserTS
Built by: 3790.srv03_sp2_gdr.090319-1204
Machine Name:
Kernel base = 0x80800000 PsLoadedModuleList = 0x808af9c8
Debug session time: Wed Jul 8 23:33:09.714 2009 (GMT-6)
System Uptime: 0 days 13:55:55.437
Loading Kernel Symbols
...............................................................
.......................................................
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, b9ef19a1, b7a05a9c, 0}
Probably caused by : hardware ( afd!AfdTransmitFile+50a )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: b9ef19a1, The address that the exception occurred at
Arg3: b7a05a9c, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
afd!AfdTransmitFile+50a
b9ef19a1 0000 add byte ptr [eax],al
TRAP_FRAME: b7a05a9c -- (.trap 0xffffffffb7a05a9c)
ErrCode = 00000002
eax=718ff63b ebx=00000000 ecx=b7a05ca0 edx=00012087 esi=b7a05c9c edi=895c8028
eip=b9ef19a1 esp=b7a05b10 ebp=b7a05c5c iopl=0 ov up ei pl nz ac po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010a13
afd!AfdTransmitFile+0x50a:
b9ef19a1 0000 add byte ptr [eax],al ds:0023:718ff63b=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0x8E
PROCESS_NAME: bma.exe
CURRENT_IRQL: 0
MISALIGNED_IP:
afd!AfdTransmitFile+50a
b9ef19a1 0000 add byte ptr [eax],al
LAST_CONTROL_TRANSFER: from 8092b332 to b9ef19a1
STACK_TEXT:
b7a05c5c 8092b332 895c8028 00000001 0124f9c0 afd!AfdTransmitFile+0x50a
b7a05d00 8092b564 00000730 0000073c 00000000 nt!IopXxxControlFile+0x255
b7a05d34 80833bef 00000730 0000073c 00000000 nt!NtDeviceIoControlFile+0x2a
b7a05d34 7c82860c 00000730 0000073c 00000000 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0124f9c8 00000000 00000000 00000000 00000000 0x7c82860c
STACK_COMMAND: kb
FOLLOWUP_IP:
afd!AfdTransmitFile+50a
b9ef19a1 0000 add byte ptr [eax],al
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: afd!AfdTransmitFile+50a
FOLLOWUP_NAME: MachineOwner
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: hardware
IMAGE_NAME: hardware
FAILURE_BUCKET_ID: IP_MISALIGNED
BUCKET_ID: IP_MISALIGNED
Followup: MachineOwner
---------
BSOD usually happens when running a backup using Data Protector. I have spoken to them and they claim that it is not there product causing the issue. It is obviously triggering the issues, but cannot figure out why. Bios/firmware updated about a year ago. I greatly appreciate any help.
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Loading Dump File [C:\WINDOWS\Minidump\Mini070809-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: msdl
Executable search path is:
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs) Free x86 compatible
Product: LanManNt, suite: TerminalServer SingleUserTS
Built by: 3790.srv03_sp2_gdr.090319-1204
Machine Name:
Kernel base = 0x80800000 PsLoadedModuleList = 0x808af9c8
Debug session time: Wed Jul 8 09:28:58.521 2009 (GMT-6)
System Uptime: 1 days 0:31:53.448
Loading Kernel Symbols
...............................................................
........................................................
Loading User Symbols
Loading unloaded module list
................
Unable to load image navex15.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for navex15.sys
*** ERROR: Module load completed but symbols could not be loaded for navex15.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, b73d51ba, b7936500, 0}
Probably caused by : navex15.sys ( navex15+5f1ba )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: b73d51ba, The address that the exception occurred at
Arg3: b7936500, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
navex15+5f1ba
b73d51ba ffb1c83a0000 push dword ptr [ecx+3AC8h]
TRAP_FRAME: b7936500 -- (.trap 0xffffffffb7936500)
ErrCode = 00000000
eax=00000000 ebx=e4658010 ecx=00000000 edx=00000000 esi=e8390caa edi=e838e2a9
eip=b73d51ba esp=b7936574 ebp=b7936590 iopl=0 nv up ei pl nz ac po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010213
navex15+0x5f1ba:
b73d51ba ffb1c83a0000 push dword ptr [ecx+3AC8h] ds:0023:00003ac8=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0x8E
PROCESS_NAME: vbda.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from b73d466e to b73d51ba
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
b7936590 b73d466e e838d008 1e658010 e838e2a9 navex15+0x5f1ba
b79365bc b73d4707 b79365e0 e87f43e8 00000001 navex15+0x5e66e
b79365d8 b73a07c4 e838d008 000000ff b79366ac navex15+0x5e707
b7936608 b73a2e38 e87f43f4 e9dd9acd b79366ac navex15+0x2a7c4
b79366b4 b73a344e e5791570 e6d6c870 e9dd9acd navex15+0x2ce38
b7936774 8089c347 b79367d4 00000000 00000004 navex15+0x2d44e
b79367c4 00000000 e5791570 00000000 e6d6c870 nt!ExFreePoolWithTag+0x21a
STACK_COMMAND: kb
FOLLOWUP_IP:
navex15+5f1ba
b73d51ba ffb1c83a0000 push dword ptr [ecx+3AC8h]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: navex15+5f1ba
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: navex15
IMAGE_NAME: navex15.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4994b2c3
FAILURE_BUCKET_ID: 0x8E_navex15+5f1ba
BUCKET_ID: 0x8E_navex15+5f1ba
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini070809-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: msdl
Executable search path is:
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs) Free x86 compatible
Product: LanManNt, suite: TerminalServer SingleUserTS
Built by: 3790.srv03_sp2_gdr.090319-1204
Machine Name:
Kernel base = 0x80800000 PsLoadedModuleList = 0x808af9c8
Debug session time: Wed Jul 8 23:33:09.714 2009 (GMT-6)
System Uptime: 0 days 13:55:55.437
Loading Kernel Symbols
...............................................................
.......................................................
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, b9ef19a1, b7a05a9c, 0}
Probably caused by : hardware ( afd!AfdTransmitFile+50a )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: b9ef19a1, The address that the exception occurred at
Arg3: b7a05a9c, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
afd!AfdTransmitFile+50a
b9ef19a1 0000 add byte ptr [eax],al
TRAP_FRAME: b7a05a9c -- (.trap 0xffffffffb7a05a9c)
ErrCode = 00000002
eax=718ff63b ebx=00000000 ecx=b7a05ca0 edx=00012087 esi=b7a05c9c edi=895c8028
eip=b9ef19a1 esp=b7a05b10 ebp=b7a05c5c iopl=0 ov up ei pl nz ac po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010a13
afd!AfdTransmitFile+0x50a:
b9ef19a1 0000 add byte ptr [eax],al ds:0023:718ff63b=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0x8E
PROCESS_NAME: bma.exe
CURRENT_IRQL: 0
MISALIGNED_IP:
afd!AfdTransmitFile+50a
b9ef19a1 0000 add byte ptr [eax],al
LAST_CONTROL_TRANSFER: from 8092b332 to b9ef19a1
STACK_TEXT:
b7a05c5c 8092b332 895c8028 00000001 0124f9c0 afd!AfdTransmitFile+0x50a
b7a05d00 8092b564 00000730 0000073c 00000000 nt!IopXxxControlFile+0x255
b7a05d34 80833bef 00000730 0000073c 00000000 nt!NtDeviceIoControlFile+0x2a
b7a05d34 7c82860c 00000730 0000073c 00000000 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0124f9c8 00000000 00000000 00000000 00000000 0x7c82860c
STACK_COMMAND: kb
FOLLOWUP_IP:
afd!AfdTransmitFile+50a
b9ef19a1 0000 add byte ptr [eax],al
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: afd!AfdTransmitFile+50a
FOLLOWUP_NAME: MachineOwner
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: hardware
IMAGE_NAME: hardware
FAILURE_BUCKET_ID: IP_MISALIGNED
BUCKET_ID: IP_MISALIGNED
Followup: MachineOwner
---------
BSOD usually happens when running a backup using Data Protector. I have spoken to them and they claim that it is not there product causing the issue. It is obviously triggering the issues, but cannot figure out why. Bios/firmware updated about a year ago. I greatly appreciate any help.
