Crash Dump when connecting to a PC with a new user account!!!

Status
Not open for further replies.
D

Dominique

Posts: 10   +0
Hello,

I am trying to connect remotely to a PC and if the user account has not been used to connect locally before it fails.

I have attached the minidump created for each connection.

C:\Program Files\Support Tools>dumpchk L:\WINNT\Minidump\Mini112707-10.dmp
****************************************************************
**
** Windows 2000 Crash Dump Analysis
**
****************************************************************
*
Filename . . . . . . .L:\WINNT\Minidump\Mini112707-10.dmp
Signature. . . . . . .PAGE
ValidDump. . . . . . .DUMP
MajorVersion . . . . .free system
MinorVersion . . . . .2195
DirectoryTableBase . .0x04d18000
PfnDataBase. . . . . .0x81896000
PsLoadedModuleList . .0x80481580
PsActiveProcessHead. .0x80483008
MachineImageType . . .i386
NumberProcessors . . .1
BugCheckCode . . . . .0x00000050
BugCheckParameter1 . .0xf0ea5fc7
BugCheckParameter2 . .0x00000000
BugCheckParameter3 . .0xa003f6f8
BugCheckParameter4 . .0x00000000

ExceptionCode. . . . .0x80000003
ExceptionFlags . . . .0x00000001
ExceptionAddress . . .0x80449d19



C:\Program Files\Support Tools>
Click to expand...

Where to look?

Thanks
Dom
 
Your dumps are all the same. Win32k.sys

From Microsoft:

"That file (win32k.sys) often indicates a problem with
a service (3rd party remote control services frequently). Start/run
msconfig, go to the services tab. Click the button to hide all Microsoft
Services, look at what is left"...
 
Hello,

It remains our main remote control server:
- Altiris Carbon Copy

What is the next step has this remote control product works on Windows XP?
Any specifics for Windows 2000 to check?

Thanks
 
Windows 2000 and Windows XP are very similar in this respect. The recommendation is to disable the service. Is Windows 2000 updated to SP4?
 
Yes the workstations are in windows 2000 SP4.

I could disable the service for the remote access but there will be no more remote access to 1,500 workstations as Remote desktop is forbidden by the company policies....

Thanks
Dom
 
Hello,

Good idea to upgrade to XP Pro but 1,500 workstations for a State Agency it will take a while to do so.

In the meantime I have tried from CPC guru the following:
1) Download and install the http://www.microsoft.com/whdc/devtoo...nstallx86.mspx
Debugging Tools from Microsoft[/url]
2) Locate your latest memory.dmp file- C:\WINDOWS\ Minidump\Mini081505-01.dmp or whatever
3) open a CMD prompt and cd\program files\debugging tools for windows\
4) type the following stuff:
Code:

c:\program files\debugging tools>kd -z C:\WINDOWS\ Minidump\Mini081505-01.dmp
(it will spew a bunch)
kd> .logopen c:\debuglog.txt
kd> .sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols
kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q

5) You now have a debuglog.txt in c:\, open it in notepad and post the content here
Click to expand...

my new issue is, I am getting errors from the beginning of the debug:

C:\Program Files\Debugging Tools for Windows>kd -y C:"\WINNT\symbols" -z C:\Windows\Minidump\Mini112707-10.dmp

Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\Mini112707-10.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: C:\WINNT\symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.ex
e
Windows 2000 Kernel Version 2195 (Service Pack 4) UP Free x86 compatible
Kernel base = 0x80400000 PsLoadedModuleList = 0x80481580
Debug session time: Tue Nov 27 16:20:49.132 2007 (GMT-8)
System Uptime: not available
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.ex
e
Loading Kernel Symbols
................................................................................
................
Loading User Symbols
Loading unloaded module list
.............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {f0ea5fc7, 0, a003f6f8, 0}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************


Probably caused by : win32k.sys ( win32k+3f6f8 )

Followup: MachineOwner
---------

kd> q
quit:

C:\Program Files\Debugging Tools for Windows>
Click to expand...

I have tried with -y:
C:\WINNT\symbols
C:\WINNT\symbols\dll
C:\WINNT\Driver\i386
C:\WINNT\system32
C:\WINNT\Driver Cache\i386
C:\I386
none

but always the same error about the path to get the symbols!!!

Where should be the symbols in Windows 2000?
 
Hello,

Finally a run which seems to be better:

C:\Program Files\Debugging Tools for Windows>kd -y C:\WINNT\Symbols -z C:\Window
s\Minidump\Mini112707-10.dmp

Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\Mini112707-10.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: C:\WINNT\Symbols
Executable search path is:
*** WARNING: symbols timestamp is wrong 0x45ec3c8f 0x3ee6c002 for ntoskrnl.exe
Windows 2000 Kernel Version 2195 (Service Pack 4) UP Free x86 compatible
Kernel base = 0x80400000 PsLoadedModuleList = 0x80481580
Debug session time: Tue Nov 27 16:20:49.132 2007 (GMT-8)
System Uptime: not available
*** WARNING: symbols timestamp is wrong 0x45ec3c8f 0x3ee6c002 for ntoskrnl.exe
Loading Kernel Symbols
................................................................................
................
Loading User Symbols
Loading unloaded module list
.............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {f0ea5fc7, 0, a003f6f8, 0}

Unable to load image win32k.sys, Win32 error 0n2
*** WARNING: symbols timestamp is wrong 0x45ed063d 0x3eb1ea3c for win32k.sys

Could not read faulting driver name
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************


Probably caused by : VGA.dll ( VGA+f14 )

Followup: MachineOwner
---------
Click to expand...

Let me know what is worng?
 
Hello,

I updated the driver Intel[R] 82845G/GL/GE/PE/GV Graphics Controller from 12/16/2003 6.14.10.3732 to 6/21/2005 6.14.10.4342

and everything works now. I am waiting more user to test and confirm.

Thanks
 
Because Microsoft web site does not have your version W2K symbol deugging information as your version is at 2003. You are unable to format the stack trace. If you want to format the stack trace, you have to take w2K kernel or full memory dump. If the crash is at the win32k.sys, it may be related to related to graphical card device driver, faulty ram or fautly video card. We need the stack trace to confirm the culprit. For your case it is confirmed the culprit is graphical routine.

FYI
A sample stack trace for faulty graphical video driver crash at win32k.sys.

BugCheck 10000050, {e1bd70ac, 0, bf84dceb, 1}
Probably caused by : win32k.sys ( win32k!IFIOBJR::IFIOBJR+63 )

STACK_TEXT:
f2107c24 bf84d7c4 e2bd2f18 f2107cd4 f2107ce0 win32k!IFIOBJR::IFIOBJR+0x63
f2107c7c bf84db0d f2107cd4 f2107ce0 f2107cf4 win32k!bIFIMetricsToTextMetricWStrict+0x1e
f2107ca0 bf83aae0 f2107cd4 f2107ce0 f2107cf4 win32k!bIFIMetricsToTextMetricW+0x1c
f2107cbc bf83a9df f2107cd4 f2107ce0 f2107cf4 win32k!bGetTextMetrics+0x75
f2107cd8 bf83aa3a e32e59c8 f2107cf4 f2107d64 win32k!GreGetTextMetricsW+0x3d
f2107d50 804dd99f a7210439 0012ede4 00000044 win32k!NtGdiGetTextMetricsW+0x20
f2107d50 7c90eb94 a7210439 0012ede4 00000044 nt!KiFastCallEntry+0xfc
 
Status
Not open for further replies.

Similar threads

B
BSOD, repeats every few days. Error code and copy/paste savedumps inside
Replies
19
Views
4K
Route44
Route44
A
  • Locked
BSOD error message Event ID 1001
Replies
3
Views
4K
B00kWyrm
B00kWyrm
P
  • Locked
0x100000d1 ,0x1000008e,0x1000000a
Replies
2
Views
3K
Route44
Route44

Latest posts

Back