SCOM agent rebooted the server.
we got one case where the log saying that health service increase the memory utilisaion of the server and which rebooted the server.Please check below debug log. Microsoft (R) Windows Debugger Version 6.11.0001.404 X86 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Documents and Settings\admcontsg\Desktop\Mini022811-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: *** WARNING: Unable to verify checksum for ntkrnlmp.exe Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (8 procs) Free x64 Product: LanManNt, suite: Enterprise TerminalServer SingleUserTS Built by: 3790.srv03_sp2_gdr.100216-1301 Machine Name: Kernel base = 0xfffff800`01000000 PsLoadedModuleList = 0xfffff800`011d4140 Debug session time: Mon Feb 28 17:07:38.688 2011 (GMT+1) System Uptime: 0 days 2:10:03.046 *** WARNING: Unable to verify checksum for ntkrnlmp.exe Loading Kernel Symbols ............................................................... ................................................ Loading User Symbols Loading unloaded module list ........... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck A, {0, 2, 1, fffff800010366bc} Probably caused by : memory_corruption ( nt!MiRemovePageByColor+c5 ) Followup: MachineOwner --------- 7: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 0000000000000000, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000001, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: fffff800010366bc, address which referenced memory Debugging Details: ------------------ WRITE_ADDRESS: 0000000000000000 CURRENT_IRQL: 2 FAULTING_IP: nt!MiRemovePageByColor+c5 fffff800`010366bc 49ff08 dec qword ptr [r8] CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP BUGCHECK_STR: 0xA PROCESS_NAME: HealthService.e TRAP_FRAME: fffffadf8a31b8c0 -- (.trap 0xfffffadf8a31b8c0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000006 rbx=0000000000000000 rcx=0000000000000000 rdx=0000000000000004 rsi=0000000000000000 rdi=0000000000000000 rip=fffff800010366bc rsp=fffffadf8a31ba50 rbp=fffffadf8a31ba80 r8=0000000000000000 r9=0000000000000000 r10=0000000000000000 r11=000000000000003f r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz na po nc nt!MiRemovePageByColor+0xc5: fffff800`010366bc 49ff08 dec qword ptr [r8] ds:1740:00000000`00000000=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff8000102e5b4 to fffff8000102e890 STACK_TEXT: fffffadf`8a31b738 fffff800`0102e5b4 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx fffffadf`8a31b740 fffff800`0102d547 : fffffa80`019d85e0 fffffadf`8b793f9e fffffa80`019d8500 fffffa80`019d8610 : nt!KiBugCheckDispatch+0x74 fffffadf`8a31b8c0 fffff800`010366bc : 00000000`00000080 fffff800`011a98fd 00000000`00000000 fffffadf`9a4bb980 : nt!KiPageFault+0x207 fffffadf`8a31ba50 fffff800`01040248 : 00000000`00000001 00000000`00000004 fffffadf`94afffd0 00000000`00000000 : nt!MiRemovePageByColor+0xc5 fffffadf`8a31bb00 fffff800`0104fbab : fffff680`0005d880 fffff680`0005d888 00000000`00000004 00000000`00000001 : nt!MiRemoveZeroPage+0xb6 fffffadf`8a31bb30 fffff800`01052c0f : 0000007f`ffffffff fffff680`0005d888 00000000`0bb11000 fffffadf`95aa1740 : nt!MiResolveDemandZeroFault+0x1be fffffadf`8a31bba0 fffff800`0102d459 : ffffffff`ffffffff fffffadf`8a31bcf0 00000000`00000001 00000000`00004000 : nt!MmAccessFault+0x1331 fffffadf`8a31bc70 00000000`7863e2fe : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x119 00000000`0a14e9e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7863e2fe STACK_COMMAND: kb FOLLOWUP_IP: nt!MiRemovePageByColor+c5 fffff800`010366bc 49ff08 dec qword ptr [r8] SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: nt!MiRemovePageByColor+c5 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt DEBUG_FLR_IMAGE_TIMESTAMP: 4b7abd06 IMAGE_NAME: memory_corruption FAILURE_BUCKET_ID: X64_0xA_nt!MiRemovePageByColor+c5 BUCKET_ID: X64_0xA_nt!MiRemovePageByColor+c5 Followup: MachineOwner --------- Omkar umarani SCOM STUDENT
March 14th, 2011 10:04pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics