Debugging BSOD in forums is out of scope. You can get the debugging tools here if you want to do-it-yourself, else I'd start a case with Microsoft product support. http://msdn.microsoft.com/en-us/windows/hardware/gg463009.aspx Also; How to read the small memory dump files that Windows creates for debugging http://support.microsoft.com/kb/315263 http://msdn.microsoft.com/en-us/library/ff558949(v=vs.85).aspx Regards, Dave Patrick .... Microsoft Certified Professional Microsoft MVP [Windows]

Server keeps blue screening please advise Use !analyze -v to get detailed debugging information. BugCheck 3B, {c0000005, fffff80001805fa5, fffff880051e2ab0, 0} Page ee4fb not present in the dump file. Type ".hh dbgerr004" for details Probably caused by : ntkrnlmp.exe ( nt!ExFreePoolWithTag+215 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. Arguments: Arg1: 00000000c0000005, Exception code that caused the bugcheck Arg2: fffff80001805fa5, Address of the instruction which caused the bugcheck Arg3: fffff880051e2ab0, Address of the context record for the exception that caused the bugcheck Arg4: 0000000000000000, zero. Debugging Details: ------------------ Page ee4fb not present in the dump file. Type ".hh dbgerr004" for details EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. FAULTING_IP: nt!ExFreePoolWithTag+215 fffff800`01805fa5 0fb74110 movzx eax,word ptr [rcx+10h] CONTEXT: fffff880051e2ab0 -- (.cxr 0xfffff880051e2ab0) rax=0000000000000120 rbx=fffff8a0022771a0 rcx=00000000051e3490 rdx=fffff8000184ce80 rsi=0000000000000003 rdi=0000000000000001 rip=fffff80001805fa5 rsp=fffff880051e3490 rbp=0000000000000000 r8=0000000000000003 r9=0000000000000040 r10=fffff8000165a000 r11=000000000000010d r12=0000000000000004 r13=fffff8a0022771b0 r14=0000000000000000 r15=fffffa80033573c0 iopl=0 nv up ei pl nz na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010206 nt!ExFreePoolWithTag+0x215: fffff800`01805fa5 0fb74110 movzx eax,word ptr [rcx+10h] ds:002b:00000000`051e34a0=???? Resetting default scope DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x3B PROCESS_NAME: svchost.exe CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from fffff800019bc5e4 to fffff80001805fa5 STACK_TEXT: fffff880`051e3490 fffff800`019bc5e4 : fffff8a0`013a0380 fffff8a0`013a0380 fffff8a0`624e4d43 fffff880`051e36a0 : nt!ExFreePoolWithTag+0x215 fffff880`051e3540 fffff800`019bc678 : fffff8a0`002e7a70 fffff880`051e3b10 00000000`c157d156 fffff8a0`013a0380 : nt!CmpDereferenceNameControlBlockWithLock+0xdc fffff880`051e3570 fffff800`0199c71f : 00000000`00000000 fffff8a0`013a0380 00000000`00000000 fffff8a0`010cc010 : nt!CmpCleanUpKcbCacheWithLock+0x34 fffff880`051e35a0 fffff800`019a19e3 : 00000000`00000000 fffff880`00e8dce0 fffff8a0`013a0380 fffff880`00000002 : nt!CmpDereferenceKeyControlBlockWithLock+0x13f fffff880`051e35d0 fffff800`019d1838 : fffffa80`03e1ba08 fffffa80`00000001 fffffa80`03e1b850 00000000`00000001 : nt!CmpParseKey+0xa53 fffff880`051e38d0 fffff800`019d2a56 : 00000000`00000270 fffffa80`03e1b850 00000000`00000000 fffffa80`03447510 : nt!ObpLookupObjectName+0x588 fffff880`051e39c0 fffff800`019a62bc : 00000000`022b2d00 00000000`00000000 fffff8a0`013aa401 fffff880`051e3aa8 : nt!ObOpenObjectByName+0x306 fffff880`051e3a90 fffff800`019a872f : 00000000`010ae080 00000000`00020019 00000000`010ae108 00000000`00000000 : nt!CmOpenKey+0x28a fffff880`051e3be0 fffff800`016d5ed3 : fffffa80`03dab660 fffff880`051e3ca0 00000000`00000001 00000000`00000000 : nt!NtOpenKeyEx+0xf fffff880`051e3c20 00000000`76e0226a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`010ae018 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76e0226a FOLLOWUP_IP: nt!ExFreePoolWithTag+215 fffff800`01805fa5 0fb74110 movzx eax,word ptr [rcx+10h] SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: nt!ExFreePoolWithTag+215 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3 STACK_COMMAND: .cxr 0xfffff880051e2ab0 ; kb FAILURE_BUCKET_ID: X64_0x3B_nt!ExFreePoolWithTag+215 BUCKET_ID: X64_0x3B_nt!ExFreePoolWithTag+215 Followup: MachineOwner jc

Debugging BSOD in forums is out of scope. You can get the debugging tools here if you want to do-it-yourself, else I'd start a case with Microsoft product support. http://msdn.microsoft.com/en-us/windows/hardware/gg463009.aspx Also; How to read the small memory dump files that Windows creates for debugging http://support.microsoft.com/kb/315263 http://msdn.microsoft.com/en-us/library/ff558949(v=vs.85).aspx Regards, Dave Patrick .... Microsoft Certified Professional Microsoft MVP [Windows]

Please understand that to troubleshoot the blue screen issues, we usually need to perform debugging. However, in this forum, we do not provide debugging support. If you would like to perform debugging, please contact Microsoft Customer Support Service (CSS). To obtain the phone numbers for specific technology request, please refer to the website listed below: http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS If you are outside the US, please refer to http://support.microsoft.com for regional support phone numbers Also try posting it here http://social.technet.microsoft.com/Forums/en/category/windowsvistaitpro http://www.virmansec.com/blogs/skhairuddin