We have a new server running Windows Server 2008 R2 SP1. It is randomly throughout the day getting the BSOD. I have checked the dump file and used blue screen viewer to see that it's being caused by driver ntoskrnl.exe. I have spoken to the hardware manufacturers who have cleared any possible hw issues. Checking a few forums it seems memory is big cause for this but all types of memory tests are passing. Here's a few more details on the dump file: Bug Check String: PFN_LIST_CORRUPT Bug Check Error code: 0x0000004e Parameter 1: 00000000`0000008d Parameter 2: 00000000`00026336 Parameter 3: 00000000`00410001 Parameter 4: fffff8a0`096b8591 Caused by Address: ntoskrnl.exe+7fd00 Product Name: Microsoft® Windows® Operating System File version: 6.1.7600.16792 (win7_gdr.110408-1633) Crash address: ntoskrnl.exe+7fd00 Does anyone have any ideas?

check this http://msdn.microsoft.com/en-us/library/ff559014%28v=vs.85%29.aspx if the above link doesn't helps then you should contact Microsoft Customer Support Service (CSS) for more help To obtain the phone numbers for specific technology request, please refer to the website listed below: http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS If you are outside the US, please refer to http://support.microsoft.comhttp://www.virmansec.com/blogs/skhairuddin

You are confused, the ntoskrnl.exe is the kernel, not a driver: http://en.wikipedia.org/wiki/Ntoskrnl A driver caused the kernel to Blue Screen. There are multiple sites that can help guide you through the troubleshooting of a BSOD, just Bing for them: http://www.aoaforums.com/forum/aoa-faq/11666-guide-troubleshooting-blue-screen-bsod-errors.html -- Paul Bergson MVP - Directory Services MCITP: Enterprise Administrator MCTS, MCT, MCSE, MCSA, Security+, BS CSci 2008, Vista, 2003, 2000 (Early Achiever), NT4 http://www.pbbergs.com Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

Bug Check Code 0x4E: http://msdn.microsoft.com/en-us/library/ff559014(VS.85).aspx Please use Microsoft Skydrive to upload dump files (c:\windows\minidumps). Once done, post a link here. You can also contact Microsoft CSS. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator

You are confused, the ntoskrnl.exe is the kernel, not a driver: http://en.wikipedia.org/wiki/Ntoskrnl A driver caused the kernel to Blue Screen. There are multiple sites that can help guide you through the troubleshooting of a BSOD, just Bing for them: http://www.aoaforums.com/forum/aoa-faq/11666-guide-troubleshooting-blue-screen-bsod-errors.html -- Paul Bergson MVP - Directory Services MCITP: Enterprise Administrator MCTS, MCT, MCSE, MCSA, Security+, BS CSci 2008, Vista, 2003, 2000 (Early Achiever), NT4 http://www.pbbergs.com Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights. Hello Paul, I think that this is the output of Windbg (Microsoft Windows Debugger). Sometimes it shows ntoskrnl.exe as the cause of the BSOD (Possible a problem with the used symbols). We should get dump files to determine the exact cause of the problem. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator

Did you mean to refer to Craig? I agree that it is a Debug dump and not the o/s kernel. -- Paul Bergson MVP - Directory Services MCITP: Enterprise Administrator MCTS, MCT, MCSE, MCSA, Security+, BS CSci 2008, Vista, 2003, 2000 (Early Achiever), NT4 http://www.pbbergs.com Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

Did you mean to refer to Craig? I agree that it is a Debug dump and not the o/s kernel. -- Paul Bergson MVP - Directory Services MCITP: Enterprise Administrator MCTS, MCT, MCSE, MCSA, Security+, BS CSci 2008, Vista, 2003, 2000 (Early Achiever), NT4 http://www.pbbergs.com Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights. You said that what Craig posted is confusing then yes you are right. I just wanted to specify that in some cases if Windbg has wrong symbols, it will show ntoskrnl.exe as the cause of the problem but here it is not the cause of the problem. We should get dump files to determine the real cause of the problem as what Graig posted will reveal nothing. Regards :) This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator

Thanks for you responses. Using the bluescreen viewer to see the dump file created in c:\windows\minidump is shows the following This is the latest BSOD which happened a short while ago Craig Brand

Hello again, please upload c:\Windows\Minidump\080111-20373-01.dmp file using Microsoft Skydrive. Once done, post a link here so that I download it and I determine the cause of the problem. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator

https://skydrive.live.com/?cid=33fac2660f7095c5&sc=documents&Bsrc=EMSHOO&Bpub=SN.Notifications&id=33FAC2660F7095C5%21105Craig Brand

******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 0000000000000000, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: fffff800016c6e1f, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800018bd100 0000000000000000 CURRENT_IRQL: 2 FAULTING_IP: nt!MiGatherMappedPages+117 fffff800`016c6e1f 488b09 mov rcx,qword ptr [rcx] CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP BUGCHECK_STR: 0xA PROCESS_NAME: System TRAP_FRAME: fffff880029089c0 -- (.trap 0xfffff880029089c0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000080 rbx=0000000000000000 rcx=0000000000000000 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff800016c6e1f rsp=fffff88002908b50 rbp=fffffa80008cbec0 r8=fffffa8000000008 r9=0000000000000f44 r10=fffff8000160e000 r11=fffff88002908b48 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc nt!MiGatherMappedPages+0x117: fffff800`016c6e1f 488b09 mov rcx,qword ptr [rcx] ds:0062:00000000`00000000=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff8000168d2a9 to fffff8000168dd00 STACK_TEXT: fffff880`02908878 fffff800`0168d2a9 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff880`02908880 fffff800`0168bf20 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`0000000c : nt!KiBugCheckDispatch+0x69 fffff880`029089c0 fffff800`016c6e1f : 00000000`0000000c fffffa80`008cbec0 00000000`00000000 fffffa80`00000062 : nt!KiPageFault+0x260 fffff880`02908b50 fffff800`016c78b8 : 00000000`00000001 fffffa80`2acbe7b0 fffffa80`2acbe848 00000000`0000003c : nt!MiGatherMappedPages+0x117 fffff880`02908c50 fffff800`0192a32e : fffffa80`12af5040 00000000`00000080 fffffa80`12ac3040 00000000`00000000 : nt!MiMappedPageWriter+0x198 fffff880`02908d40 fffff800`0167f666 : fffff880`022e2180 fffffa80`12af5040 fffff880`022ed2c0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a fffff880`02908d80 00000000`00000000 : fffff880`02909000 fffff880`02903000 fffff880`029088d0 00000000`00000000 : nt!KiStartSystemThread+0x16 STACK_COMMAND: kb FOLLOWUP_IP: nt!MiGatherMappedPages+117 fffff800`016c6e1f 488b09 mov rcx,qword ptr [rcx] SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: nt!MiGatherMappedPages+117 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt DEBUG_FLR_IMAGE_TIMESTAMP: 4d9fdd5b IMAGE_NAME: memory_corruption FAILURE_BUCKET_ID: X64_0xA_nt!MiGatherMappedPages+117 BUCKET_ID: X64_0xA_nt!MiGatherMappedPages+117 Followup: MachineOwner --------- --------------------------------------------------------------------- Bug Check Code 0xA: http://msdn.microsoft.com/en-us/library/ff560129(VS.85).aspx Try the mentioned resolution. Also, please: Run memtest86+ to check that all is okay with your RAM Update all possible drivers as I have multiple drivers that have not been updated since 2008 Run msconfig and disable all startup items except Microsoft ones Disable all security softwares that you are using I can not extract more information from the dump as here I need a full dump (c:\windows\MEMORY.DMP). You can also contact Microsoft CSS for more information. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator

Case logged with MS CSSCraig Brand

Hi, I would like to confirm that if there is any update after contact Microsoft Customer Service Support Team? Regards, Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.