Hi there, I have a server with Windows Server 2008 R2 Enterprise. Its also a DC, File Server and Hyper-V server. I know, that's a lot, but it is my home server for testing and learning. The server has 8 GB RAM and an Intel Quad Processor at 2 GHz. It has one SATA disk for the OS, two SATA disks in RAID 1 (by mirroring by the OS, not hardware) for my data and one big disk for my VM's, VHD's and my SCVMM Library. Al was working fine until a few days ago. On 07/27/2010 I just worked at home and trained a lot with my VM's. I mostly do that by connecting to the server by RDP from my laptop. On 07/28/2010 I worked at the office and I had to look up something in the configuration of my VM's at home. I do that by the LogMeIn web service. So I woke up my server, connected to it and started remote control. I use that method regulary. But this time the login screen popped up like normal and I entered my credentials. There was the Welcome screen and then everything freezed. After quite a while the server reappeared in LogMeIN. Another try gives the same result. When I came home that evening I went to my server at my attic room and it was powered on and seemed to function normally. So I went to my laptop and started RDP. I entered my credentials and did see the server welcome screen, and then it locked and I loose my RDP connection. Back to the attic room at the server console I did see the BSOD! After restart the server came up. All seemed fine again. I press Ctrl-Alt-Del and entered my credentials at the console. After several seconds on the Welcome screen the Blue Screen appears, REGISTRY_ERROR (code 0x00..0051). I can start and login in Save Mode. In normal Mode I can't try to log in with a local admin account, because it is a Domain Controller (so no local users at all). So, what's wrong? I did not install new hardware, no new drivers, the last Windows Update was several days ago. (But during one of the attempts the server beeped while restarting and there was no video. So I reseated my video card and after that the server booted fine) I decided to restore my last System State. It was created on 07/26/2010 by a scheduled Windows Server Backup to an USB-disk. After the restore the server started fine, and again all seems nice. Until I log on. There it is again, the BSOD... This time error 0x0...050 (page_fault in non-paged_area). As long as I don't log in, all seems to work fine. I can reach the file shares, I can use the Hyper-V VM's. I can't manage AD Users and Computers via RSAT, but perhaps that's because I didn't configure the Remote Management in the firewall. I always use RDP to manage the server itself. And I can't configure the server firewall while in Save Mode. OK, sorry. I see now that this is quite a long story. But now I'm out of options...

Hi, Do you want to upload the files in C:\Windows\Minidump to skydrive, instructions here http://cid-8f63f3f375a57b50.office.live.com/self.aspx/.Public/PublicFile.txt and someone with the Debugging Tools for Windows can take a look at them to help you determine the cause. -- Mike Burr

Thanks for your reaction. First I could not find the MEMORY.DMP, it should be in C:\Windows\Minidump indeed. The registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl the value name MinidumpDir has as data: %SystemRoot%\Minidump, but the Control Panel\System\Advanced, Startup and Recovery is set to %SystemRoot%\MEMORY.DMP. The type was set to 'Kernal Memory Dump' And there is was. So I uploaded it, but the maximum is 50 MB, so I had to compress it to a .rar file. The link to my Public share is <iframe title ="Preview" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" style="width:98px;height:115px;padding:0;background-color:#fcfcfc;" src="http://cid-6eba269bbd6cc816.office.live.com/embedicon.aspx/.Public"></iframe>

Hi, I am sorry but we cannot help you analyze the dump file in forum. To trouble shoot this problem efficiently, I suggest that you speak directly with a Microsoft Support Professional so that the crash dump can be analyzed. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, please go to the following address on the World Wide Web: http://support.microsoft.com/directory/overview.asp Thanks for your understanding.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

hi , I respect Joson suggestion of contacting microsoft professional for diagonizing and finding out the root cause of the problem. If you dont opt microsoft assistance , then the first thing i would look at is a) stop error code , do a search in the microsoft website or post it here b) use windbg utility to analyze the dump , the first command you have to know is !anlayze -v whch will give you detailed verbose output which will be helpful to identify the .sys file Please understand that beyond this you need MS professional to debug your issue.

Hi, When I opened this in WinDbg, it gave the following stop error. This may indicate IO problems on the system drives (such as a disk or controller) or indicate registry corruption from some other source. It appears that the kernel memory dump that was generated is partially corrupt and we could not get a stack trace, so I could not find the faulting module. If it is related to a filesystem issue, then it may be possible to use chkdsk /r from an administrative command prompt to correct filesystem errors. Otherwise, it might be worth doing some detailed hardware diagnostics to determine if it is hardware related. Also, for portability of memory dumps and having others analyze them, it is usually possible to get enough information from a small memory dump rather than a full kernel memory dump, http://support.microsoft.com/kb/254649 More information about this error, http://msdn.microsoft.com/en-us/library/ff559026(VS.85).aspx ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* REGISTRY_ERROR (51) Something has gone badly wrong with the registry. If a kernel debugger is available, get a stack trace. It can also indicate that the registry got an I/O error while trying to read one of its files, so it can be caused by hardware problems or filesystem corruption. It may occur due to a failure in a refresh operation, which is used only in by the security system, and then only when resource limits are encountered. Arguments: Arg1: 0000000000000001, (reserved) Arg2: fffff8a000024010, (reserved) Arg3: 00000000010f5000, depends on where Windows bugchecked, may be pointer to hive Arg4: 0000000000000374, depends on where Windows bugchecked, may be return code of HvCheckHive if the hive is corrupt. -- Mike Burr

Hi there, Thank you all for your replies, especially Mike Burr. In my hunt for articles about this problem I found articles about possible video driver problems. So I started the server in Save Mode and started msinfo32. Under Components, Display I found which drivers were installed and which .inf files were used for them: oem4.inf and imimirr.inf. Then I started Device Manager. I looked under Display adapters and found two: An Nvidea adapter and a LogMeIn Mirror adapter. I uninstalled both. Then I went to the \Windows\Inf folder and looked for the two .inf files. The imimirr.inf was already gone and I renamed the oef4.inf to oem4.inf.old to prevent that the PnP reused that info. I also uninstalled the LogMeIn software, just to be sure. Then I restarted the server in normal mode. This time I could log in normally. The PnP system installed a standard VGA display, which is fine enough for a server console. After working for a while and after several restarts and logging in, I decided to reinstall LogMeIn. And still no problems. A positive effect is that I now learned to use the Windows debugger. Mike, in my frustration I’m afraid that I hard rebooted my server before the memory dump reached the 100 % status, so the file must be truncated. Sorry for that. Thanks for your suggestion to set it to ‘Small memory dump’. I will keep the setting ‘Kernel memory dump’ for now, but I will set it to Small if I want to generate a small version, in case I want to debug it or send it to someone.