BSOD on Windows 2003 server
Hi
I have problem with bluescreen on an Windows 2003 SP2, it's an virtual server on WMware.
We have received 3 bluescreens on various dates/time from January-June, the last occurred last week.
Cant' see any pattern, they seem to be happening randomly and now last week we got an bluescreen like below, a little bit shorten:
"The problem seems to be caused by the following file: hal.dll
PAGE_FAULT_IN_NONPAGED_AREA
Technical Information:
*** STOP: 0x00000050 (0xbceb5518, 0x00000000, 0xbf8b7fc4, 0x00000000)
*** hal.dll - Address 0x80a601ae base at 0x80a5a000 DateStamp 0x45d6972a"
We have tried to analyze the dumps, but without any luck. And I have been told that the file pointed out in the minidump and kernel dumps are not the root cause file, is that correct? The only way to find out are to use Driver verifier I been told.
Any one have experience of Driver verifier? How much is that slowing down the server and so on? The server we have is business critical 24/7, so we need as little downtime as possible.
Please advice or send information if you had similar problems or have solution to what is causing my problem
*
June 13th, 2012 9:57am
Bug Check Code 0x50: http://msdn.microsoft.com/en-us/library/windows/hardware/ff559023%28v=vs.85%29.aspx
Please start by that:
Update all possible driversUninstall all unused programsRun chkdsk /r /f and sfc /scannowPerform a clean boot: http://support.microsoft.com/kb/929135Disable temporary all security softwares you haveRun memtest86+ to check your RAM. If an error was detected then replace the faulty RAM or contact your manufacturer Technical Support for assistance
If this does not help then use Microsoft Skydrive to upload dump files. Once done, post a link here.
You can also contact Microsoft CSS for assistance.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft
Certified Professional
Microsoft
Certified Systems Administrator: Security
Microsoft
Certified Systems Engineer: Security
Microsoft
Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows 7, Configuring
Microsoft
Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer
Free Windows Admin Tool Kit Click here and download it now
June 13th, 2012 10:04am
Bug Check Code 0x50: http://msdn.microsoft.com/en-us/library/windows/hardware/ff559023%28v=vs.85%29.aspx
Please start by that:
Update all possible driversUninstall all unused programsRun chkdsk /r /f and sfc /scannowPerform a clean boot: http://support.microsoft.com/kb/929135Disable temporary all security softwares you haveRun memtest86+ to check your RAM. If an error was detected then replace the faulty RAM or contact your manufacturer Technical Support for assistance
If this does not help then use Microsoft Skydrive to upload dump files. Once done, post a link here.
You can also contact Microsoft CSS for assistance.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft
Certified Professional
Microsoft
Certified Systems Administrator: Security
Microsoft
Certified Systems Engineer: Security
Microsoft
Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows 7, Configuring
Microsoft
Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer
June 13th, 2012 10:16am
You probably have faulty memory on the host. Download either of the two memory tests (or both if you chose to).
Burn the ISO to a bootable CD and boot. Wait for the check to fully complete.
Depending on the amount of memory you have, the check can take a long time.
If your memory is bad, you will know.
http://www.memtest.org/
http://www.memtest86.com/
Free Windows Admin Tool Kit Click here and download it now
June 13th, 2012 11:51am
You probably have faulty memory on the host. Download either of the two memory tests (or both if you chose to).
Burn the ISO to a bootable CD and boot. Wait for the check to fully complete.
Depending on the amount of memory you have, the check can take a long time.
If your memory is bad, you will know.
http://www.memtest.org/
http://www.memtest86.com/
June 13th, 2012 12:04pm
Hi MrX
Thanks for your reply, I will try to check your list. I'll get back if that doesn't help
DarianHawk67,
Not sure that it's memory problem since there are more servers on the same host that works fine, just my server that has these BSOD problems.
Free Windows Admin Tool Kit Click here and download it now
June 18th, 2012 9:11am
Besides to above posts, Analyze the dump files and try to find the file, which is cause of this server shutdown. Based on the files you can go for new HW drivers update and new hot fixes.
Below links are for your reference while analyzing dump file:
for dump file analysis download windebuger SW and analyze the *.dmp file to know the cause of server shutdown.Links for the software: https://skydrive.live.com/#cid=63D5AB5243DB43E7&id=63D5AB5243DB43E7%21120 or http://www.windbg.org/
Another link for the steps to analyse a dmp file: http://blogs.technet.com/b/askcore/archive/2008/11/01/how-to-debug-kernel-mode-blue-screen-crashes-for-beginners.aspx#3476888
Regards, Ravikumar P
June 18th, 2012 9:32am
Hi Ravikumar
Thanks, I tried analyzing that but it points out ntkrnlmp.exe, could that be updated?. Im a beginner of analyzing dump files, can you see any more helpful of the below end of the dump file?
1: kd> lmvm nt
start end module name
fffff800`01650000 fffff800`01c39000 nt (pdb symbols) e:\localsymbols\ntkrnlmp.pdb\47F5C3BF9E0A493C9F63BB8F6413358B2\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Timestamp: Thu Jun 23 04:53:23 2011 (4E02AAA3)
CheckSum: 0055C228
ImageSize: 005E9000
File version: 6.1.7601.17640
Product version: 6.1.7601.17640
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft Windows Operating System
InternalName: ntkrnlmp.exe
OriginalFilename: ntkrnlmp.exe
ProductVersion: 6.1.7601.17640
FileVersion: 6.1.7601.17640 (win7sp1_gdr.110622-1506)
FileDescription: NT Kernel & System
LegalCopyright: Microsoft Corporation. All rights reserved.
/ Peter
Free Windows Admin Tool Kit Click here and download it now
June 18th, 2012 10:04am
Hello Peter,
Since
ntkrnlmp.exe is cause of server Shutdown, I suggest you check similar kind of thread
http://social.technet.microsoft.com/forums/en-us/winservergen/thread/C35A9FAD-8295-4D9E-9CB4-AB7E1217C234
Regards, Ravikumar P
June 18th, 2012 11:03am
Hi
Is the file that's been pointed out always the root cause of the BSOD or is it just something that the server happens to work with at the moment for the crash? Just curious because when we had the last BSOD on the same server, then the win32k.sys was pointed
out:
1: kd> lmvm win32k
start end module name
bf800000 bf9d3000 win32k # (pdb symbols) e:\localsymbols\win32k.pdb\1CA75636FDF14F51BBE43F62E30BB72D2\win32k.pdb
Loaded symbol image file: win32k.sys
Mapped memory image file: e:\localsymbols\win32k.sys\4F2A984F1d3000\win32k.sys
Image path: win32k.sys
Image name: win32k.sys
Timestamp: Thu Feb 02 15:06:07 2012 (4F2A984F)
CheckSum: 001D5B5B
ImageSize: 001D3000
File version: 5.2.3790.4959
Product version: 5.2.3790.4959
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0416.04b0
CompanyName: Microsoft Corporation
ProductName: Sistema operacional Microsoft Windows
InternalName: win32k.sys
OriginalFilename: win32k.sys
ProductVersion: 5.2.3790.4959
FileVersion: 5.2.3790.4959 (srv03_sp2_gdr.120202-0234)
FileDescription: Driver Win32 multiusurio
LegalCopyright: Microsoft Corporation. Todos os direitos reservados.
/ Peter
Free Windows Admin Tool Kit Click here and download it now
June 19th, 2012 3:21am
Hello Peter,
I agree with you. But analyze the latest dump file and try to find out the file, which is cause of the BSOD. Based on the file (either *.sys or *.exe) we can go for hot fix or driver updates etc.
Regards, Ravikumar P
June 19th, 2012 4:40am
Thanks, I mixed up the dump files, the latest are the one that points out win32k.sys. I will search for similar problems with that file and see if there are any update/hotfix that will match
Regards,
Peter
Free Windows Admin Tool Kit Click here and download it now
June 19th, 2012 5:19am
Try this link for win32k.sys issue http://support.microsoft.com/kb/907966Regards, Ravikumar P
June 19th, 2012 5:46am
Thanks for the tip Ravikumar, but I am afraid it don't apply to my problem.
I have a different stop code, STOP: 0x00000050 instead of STOP: 0x0000008E that is mention in that article.
If we suggest that it is some problem with win32k.sys and that need to be updated, we patched our server not long ago and have win32k.sys version 5.2.3790.4959, anyone know if that is the latest version? Tried to google that, but with no luck.
/ P
Free Windows Admin Tool Kit Click here and download it now
June 19th, 2012 8:29am
Hello Peter,
According to your previous post, the version of win32k.sys is 5.2.3790.4959 and it is released on March 13,
2012. Concerning link is http://support.microsoft.com/kb/2641653
please check latest updates link
http://support.microsoft.com/kb/2711167 .
Regards, Ravikumar P
June 19th, 2012 9:56am
Besides, you can find latest security updates in MS bulletin link: http://technet.microsoft.com/en-us/security/bulletin/Regards, Ravikumar P
Free Windows Admin Tool Kit Click here and download it now
June 19th, 2012 10:31am
Yes, that's correct about the win32k.sys version. The thing that puzzles me is that we had the "same" bluescreen in January before we patched the server, pointing out win32k.sys but then with version 5.2.3790.4872.
But it could be worth to try to patch it again.
June 19th, 2012 10:46am