BSOD on Windows 2003 server
Hi I have problem with bluescreen on an Windows 2003 SP2, it's an virtual server on WMware. We have received 3 bluescreens on various dates/time from January-June, the last occurred last week. Cant' see any pattern, they seem to be happening randomly and now last week we got an bluescreen like below, a little bit shorten: "The problem seems to be caused by the following file: hal.dll PAGE_FAULT_IN_NONPAGED_AREA Technical Information: *** STOP: 0x00000050 (0xbceb5518, 0x00000000, 0xbf8b7fc4, 0x00000000) *** hal.dll - Address 0x80a601ae base at 0x80a5a000 DateStamp 0x45d6972a" We have tried to analyze the dumps, but without any luck. And I have been told that the file pointed out in the minidump and kernel dumps are not the root cause file, is that correct? The only way to find out are to use Driver verifier I been told. Any one have experience of Driver verifier? How much is that slowing down the server and so on? The server we have is business critical 24/7, so we need as little downtime as possible. Please advice or send information if you had similar problems or have solution to what is causing my problem *
June 13th, 2012 9:57am

Bug Check Code 0x50: http://msdn.microsoft.com/en-us/library/windows/hardware/ff559023%28v=vs.85%29.aspx Please start by that: Update all possible driversUninstall all unused programsRun chkdsk /r /f and sfc /scannowPerform a clean boot: http://support.microsoft.com/kb/929135Disable temporary all security softwares you haveRun memtest86+ to check your RAM. If an error was detected then replace the faulty RAM or contact your manufacturer Technical Support for assistance If this does not help then use Microsoft Skydrive to upload dump files. Once done, post a link here. You can also contact Microsoft CSS for assistance. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator Microsoft Certified Trainer
Free Windows Admin Tool Kit Click here and download it now
June 13th, 2012 10:04am

Bug Check Code 0x50: http://msdn.microsoft.com/en-us/library/windows/hardware/ff559023%28v=vs.85%29.aspx Please start by that: Update all possible driversUninstall all unused programsRun chkdsk /r /f and sfc /scannowPerform a clean boot: http://support.microsoft.com/kb/929135Disable temporary all security softwares you haveRun memtest86+ to check your RAM. If an error was detected then replace the faulty RAM or contact your manufacturer Technical Support for assistance If this does not help then use Microsoft Skydrive to upload dump files. Once done, post a link here. You can also contact Microsoft CSS for assistance. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator Microsoft Certified Trainer
June 13th, 2012 10:16am

You probably have faulty memory on the host. Download either of the two memory tests (or both if you chose to). Burn the ISO to a bootable CD and boot. Wait for the check to fully complete. Depending on the amount of memory you have, the check can take a long time. If your memory is bad, you will know. http://www.memtest.org/ http://www.memtest86.com/
Free Windows Admin Tool Kit Click here and download it now
June 13th, 2012 11:51am

You probably have faulty memory on the host. Download either of the two memory tests (or both if you chose to). Burn the ISO to a bootable CD and boot. Wait for the check to fully complete. Depending on the amount of memory you have, the check can take a long time. If your memory is bad, you will know. http://www.memtest.org/ http://www.memtest86.com/
June 13th, 2012 12:04pm

Hi MrX Thanks for your reply, I will try to check your list. I'll get back if that doesn't help DarianHawk67, Not sure that it's memory problem since there are more servers on the same host that works fine, just my server that has these BSOD problems.
Free Windows Admin Tool Kit Click here and download it now
June 18th, 2012 9:11am

Besides to above posts, Analyze the dump files and try to find the file, which is cause of this server shutdown. Based on the files you can go for new HW drivers update and new hot fixes. Below links are for your reference while analyzing dump file: for dump file analysis download windebuger SW and analyze the *.dmp file to know the cause of server shutdown.Links for the software: https://skydrive.live.com/#cid=63D5AB5243DB43E7&id=63D5AB5243DB43E7%21120 or http://www.windbg.org/ Another link for the steps to analyse a dmp file: http://blogs.technet.com/b/askcore/archive/2008/11/01/how-to-debug-kernel-mode-blue-screen-crashes-for-beginners.aspx#3476888 Regards, Ravikumar P
June 18th, 2012 9:32am

Hi Ravikumar Thanks, I tried analyzing that but it points out ntkrnlmp.exe, could that be updated?. Im a beginner of analyzing dump files, can you see any more helpful of the below end of the dump file? 1: kd> lmvm nt start end module name fffff800`01650000 fffff800`01c39000 nt (pdb symbols) e:\localsymbols\ntkrnlmp.pdb\47F5C3BF9E0A493C9F63BB8F6413358B2\ntkrnlmp.pdb Loaded symbol image file: ntkrnlmp.exe Image path: ntkrnlmp.exe Image name: ntkrnlmp.exe Timestamp: Thu Jun 23 04:53:23 2011 (4E02AAA3) CheckSum: 0055C228 ImageSize: 005E9000 File version: 6.1.7601.17640 Product version: 6.1.7601.17640 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 1.0 App File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Microsoft Corporation ProductName: Microsoft Windows Operating System InternalName: ntkrnlmp.exe OriginalFilename: ntkrnlmp.exe ProductVersion: 6.1.7601.17640 FileVersion: 6.1.7601.17640 (win7sp1_gdr.110622-1506) FileDescription: NT Kernel & System LegalCopyright: Microsoft Corporation. All rights reserved. / Peter
Free Windows Admin Tool Kit Click here and download it now
June 18th, 2012 10:04am

Hello Peter, Since ntkrnlmp.exe is cause of server Shutdown, I suggest you check similar kind of thread http://social.technet.microsoft.com/forums/en-us/winservergen/thread/C35A9FAD-8295-4D9E-9CB4-AB7E1217C234 Regards, Ravikumar P
June 18th, 2012 11:03am

Hi Is the file that's been pointed out always the root cause of the BSOD or is it just something that the server happens to work with at the moment for the crash? Just curious because when we had the last BSOD on the same server, then the win32k.sys was pointed out: 1: kd> lmvm win32k start end module name bf800000 bf9d3000 win32k # (pdb symbols) e:\localsymbols\win32k.pdb\1CA75636FDF14F51BBE43F62E30BB72D2\win32k.pdb Loaded symbol image file: win32k.sys Mapped memory image file: e:\localsymbols\win32k.sys\4F2A984F1d3000\win32k.sys Image path: win32k.sys Image name: win32k.sys Timestamp: Thu Feb 02 15:06:07 2012 (4F2A984F) CheckSum: 001D5B5B ImageSize: 001D3000 File version: 5.2.3790.4959 Product version: 5.2.3790.4959 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 3.7 Driver File date: 00000000.00000000 Translations: 0416.04b0 CompanyName: Microsoft Corporation ProductName: Sistema operacional Microsoft Windows InternalName: win32k.sys OriginalFilename: win32k.sys ProductVersion: 5.2.3790.4959 FileVersion: 5.2.3790.4959 (srv03_sp2_gdr.120202-0234) FileDescription: Driver Win32 multiusurio LegalCopyright: Microsoft Corporation. Todos os direitos reservados. / Peter
Free Windows Admin Tool Kit Click here and download it now
June 19th, 2012 3:21am

Hello Peter, I agree with you. But analyze the latest dump file and try to find out the file, which is cause of the BSOD. Based on the file (either *.sys or *.exe) we can go for hot fix or driver updates etc. Regards, Ravikumar P
June 19th, 2012 4:40am

Thanks, I mixed up the dump files, the latest are the one that points out win32k.sys. I will search for similar problems with that file and see if there are any update/hotfix that will match Regards, Peter
Free Windows Admin Tool Kit Click here and download it now
June 19th, 2012 5:19am

Try this link for win32k.sys issue http://support.microsoft.com/kb/907966Regards, Ravikumar P
June 19th, 2012 5:46am

Thanks for the tip Ravikumar, but I am afraid it don't apply to my problem. I have a different stop code, STOP: 0x00000050 instead of STOP: 0x0000008E that is mention in that article. If we suggest that it is some problem with win32k.sys and that need to be updated, we patched our server not long ago and have win32k.sys version 5.2.3790.4959, anyone know if that is the latest version? Tried to google that, but with no luck. / P
Free Windows Admin Tool Kit Click here and download it now
June 19th, 2012 8:29am

Hello Peter, According to your previous post, the version of win32k.sys is 5.2.3790.4959 and it is released on March 13, 2012. Concerning link is http://support.microsoft.com/kb/2641653 please check latest updates link http://support.microsoft.com/kb/2711167 . Regards, Ravikumar P
June 19th, 2012 9:56am

Besides, you can find latest security updates in MS bulletin link: http://technet.microsoft.com/en-us/security/bulletin/Regards, Ravikumar P
Free Windows Admin Tool Kit Click here and download it now
June 19th, 2012 10:31am

Yes, that's correct about the win32k.sys version. The thing that puzzles me is that we had the "same" bluescreen in January before we patched the server, pointing out win32k.sys but then with version 5.2.3790.4872. But it could be worth to try to patch it again.
June 19th, 2012 10:46am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics