Hi There, We are having an issue with a Windows 2008 SP2 Server that is bluescreening randomly. I have analysed the memory dump created at the time however I'm having problems deciphering the output. Can you please assist Event Log Log Name: System Source: Microsoft-Windows-WER-SystemErrorReporting Date: 30/03/11 2:48:31 PM Event ID: 1001 Task Category: None Level: Information Keywords: Classic User: N/A Computer: CRDCTX03 Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x00000020, 0x9b112498, 0x9b112510, 0x080f0015). A dump was saved in: C:\Windows\MEMORY.DMP. Windb Logs Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\timi\Desktop\Credo\MEMORY.DMP] Kernel Summary Dump File: Only kernel address space is available Symbol search path is: http://msdl.microsoft.com/download/symbols Executable search path is: Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x86 compatible Product: Server, suite: TerminalServer Built by: 6002.22420.x86fre.vistasp2_ldr.100608-0458 Machine Name: Kernel base = 0x8181e000 PsLoadedModuleList = 0x81936c70 Debug session time: Wed Mar 30 14:46:31.282 2011 (UTC + 11:00) System Uptime: 12 days 14:45:00.233 Loading Kernel Symbols ............................................................... ................................................................ ................. Loading User Symbols Loading unloaded module list .................................................. ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 19, {20, 9b112498, 9b112510, 80f0015} Probably caused by : ntkrpamp.exe ( nt!ExFreePoolWithTag+17f ) Followup: MachineOwner --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* BAD_POOL_HEADER (19) The pool is already corrupt at the time of the current request. This may or may not be due to the caller. The internal pool links must be walked to figure out a possible cause of the problem, and then special pool applied to the suspect tags or the driver verifier to a suspect driver. Arguments: Arg1: 00000020, a pool block header size is corrupt. Arg2: 9b112498, The pool entry we were looking for within the page. Arg3: 9b112510, The next pool entry. Arg4: 080f0015, (reserved) Debugging Details: ------------------ BUGCHECK_STR: 0x19_20 POOL_ADDRESS: 9b112498 Nonpaged pool DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: System CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from 8190c184 to 818ebcc7 STACK_TEXT: 8d5f366c 8190c184 00000019 00000020 9b112498 nt!KeBugCheckEx+0x1e 8d5f36e0 81990709 9b1124a0 00000000 8192113c nt!ExFreePoolWithTag+0x17f 8d5f3d44 818c3fd2 00000000 00000000 84da32d8 nt!IopErrorLogThread+0x302 8d5f3d7c 819f4c30 00000000 29046b44 00000000 nt!ExpWorkerThread+0xfd 8d5f3dc0 8185d106 818c3ed5 00000001 00000000 nt!PspSystemThreadStartup+0x9d 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 STACK_COMMAND: kb FOLLOWUP_IP: nt!ExFreePoolWithTag+17f 8190c184 cc int 3 SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: nt!ExFreePoolWithTag+17f FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrpamp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4c0e59a5 FAILURE_BUCKET_ID: 0x19_20_nt!ExFreePoolWithTag+17f BUCKET_ID: 0x19_20_nt!ExFreePoolWithTag+17f Followup: MachineOwner --------- We have a feeling that this is being caused by a bad driver however were not sure what area to look in. Thanks Tim

Bug Check Code 0x19: http://msdn.microsoft.com/en-us/library/ff557389(VS.85).aspx From what you posted, I am unable to determine the faulty driver (if it is a driver problem). So, please update all possible drivers and then if the BSOD persists, upload new dump files using Microsoft Skydrive and post a link here. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

Hi, Please perform Mr X’s suggestion. If the issue continues, I would like to suggest that you contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request because it seems to be system crash issue and we need to analyze the crash dump file to narrow down the root cause of the issue. However unfortunately, it is not effective for us to debug the crash dump file here in the forum. To obtain the phone numbers for specific technology request please take a look at the web site listed below: http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607 Hope the issue will be resolved soon. Best Regards, Vincent Hu