I recently did an inplace upgrader to 2008 server. Since then the server keep crashing. please help Microsoft (R) Windows Debugger Version 6.12.0002.633 X86 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [\\bcc-dc3\public\users\jciufo\log\MEMORY.DMP] Kernel Summary Dump File: Only kernel address space is available WARNING: Whitespace at end of path element Symbol search path is: http://msdl.microsoft.com/download/symbols Executable search path is: Windows Server 2008/Windows Vista Kernel Version 6001 (Service Pack 1) MP (4 procs) Free x86 compatible Product: LanManNt, suite: TerminalServer Built by: 6001.18538.x86fre.vistasp1_gdr.101014-0432 Machine Name: Kernel base = 0x81c4f000 PsLoadedModuleList = 0x81d5c930 Debug session time: Thu Mar 17 12:05:10.062 2011 (UTC - 4:00) System Uptime: 0 days 0:29:26.671 Loading Kernel Symbols ............................................................... ................................................................ .... Loading User Symbols Loading unloaded module list ...... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck D1, {0, 2, 0, 82e96973} Probably caused by : NETIO.SYS ( NETIO!NetioDereferenceNetBufferList+68 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 00000000, memory referenced Arg2: 00000002, IRQL Arg3: 00000000, value 0 = read operation, 1 = write operation Arg4: 82e96973, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: 00000000 CURRENT_IRQL: 2 FAULTING_IP: tcpip!FlpReturnNetBufferListChain+38 82e96973 8b08 mov ecx,dword ptr [eax] DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xD1 PROCESS_NAME: System TRAP_FRAME: 81d3b990 -- (.trap 0xffffffff81d3b990) ErrCode = 00000000 eax=00000000 ebx=85439920 ecx=29db0004 edx=29da0003 esi=853096a0 edi=fffff71c eip=82e96973 esp=81d3ba04 ebp=81d3ba18 iopl=0 nv up ei ng nz na po nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282 tcpip!FlpReturnNetBufferListChain+0x38: 82e96973 8b08 mov ecx,dword ptr [eax] ds:0023:00000000=???????? Resetting default scope LAST_CONTROL_TRANSFER: from 82e96973 to 81ca9cc4 STACK_TEXT: 81d3b990 82e96973 badb0d00 29da0003 81d47ea0 nt!KiTrap0E+0x2ac 81d3ba18 82b03dda 85309618 00000001 00000000 tcpip!FlpReturnNetBufferListChain+0x38 81d3ba38 82b05118 96ba8018 00000000 00000000 NETIO!NetioDereferenceNetBufferList+0x68 81d3ba68 82e97c50 85555bd0 00000000 00000001 NETIO!NetioDereferenceNetBufferListChain+0x3a 81d3ba88 82ecd686 96aad2c0 00000000 00000000 tcpip!IppCompleteAndFreePacketList+0xbf 81d3baa0 82ecdd6c 84d6a008 00000000 81d3bb2c tcpip!IppCleanupMfe+0x53 81d3bab0 82e9520d 8690b258 84d6a020 84d6a008 tcpip!IppDereferenceMfe+0x1c 81d3bb2c 82e9572a 84d6a008 82ef1ca8 81d3bb94 tcpip!IppMfeSetTimeOut+0xb1 81d3bb50 82e95896 82ef1ca8 82f028e0 81d3bc88 tcpip!IppCompartmentSetTimeout+0x96 81d3bb60 82e94fd0 82ef1ca8 81cba2a0 82f02920 tcpip!IppProtocolTimeout+0xf 81d3bb68 81cba2a0 82f02920 00000000 17464868 tcpip!IppTimeout+0x3c 81d3bc88 81cb9ed6 81d3bcd0 00000002 81d3bcd8 nt!KiTimerListExpire+0x367 81d3bce8 81cb9a23 00000000 00000000 0001b9aa nt!KiTimerExpiration+0x2a0 81d3bd50 81cb855d 00000000 0000000e 00000000 nt!KiRetireDpcList+0xba 81d3bd54 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x49 STACK_COMMAND: kb FOLLOWUP_IP: NETIO!NetioDereferenceNetBufferList+68 82b03dda 85ff test edi,edi SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: NETIO!NetioDereferenceNetBufferList+68 FOLLOWUP_NAME: MachineOwner MODULE_NAME: NETIO IMAGE_NAME: NETIO.SYS DEBUG_FLR_IMAGE_TIMESTAMP: 4c18d6bc FAILURE_BUCKET_ID: 0xD1_NETIO!NetioDereferenceNetBufferList+68 BUCKET_ID: 0xD1_NETIO!NetioDereferenceNetBufferList+68 Followup: MachineOwner ---------

Bug Check Code 0xD1: The DRIVER_IRQL_NOT_LESS_OR_EQUAL bug check has a value of 0x000000D1. This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high. For more information, refer to this Microsoft article. IMAGE_NAME: NETIO.SYS Do you have zone alarm installed? If yes, this is the cause of your problem. So, uninstall it. If not, there should be another installed program that is causing this problem. AFAIK, disabling NetBIOS over TCP/IP will also solve the problem but I recommand to you to find this problem as I don't have enough information to identify the suspected program. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

I don't have zone alorm installed. I disabled netbios and will post again if it blue screens

It is still crashing after disabling netbios

Please use Microsoft Skydrive to upload dump files and post a link here. It should be an installed application / driver that is causing that. Please perform full scan on your disks to delete possible malware programs. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

Hi, Please refer to the following Microsoft KB article and apply the hotfix to update the Netio.sys file. A Windows Filtering Platform (WFP) driver hotfix rollup package is available for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 http://support.microsoft.com/kb/981889 If it cannot fix the issue, I also would like to suggest you update the network card driver from the manufacturer to check the result. Regards, Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

in addition to Arthur if you are not able to solve the issue please contact Microsoft Customer Service directly so that the memory dump file can be analyzed and this issue can be resolved efficiently. You may obtain the phone numbers for specific technology request please take a look at the web site listed below: https://support.microsoft.com/common/international.aspx?iid=174859&iguid=56907522-6886-4238-a70f-a1d06a4473c7_2_2&rdpath=1http://www.virmansec.com/blogs/skhairuddin