SBS 2003 Constant Crashing with Bugcheck 0xA and 0xDE
I have an SBS 2003 SP2 server that has started having constant crashing issues, more than twice a day. After analyzing the crash dumps, I am puzzled as to what could be causing the server to crash. The crashes are either 0xA or 0xDE bugcheck
errors. Server is completely up-to-date and drivers are up-to-date. Server also passes a MemTest86 test and Microsoft's memory test utility. Maintenance was performed on the server a few weeks ago prior to crashes (BIOS updates, drivers updates,
etc), but the crashes started occurring a few weeks after.
The server is a Dell PowerEdge 830 server. I have linked to the mini-dumps below, but I can provide full kernel dumps as well. Perhaps someone with a better understanding of kernel dumps could help pinpoint the root cause of the crashes, since
I'm about to throw up my hands in defeat. Thanks so much! :)
Link to Dumps: http://sdrv.ms/T3lnMz
July 27th, 2012 4:38pm
About to run Driver Verifier on the server, as I've exhausted other probable causes including DEP, RAM, and applications. Will update this thread of results.
Free Windows Admin Tool Kit Click here and download it now
August 1st, 2012 10:10am
Can you place the dumps in a location that doesn't require registration? (e.g. SkyDrive)Doug Kentner
August 1st, 2012 12:40pm
Can you place the dumps in a location that doesn't require registration? (e.g. SkyDrive)
Doug Kentner
So sorry about that; didn't realize 4Shared changed their policies. Anyways, I did put them up onto my SkyDrive here:
http://sdrv.ms/T3lnMz
Thanks!
Free Windows Admin Tool Kit Click here and download it now
August 1st, 2012 12:47pm
Please configure the machine for kernel dump. Minidumps are not helpful.Dave Guenthner [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights. http://blogs.technet.com/b/davguents_blog
August 1st, 2012 12:55pm
Please configure the machine for kernel dump. Minidumps are not helpful.
Dave Guenthner [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights. http://blogs.technet.com/b/davguents_blog
Alrighty, I placed three full kernel dumps into the same SkyDrive folder under "MEMORY" file names. Go ahead of have a look.
Thanks again for the help! :)
Free Windows Admin Tool Kit Click here and download it now
August 1st, 2012 3:56pm
(not a kernel debugger) However all three dumps show pool or memory corruption. By definition:
The POOL_CORRUPTION_IN_FILE_AREA bug check has a value of 0x000000DE. This indicates that a driver has corrupted pool memory that is used for holding pages destined for disk.
If you want to upload a set of MPS reports I can tell you what 3rd party drivers you have installed and may help you target updates.
http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=24745
Run the 32 bit one.Dave Guenthner [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights. http://blogs.technet.com/b/davguents_blog
August 1st, 2012 5:03pm
Uploaded MPS Report (CAB) to my SkyDrive. Thanks! :)
Free Windows Admin Tool Kit Click here and download it now
August 1st, 2012 6:01pm
The system event log only goes back 07/25/2012 09:28:20 AM so we can't see *when* this problem started happening. What you can see is that its occuring several times a day at random times. Since server is Windows 2003 and likely has been in service
for a long time you may have a hardware problem with RAM. Since memory is cheap and you only have 4 GB, I would replace it. I would also review what drivers can be safely removed and which ones 3rd party vendor have proided updates.
OS Name Microsoft(R) Windows(R) Server 2003 for Small Business Server
Version 5.2.3790 Service Pack 2 Build 3790
Total Physical Memory 4,095.08 MB
--Name-- |--Company-- |--Version-- |--Date-- |--DESCRIPTION-- PstatVer3
AFAMGT.SYS |Adaptec, Inc. |4.1:1.7043 |May 03 2007 |Dell Management Driver
CERCSR6.SYS |Adaptec, Inc. |4.1:1.7043 |May 03 2007 |DELL CERC SATA1.5/6ch Miniport Driver
ATMFD.DLL |Adobe Systems |5.2:2.232 |Feb 15 2011 |Windows NT OpenType/Type 1 Font Driver
B57XP32.SYS |Broadcom Corpo|12.4:1.1 |Dec 11 2009 |Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.
ACFSDK32.SYS |Conexant |1.0:2.14 |Mar 15 2007 |Diagnostic Interface x86 Driver
DCDBAS32.SYS |Dell Inc. |5.8:0.4952 |Jan 04 2008 |Dell BASE Device Driver
IMDRVFSF.SYS |Iomega Corpora|1.0:3.5 |Jul 13 2004 |Iomega Filter Driver
REVFS.SYS |Iomega Corpora|2.0:0.21 |Nov 17 2004 |Iomega REV System Software
KAPFA.SYS |Kaseya |6.1:0.0 |Nov 15 2010 |Kaseya Agent Protected File Access Driver
HOTCORE3.SYS |Paragon Softwa|9.0:99.9293 |Mar 24 2009 |A part of Paragon System Utilities
PTILINK.SYS |Parallel Techn|1.1:0.0 |Feb 17 2007 |Parallel Technologies DirectParallel IO Library
SER2PL.SYS |Prolific Techn|2.0:0.24 |Nov 27 2003 |USB-to-Serial Cable Driver
XG20GRP.SYS |XGI Technology|6.14:10.1130 |Jul 23 2009 |XGI Compatible Super VGA Driver
XG20GRV.DLL |XGI Technology|6.14:10.1130 |Jul 23 2009 |XGI Compatible Super VGA DriverDave Guenthner [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights. http://blogs.technet.com/b/davguents_blog
August 2nd, 2012 6:47am
It's been quite a while, but I wanted to update on what's going on.
The server is still having issues crashing with 0xA and 0xDE bugcheck errors. I have been running Driver Verifier on all drivers for the past couple of days, and a few drivers (hotcore3.sys, ser2pl.sys) seem to have caused Driver Verifier to trip and
BSOD, but I have since removed/updated those drivers and no new BSODs have stemmed from them. After fixing those drivers, I have pretty much limited the BSODs to the following logs. What can anyone deduct from these BSODs? Keep in mind that
the server has passed two different memory tests on several passes, and all possible third-party drivers that could have been the probable cause have been fixed.
I'll link mini and full dumps in a bit.
On Sun 8/19/2012 5:11:32 PM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini081912-01.dmp
uptime: 00:02:34
This was probably caused by the following module:
ntkrpamp.exe (nt!KeBugCheckEx+0x1B)
Bugcheck code: 0xDE (0x2, 0xFFFFFFFFEB1181B8, 0xFFFFFFFFFB1181B8, 0xFFFFFFFFE413B8C0)
Error: POOL_CORRUPTION_IN_FILE_AREA
Bug check description: This indicates that a driver has corrupted pool memory that is used for holding pages destined for disk.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: ntkrpamp.exe .
Google query: ntkrpamp.exe POOL_CORRUPTION_IN_FILE_AREA
On Sun 8/19/2012 5:11:32 PM GMT your computer crashed
crash dump file: C:\WINDOWS\memory.dmp
uptime: 00:02:34
This was probably caused by the following module:
ntkrpamp.exe (nt+0x27E33)
Bugcheck code: 0xDE (0x2, 0xFFFFFFFFEB1181B8, 0xFFFFFFFFFB1181B8, 0xFFFFFFFFE413B8C0)
Error: POOL_CORRUPTION_IN_FILE_AREA
Bug check description: This indicates that a driver has corrupted pool memory that is used for holding pages destined for disk.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: ntkrpamp.exe .
Google query: ntkrpamp.exe POOL_CORRUPTION_IN_FILE_AREA
On Fri 8/17/2012 5:04:25 PM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini081712-03.dmp
uptime: 01:48:51
This was probably caused by the following module:
ntfs.sys (Ntfs+0x4BCC8)
Bugcheck code: 0xA (0xFFFFFFFFC07888A8, 0xFFFFFFFFD0000002, 0x0, 0xFFFFFFFF80867159)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\WINDOWS\system32\drivers\ntfs.sys
product: Microsoft Windows Operating System
company: Microsoft Corporation
description: NT File System Driver
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.
On Fri 8/17/2012 3:11:16 PM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini081712-02.dmp
uptime: 01:01:40
This was probably caused by the following module:
ntkrpamp.exe (nt!Kei386EoiHelper+0x28F3)
Bugcheck code: 0xA (0xFFFFFFFF83331EE3, 0xFFFFFFFFD0000002, 0x0, 0xFFFFFFFF80850B18)
Error: IRQL_NOT_LESS_OR_EQUAL
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: ntkrpamp.exe .
Google query: ntkrpamp.exe IRQL_NOT_LESS_OR_EQUAL
On Fri 8/17/2012 2:05:24 PM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini081712-01.dmp
uptime: 10:12:50
This was probably caused by the following module:
ntfs.sys (Ntfs+0x907D)
Bugcheck code: 0xDE (0x2, 0xFFFFFFFFE9A4BE68, 0xFFFFFFFFF9A4BE68, 0xFFFFFFFFE350B8C0)
Error: POOL_CORRUPTION_IN_FILE_AREA
file path: C:\WINDOWS\system32\drivers\ntfs.sys
product: Microsoft Windows Operating System
company: Microsoft Corporation
description: NT File System Driver
Bug check description: This indicates that a driver has corrupted pool memory that is used for holding pages destined for disk.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.
On Fri 8/17/2012 3:02:30 AM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini081612-05.dmp
uptime: 05:03:27
This was probably caused by the following module:
ntkrpamp.exe (nt!Kei386EoiHelper+0x28F3)
Bugcheck code: 0xC5 (0x782E81CC, 0xFFFFFFFFD0000002, 0x1, 0xFFFFFFFF808953B7)
Error: DRIVER_CORRUPTED_EXPOOL
Bug check description: This indicates that the system attempted to access invalid memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: ntkrpamp.exe .
Google query: ntkrpamp.exe DRIVER_CORRUPTED_EXPOOL
Free Windows Admin Tool Kit Click here and download it now
August 20th, 2012 11:14am