Server 2008 BSOD NETIO.sys
HI
Please can some tell me how to stop this BSOD I have pasted my dump file
Regards
Matt
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\Mini062411-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6001 (Service Pack 1) MP (8 procs) Free x64
Product: LanManNt, suite: TerminalServer SingleUserTS
Built by: 6001.18427.amd64fre.vistasp1_gdr.100218-0019
Machine Name:
Kernel base = 0xfffff800`01c07000 PsLoadedModuleList = 0xfffff800`01dccdb0
Debug session time: Fri Jun 24 09:24:10.944 2011 (UTC + 1:00)
System Uptime: 0 days 0:00:06.522
Loading Kernel Symbols
...............................................................
......................
Loading User Symbols
Loading unloaded module list
..
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, fffffa6000a1baab, fffffa600217ee38, fffffa600217e810}
Unable to load image tcpip.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for tcpip.sys
*** ERROR: Module load completed but symbols could not be loaded for tcpip.sys
Probably caused by : NETIO.SYS ( NETIO! ?? ::FNODOBFM::`string'+2eab )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffffa6000a1baab, The address that the exception occurred at
Arg3: fffffa600217ee38, Exception Record Address
Arg4: fffffa600217e810, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
NETIO! ?? ::FNODOBFM::`string'+2eab
fffffa60`00a1baab 49393c0f cmp qword ptr [r15+rcx],rdi
EXCEPTION_RECORD: fffffa600217ee38 -- (.exr 0xfffffa600217ee38)
ExceptionAddress: fffffa6000a1baab (NETIO! ?? ::FNODOBFM::`string'+0x0000000000002eab)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000000
Attempt to read from address 0000000000000000
CONTEXT: fffffa600217e810 -- (.cxr 0xfffffa600217e810)
rax=0000000000000066 rbx=0000000000000000 rcx=0000000000000000
rdx=fffffa8006f26260 rsi=fffffa600217f230 rdi=0000000000000000
rip=fffffa6000a1baab rsp=fffffa600217f070 rbp=0000000000000066
r8=fffffa600217f230 r9=0000000000000004 r10=0000000000000001
r11=fffffa600217f1c8 r12=fffffa8006f26260 r13=fffffa600217f218
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
NETIO! ?? ::FNODOBFM::`string'+0x2eab:
fffffa60`00a1baab 49393c0f cmp qword ptr [r15+rcx],rdi ds:002b:00000000`00000000=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: NULL_DEREFERENCE
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000000
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80001e30080
0000000000000000
FOLLOWUP_IP:
NETIO! ?? ::FNODOBFM::`string'+2eab
fffffa60`00a1baab 49393c0f cmp qword ptr [r15+rcx],rdi
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from fffffa6000a0a311 to fffffa6000a1baab
STACK_TEXT:
fffffa60`0217f070 fffffa60`00a0a311 : 00000000`00000000 fffffa60`017dbc00 00000000`00000066 00000000`00000002 : NETIO! ?? ::FNODOBFM::`string'+0x2eab
fffffa60`0217f0c0 fffffa60`00a0debd : fffffa60`0217f280 fffffa80`06f170d0 00000000`00000066 fffff880`00000000 : NETIO!NsiGetAllParametersEx+0x361
fffffa60`0217f1d0 fffffa60`03059405 : fffffa80`06f26260 00000000`00000000 fffffa80`06f1c870 00000000`00000000 : NETIO!NsiGetAllParameters+0xbd
fffffa60`0217f270 fffffa80`06f26260 : 00000000`00000000 fffffa80`06f1c870 00000000`00000000 fffffa80`00000006 : tcpip+0x5405
fffffa60`0217f278 00000000`00000000 : fffffa80`06f1c870 00000000`00000000 fffffa80`00000006 fffffa80`06f26260 : 0xfffffa80`06f26260
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: NETIO! ?? ::FNODOBFM::`string'+2eab
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NETIO
IMAGE_NAME: NETIO.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 47919aa7
STACK_COMMAND: .cxr 0xfffffa600217e810 ; kb
FAILURE_BUCKET_ID: X64_0x7E_NETIO!_??_::FNODOBFM::_string_+2eab
BUCKET_ID: X64_0x7E_NETIO!_??_::FNODOBFM::_string_+2eab
Followup: MachineOwner
---------
3: kd> lmvm NETIO
start end module name
fffffa60`00a05000 fffffa60`00a5d000 NETIO (pdb symbols) c:\symbols\netio.pdb\60925DD27F724CB7AEAB4F9151262B6D2\netio.pdb
Loaded symbol image file: NETIO.SYS
Mapped memory image file: c:\symbols\NETIO.SYS\47919AA758000\NETIO.SYS
Image path: NETIO.SYS
Image name: NETIO.SYS
Timestamp: Sat Jan 19 06:37:27 2008 (47919AA7)
CheckSum: 00062189
ImageSize: 00058000
File version: 6.0.6001.18000
Product version: 6.0.6001.18000
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: netio.sys
OriginalFilename: netio.sys
ProductVersion: 6.0.6001.18000
FileVersion: 6.0.6001.18000 (longhorn_rtm.080118-1840)
FileDescription: Network I/O Subsystem
LegalCopyright: © Microsoft Corporation. All rights reserved.
June 26th, 2011 7:29am
Seems you have to install a hotfix based on this Kb article
http://support.microsoft.com/kb/955734
However, in this forum, we do not provide debugging support. If you would like to perform debugging, please contact Microsoft Customer Support Service (CSS).
To obtain the phone numbers for specific technology request, please refer to the website listed below:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS
If you are outside the US, please refer to
http://support.microsoft.com
for regional support phone numbers.
http://www.virmansec.com/blogs/skhairuddin
Free Windows Admin Tool Kit Click here and download it now
June 26th, 2011 7:41am
Seems you have to install a hotfix based on this Kb article
http://support.microsoft.com/kb/955734
However, in this forum, we do not provide debugging support. If you would like to perform debugging, please contact Microsoft Customer Support Service (CSS).
To obtain the phone numbers for specific technology request, please refer to the website listed below:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS
If you are outside the US, please refer to
http://support.microsoft.com
for regional support phone numbers.
http://www.virmansec.com/blogs/skhairuddin
Thanks for the information Syed but the hot fix only list Vista and not Server 2008 do you know if there is a different hotfix for Server 2008.
Regards
Matt Anderson
June 26th, 2011 3:13pm
Bug Check Code 0x1000007e: http://msdn.microsoft.com/en-us/library/ff557196(v=VS.85).aspx
Try what is mentioned here: http://msdn.microsoft.com/en-us/library/ff559239(v=VS.85).aspx
Try the hotfix that Syed suggested to update the netio.sys driver. It is applied on Windows Server 2008.
If it does not help, update NIC drivers.
You can also contact Microsoft CSS.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft Certified
Professional
Microsoft Certified
Systems Administrator: Security
Microsoft Certified
Systems Engineer: Security
Microsoft Certified
Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows 7, Configuring
Microsoft Certified
IT Professional: Enterprise Administrator
Free Windows Admin Tool Kit Click here and download it now
June 26th, 2011 3:28pm
Hi,
You may also try to update the NETIO.sys version by installing the Microsoft Security Bulletin MS10-058 or update to Windows Server 2008 Service Pack
1 to check the result. For more information regarding MS10-058, please refer to the following Microsoft KB article:
MS10-058: Vulnerabilities in TCP/IP could allow elevation of privilege
http://support.microsoft.com/kb/978886
If the issue persists, you may contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist
with your request as other mentioned. To troubleshoot this kind of kernel crash issue, we need to debug the crashed system dump. Unfortunately, debugging is beyond what we can do in the forum. Please be advised that contacting phone support will be a charged
call.
To obtain the phone numbers for specific technology request please take a look at the web site listed below:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
Regards,Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
June 26th, 2011 11:31pm