After upgrading PC from Windows 8.1 then to 8.1 updated I receive a BSOD RDR_FILE_SYSTEM KSECDD.SYS only when I log onto Domain, I can Log onto the local PC OK and I can log on to the domain OK if I disconnect the network cable first, sign into domain and reconnect cable and all is well until I reboot again, and once again I need to disconnect for the LAN sign and reconnect, any thoughts would be greatly appreciated I have included crash dump report.

Probably caused by : ksecdd.sys ( ksecdd+a0f1 )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

RDR_FILE_SYSTEM (27)
    If you see RxExceptionFilter on the stack then the 2nd and 3rd parameters are the
    exception record and context record. Do a .cxr on the 3rd parameter and then kb to
    obtain a more informative stack trace.
    The high 16 bits of the first parameter is the RDBSS bugcheck code, which is defined
    as follows:
     RDBSS_BUG_CHECK_CACHESUP  = 0xca550000,
     RDBSS_BUG_CHECK_CLEANUP   = 0xc1ee0000,
     RDBSS_BUG_CHECK_CLOSE     = 0xc10e0000,
     RDBSS_BUG_CHECK_NTEXCEPT  = 0xbaad0000,
Arguments:
Arg1: 00000000baad0073
Arg2: ffffd000208c5d78
Arg3: ffffd000208c5580
Arg4: fffff801c22910f1

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
***                                                                   ***
***                                                                   ***
***    Either you specified an unqualified symbol, or your debugger   ***
***    doesn't have full symbol information.  Unqualified symbol      ***
***    resolution is turned off by default. Please either specify a   ***
***    fully qualified symbol module!symbolname, or enable resolution ***
***    of unqualified symbols by typing ".symopt- 100". Note that   ***
***    enabling unqualified symbol resolution with network symbol     ***
***    server shares in the symbol path may cause the debugger to     ***
***    appear to hang for long periods of time when an incorrect      ***
***    symbol name is typed or the network symbol server is down.     ***
***                                                                   ***
***    For some commands to work properly, your symbol path           ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************

• Edited by ZigZag3143xMVP, Moderator Wednesday, April 09, 2014 11:07 AM DBG output removed

We do need the actual DMP file as they contain the only record of the sequence of events leading up to the crash, what drivers were loaded, and what was responsible.   We prefer at least 2 DMP files to spot trends and confirm the cause.
Please follow our instructions for finding and uploading the files we need to help you fix your computer. They can be found here If you have any questions about the procedure please ask
If you are using Blue screen view, who crashed, or a similar application don't.  They are wrong at least as often as they are correct

Here is a link to the dump file if needed, http://1drv.ms/PQLLwG 

Declan

This was related to a memory exception (0xc0000005).  Please run driver verifier to find the underlying cause

I would update your 2008 LogMeIn driver.

Please run this test to find which driver is causing the problem.  
If you are overclocking (pushing the components beyond their design) you should revert to default at least until the crashing is solved. If you don't know what it is you probably are not overclocking.

Driver verifier (for complete directions see our wiki here) Co-Authored by  JMH3143

Hi, 

   I removed logmein and I still get the same error, tried on two other PC's, one with straight install of 8.1 same issue, when logging onto PC on domain it crash's but if I remove network cable log on to PC and then connect cable it is fine, no other other software installed on this one. Second PC is a preinstalled windows 8 lenovo which I have just upgraded via store to 8.1, here's is my second dump file from my own PC run with driver verifier, and here is the other dump file from the HP PC. my PC = http://1drv.ms/1eqW4NT and the HP machine = http://1drv.ms/PRyfc5      I am now thinking could this be a result of some Group policy, we are running Server 2012 R2. 3 PC's crashing when logging onto the domain?? but ok if network cable is plugged out then plugged in again after log on and there OK??

I would like to add that I can log on locally (using local user account) on the PC while connected to the same network and no issue, So I thinking its DC/domain/GP related. Also just to add this was never an issue for Windows 7 or 8 only 8.1 and 8.1 update 1.

• Edited by Declan ONeill Wednesday, April 09, 2014 3:32 PM Further information

Hi,

Did you mean you have installed Windows 8.1 update 1?

But in your dump file, my analyzed results is that rdbss.sys give out the BSOD. Please also noticed that the rdbss.sys version of your computer is 6.3.9600.16384, but if you really installed Update 1 successfully, the version should be 6.3.9600.16493.

At this point, I suggest you restore the system back to the point before Update 1, and then re-get the updates again to check the results.

 kd> lmvm rdbss
start             end                 module name
fffff800`0175a000 fffff800`017ca000   rdbss      (pdb symbols)          d:\symbols\rdbss.pdb\5E49C02AC7AA461FBB8A4A267EF877CF2\rdbss.pdb
    Loaded symbol image file: rdbss.sys
    Mapped memory image file: d:\symbols\rdbss.sys\5215F80C70000\rdbss.sys
    Image path: \SystemRoot\system32\DRIVERS\rdbss.sys
    Image name: rdbss.sys
    Timestamp:        Thu Aug 22 19:37:48 2013 (5215F80C)
    CheckSum:         0006B43E
    ImageSize:        00070000
    File version:     6.3.9600.16384
    Product version:  6.3.9600.16384
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        3.7 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft Windows Operating System
    InternalName:     rdbss.sys
    OriginalFilename: RDBSS.Sys
    ProductVersion:   6.3.9600.16384
    FileVersion:      6.3.9600.16384 (winblue_rtm.130821-1623)
    FileDescription:  Redirected Drive Buffering SubSystem Driver
    LegalCopyright:    Microsoft Corporation. All rights reserved.
2: kd> kb
RetAddr           : Args to Child                                                           : Call Site
fffff800`0176f169 : 00000000`00000027 00000000`baad0073 ffffd000`21a69d78 ffffd000`21a69580 : nt!KeBugCheckEx
fffff800`01767cef : fffff800`017789a0 ffffd000`21a6a460 00000000`00000000 00000000`00000002 : rdbss!RxExceptionFilter+0xed
fffff803`6434f1b6 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : rdbss! ?? ::FNODOBFM::`string'+0xd8
fffff800`01767c0e : fffff800`017789b0 ffffd000`21a69d78 ffffd000`21a6a460 fffff803`642dcf1f : nt!_C_specific_handler+0x86
fffff803`643675ed : 00000000`00000000 ffffd000`21a68f50 ffffd000`21a69d78 fffff800`01786060 : rdbss!_GSHandlerCheck_SEH+0x76
fffff803`642dd7b5 : 00000000`00000006 ffffd000`21a68f50 fffff800`0177b7c8 00000000`00000000 : nt!RtlpExecuteHandlerForException+0xd
fffff803`642de67b : ffffd000`21a69d78 ffffd000`21a69a80 ffffd000`21a69d78 00000000`00000000 : nt!RtlDispatchException+0x455
fffff803`6436bcc2 : 000000c2`27040fff 00000000`0c227040 000000c2`27040000 00000000`0c227040 : nt!KiDispatchException+0x61f
fffff803`6436a414 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffd000`21a69e20 : nt!KiExceptionDispatch+0xc2
fffff800`00a8005d : ffffd000`00120010 ffffc000`037ade90 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x214
fffff800`00a7daf7 : 00000000`00000000 ffffd000`21a6a020 ffffd000`21a6a010 ffffd000`21a6a090 : ksecdd!SspiHelperEqualPackedCredentials+0xd
fffff800`01790aab : 00000000`00000000 ffffc000`03a50ef0 ffffc000`037ade90 00000000`00000000 : ksecdd! ?? ::FNODOBFM::`string'+0xecf
fffff800`0178e3a2 : fffff800`01780700 00000000`00000001 00000000`00000000 00000000`00000000 : rdbss!RxIsCompatibleSecurityContext+0x10b
fffff800`0179e6fe : ffffe000`63457852 ffffd000`21a6a378 fffff800`01790ec0 ffffe000`00770e38 : rdbss!RxFindOrConstructVirtualNetRoot+0x473
fffff800`0179119c : ffffc000`00010d01 ffffe000`033a24f0 ffffe000`00715750 ffffe000`033a24f0 : rdbss!RxCreateTreeConnect+0xfe
fffff800`0175bd9e : 01cf53ff`fea2bed3 ffffe000`033a2390 ffffe000`033a24f0 00000000`00000000 : rdbss!RxCommonCreate+0x2dc
fffff800`0178c7df : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : rdbss!RxFsdCommonDispatch+0x56e
fffff800`0237d1b3 : 00000000`00000000 ffffe000`033a2301 ffffe000`033a2390 fffff800`00fcc010 : rdbss!RxFsdDispatch+0xcf
fffff800`00fd1682 : ffffe000`00762010 ffffe000`033a2390 ffffc000`0034d7a0 00000000`00000000 : mrxsmb!MRxSmbFsdDispatch+0x83
fffff800`00fcfc07 : ffffc000`0034d7a0 ffffe000`00770e00 fffff800`00fcc010 ffffe000`0208eab0 : mup!MupiCallUncProvider+0xc2
fffff800`006b53a4 : ffffe000`00000000 ffffe000`00000008 ffffe000`00770de0 ffffe000`0208eab0 : mup!MupCreate+0x5f8
fffff803`645db4e3 : 00000000`00000000 00000000`00000004 00000000`00000000 00000000`000007ff : fltmgr!FltpCreate+0x3a5
fffff803`645d707f : ffffc000`00015188 ffffc000`00015188 ffffc000`003480d0 ffffe000`01a954d0 : nt!IopParseDevice+0x7b3
fffff803`645d4a83 : 00000000`00000000 ffffd000`21a6ac38 ffffe000`00000240 ffffe000`003a09a0 : nt!ObpLookupObjectName+0x6ef
fffff803`645d1e72 : 00000000`00000001 00000000`00000000 ffffd000`21a6aeb0 00000000`00000000 : nt!ObOpenObjectByName+0x1e3
fffff803`646ad643 : ffffd000`21e8d428 ffffd000`00100000 ffffd000`21a6aee0 00000000`00000000 : nt!IopCreateFile+0x372
fffff800`01991064 : 00000000`00000000 00000000`00000020 00000000`00180000 ffffd000`21a6ae50 : nt!IoCreateFileEx+0xeb
fffff800`01990f6e : 00000000`00000000 ffffd000`21e8d3b8 ffffe000`002dd740 ffffd000`21e8c740 : dfsc!DfscConnOpenIpcConnectionCallin+0xe4
fffff803`643639f7 : ffffd000`21e8c770 00000000`00000000 00000000`00000000 00000000`00000000 : dfsc!DfscConnOpenIpcConnectionCallout+0x26
fffff803`643639bd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxSwitchKernelStackCallout+0x27
00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwitchKernelStackContinue