Windows 2012 R2 Random Reboot

Hi Everyone,

Please Help us.

We have some Vertual Machines on VMWare ESXi 5.5. OS version Windows 2012 R2 DC.

The Event ID 6008, 1001 bug check, 41 kernel-power occur when VM reboot.

The Dump File We read by Windbg software follow:


Microsoft (R) Windows Debugger Version 6.3.9600.17298 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [E:\MEMORY82.32.DMP]
Kernel Bitmap Dump File: Only kernel address space is available


************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       SRV*C:\Windows\symbol_cache*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*C:\Windows\symbol_cache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 8 Kernel Version 9600 MP (8 procs) Free x64
Product: Server, suite: TerminalServer DataCenter SingleUserTS
Built by: 9600.17328.amd64fre.winblue_r3.140827-1500
Machine Name:
Kernel base = 0xfffff800`61c7a000 PsLoadedModuleList = 0xfffff800`61f50370
Debug session time: Thu Apr 23 09:44:07.527 2015 (UTC + 7:00)
System Uptime: 12 days 13:07:55.026
Loading Kernel Symbols
...............................................................
................................................................
................
Loading User Symbols

Loading unloaded module list
...............
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 18, {0, ffffe0001bd8a8e0, 6, ffffffffffffffff}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+1b658 )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

REFERENCE_BY_POINTER (18)
Arguments:
Arg1: 0000000000000000, Object type of the object whose reference count is being lowered
Arg2: ffffe0001bd8a8e0, Object whose reference count is being lowered
Arg3: 0000000000000006, Reserved
Arg4: ffffffffffffffff, Reserved
The reference count of an object is illegal for the current state of the object.
Each time a driver uses a pointer to an object the driver calls a kernel routine
to increment the reference count of the object. When the driver is done with the
pointer the driver calls another kernel routine to decrement the reference count.
Drivers must match calls to the increment and decrement routines. This bugcheck
can occur because an object's reference count goes to zero while there are still
open handles to the object, in which case the fourth parameter indicates the number
of opened handles. It may also occur when the objects reference count drops below zero
whether or not there are open handles to the object, and in that case the fourth parameter
contains the actual value of the pointer references count.

Debugging Details:
------------------


DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

BUGCHECK_STR:  0x18

PROCESS_NAME:  System

CURRENT_IRQL:  2

ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre

LAST_CONTROL_TRANSFER:  from fffff80061df4d08 to fffff80061dc91a0

STACK_TEXT:  
ffffd001`9393d938 fffff800`61df4d08 : 00000000`00000018 00000000`00000000 ffffe000`1bd8a8e0 00000000`00000006 : nt!KeBugCheckEx
ffffd001`9393d940 fffff800`620427f7 : ffffe000`1f9449d0 ffffe000`1bc5a030 ffffe000`21993490 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x1b658
ffffd001`9393d980 fffff800`62068c10 : 00000000`00000000 ffffe000`1f9449d0 ffffe000`1b386b00 ffffe000`1f9449a0 : nt!IopDeleteFile+0x19b
ffffd001`9393da00 fffff800`61cde69f : 00000000`00000000 00000000`00000001 ffffe000`1f9449d0 00000000`00000000 : nt!ObpRemoveObjectRoutine+0x64
ffffd001`9393da60 fffff800`620ad376 : 00000000`00088081 ffffe000`207d8c60 ffffe000`00088081 00000000`00000000 : nt!ObfDereferenceObject+0x8f
ffffd001`9393daa0 fffff800`61d92ac4 : fffff800`61fd2000 ffffd001`9393db50 ffffe000`207d8c68 ffffe000`207d8c60 : nt!MiSegmentDelete+0x11e
ffffd001`9393dae0 fffff800`61db0925 : 00000000`00000000 fffff800`61f508e0 ffffe000`1b240900 00000000`00000012 : nt!MiProcessDereferenceList+0x100
ffffd001`9393db70 fffff800`61d78e70 : ffffe000`1b380040 00000000`00000080 ffffe000`1b380040 00000000`00000000 : nt!MiDereferenceSegmentThread+0xd9
ffffd001`9393dc00 fffff800`61dcf7c6 : ffffd001`9352e180 ffffe000`1b380040 ffffd001`9353a9c0 00000000`00000000 : nt!PspSystemThreadStartup+0x58
ffffd001`9393dc60 00000000`00000000 : ffffd001`9393e000 ffffd001`93938000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt! ?? ::FNODOBFM::`string'+1b658
fffff800`61df4d08 cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+1b658

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  53fe6f2e

BUCKET_ID_FUNC_OFFSET:  1b658

FAILURE_BUCKET_ID:  0x18_nt!_??_::FNODOBFM::_string_

BUCKET_ID:  0x18_nt!_??_::FNODOBFM::_string_

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x18_nt!_??_::fnodobfm::_string_

FAILURE_ID_HASH:  {23944209-42f8-342c-4e58-b3422a5fb0a5}

Followup: MachineOwner
---------

3: kd> !object ffffe0001bd8a8e0
Object: ffffe0001bd8a8e0  Type: (ffffe0001b3879a0) Device
    ObjectHeader: ffffe0001bd8a8b0 (new version)
    HandleCount: 0  PointerCount: 11
    Directory Object: ffffc00159a12eb0  Name: HarddiskVolume2

April 23rd, 2015 5:52am

Hi Hanh,

Sounds like a problem with a driver:

Bug Check 0x18: REFERENCE_BY_POINTER

https://msdn.microsoft.com/en-us/library/windows/hardware/ff557386(v=vs.85).aspx

Have you checked to see if the hardware in your machine has drivers compatible with the operating system version you're running (Windows 8/8.1 drivers are usually compatible with Windows 2012/2012R2). Sometimes the drivers on the driver disk aren't the latest dr

Free Windows Admin Tool Kit Click here and download it now
April 23rd, 2015 6:12am

I would have tendency to point the figure on a virus infection which could be resolved probably easily if you have some snapshot but how old are your VMs?...

On the other hand, if you say you had the problem since the beginning you created the VM than the most common issue is probably a wrong hardware configuration.

You can google something like "How To Fix Windows Ntkrnlmp.exe "

Or also you should read this page: http://www.techcrises.com/how-to/fix-ntkrnlmp-exe-error-code-7-in-windows-78/

April 23rd, 2015 6:17am

Hi Zach,

We've done follow your link: https://msdn.microsoft.com/en-us/library/windows/hardware/ff557386(v=vs.85).aspx

And this is result:

3: kd> !object ffffe0001bd8a8e0
Object: ffffe0001bd8a8e0  Type: (ffffe0001b3879a0) Device
    ObjectHeader: ffffe0001bd8a8b0 (new version)
    HandleCount: 0  PointerCount: 11
    Directory Object: ffffc00159a12eb0  Name: HarddiskVolume2

Wating for You,

Thanks you!

Free Windows Admin Tool Kit Click here and download it now
April 23rd, 2015 7:11am

Dear Hourlier Laurent

Thank for your support,

We haven't snapshot on VMs.

April 23rd, 2015 7:17am

I would have tendency to point the figure on a virus infection which could be resolved probably easily if you have some snapshot but how old are your VMs?...

On the other hand, if you say you had the problem since the beginning you created the VM than the most common issue is probably a wrong hardware configuration.

You can google something like "How To Fix Windows Ntkrnlmp.exe "

Or also you should read this page: http://www.techcrises.com/how-to/fix-ntkrnlmp-exe-error-code-7-in-windows-78/

Free Windows Admin Tool Kit Click here and download it now
April 23rd, 2015 10:16am

I would have tendency to point the figure on a virus infection which could be resolved probably easily if you have some snapshot but how old are your VMs?...

On the other hand, if you say you had the problem since the beginning you created the VM than the most common issue is probably a wrong hardware configuration.

You can google something like "How To Fix Windows Ntkrnlmp.exe "

Or also you should read this page: http://www.techcrises.com/how-to/fix-ntkrnlmp-exe-error-code-7-in-windows-78/

April 23rd, 2015 10:16am

Hi,

kd> !object ffffe0001bd8a8e0 only shows handle and pointer count on the object, it with a larger PointerCount: 11 in your case. It makes extra calls to routines that dereference the object.

This debug error is normally caused by incorrectly configured, old, or corrupted device drivers or driver conflict after installing new hardware. If you installed any hardware device recently, please uninstall them temporarily for good measure. And update your device driver to newest version.

Using Driver Verifier to identify issues with Windows drivers for advanced users

https://msdn.microsoft.com/en-us/library/windows/hardware/ff545448(v=vs.85).aspx#where_can_i_download_driver_verifier_

Regards,

D. Wu

Free Windows Admin Tool Kit Click here and download it now
April 26th, 2015 9:40pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics