I am having random restarts/hangs on one my Windows Server 2003 SP2 servers. The server sometimes recovers from the error and restarts it with out an issue. Othertimes, it attempts to restart, but it hangs prior to shutting it down. The event log errror shows: Applications Error
Faulting application services.exe, version 5.2.3790.4455, faulting module ntdll.dll, version 5.2.3790.4937, fault address 0x0001a2cc.
I am attempting to use "User Mode Process Dumper" and attached it to services.exe. I was able to produce a dump file, but I am unable to analyze it with WinDBG or maybe I dont know how. I have analyzed dump files before with WinDBG.
Here is the dump. The only thing that catches my eye is the access violation code. Any ideas?
User Mini Dump File with Full Memory: Only application data is available
Comment: 'Userdump generated complete user-mode minidump with Exception Monitor function on SERVER01'
Symbol search path is: srv*;C:\WINDOWS\Symbols
Executable search path is:
Windows Server 2003 Version 3790 (Service Pack 2) MP (4 procs) Free x86 compatible
Product: Server, suite: TerminalServer SingleUserTS
Machine Name:
Debug session time: Sat May 5 05:33:55.000 2012 (GMT-4)
System Uptime: 11 days 9:16:35.546
Process Uptime: 11 days 9:16:33.000
...........................
Loading unloaded module list
.........
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(1d8.d54): Access violation - code c0000005 (first/second chance not available)
eax=00000000 ebx=0013e718 ecx=fffffffb edx=00e1f824 esi=00000001 edi=00146000
eip=7c81a2cc esp=00e1f810 ebp=00e1f834 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246
ntdll!RtlInitUnicodeString+0x1b:
7c81a2cc 66f2af repne scas word ptr es:[edi]
Faulting application services.exe, version 5.2.3790.4455, faulting module ntdll.dll, version 5.2.3790.4937, fault address 0x0001a2cc.
I am attempting to use "User Mode Process Dumper" and attached it to services.exe. I was able to produce a dump file, but I am unable to analyze it with WinDBG or maybe I dont know how. I have analyzed dump files before with WinDBG.
Here is the dump. The only thing that catches my eye is the access violation code. Any ideas?
User Mini Dump File with Full Memory: Only application data is available
Comment: 'Userdump generated complete user-mode minidump with Exception Monitor function on SERVER01'
Symbol search path is: srv*;C:\WINDOWS\Symbols
Executable search path is:
Windows Server 2003 Version 3790 (Service Pack 2) MP (4 procs) Free x86 compatible
Product: Server, suite: TerminalServer SingleUserTS
Machine Name:
Debug session time: Sat May 5 05:33:55.000 2012 (GMT-4)
System Uptime: 11 days 9:16:35.546
Process Uptime: 11 days 9:16:33.000
...........................
Loading unloaded module list
.........
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(1d8.d54): Access violation - code c0000005 (first/second chance not available)
eax=00000000 ebx=0013e718 ecx=fffffffb edx=00e1f824 esi=00000001 edi=00146000
eip=7c81a2cc esp=00e1f810 ebp=00e1f834 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246
ntdll!RtlInitUnicodeString+0x1b:
7c81a2cc 66f2af repne scas word ptr es:[edi]