Hi, We're having issues where our server is crashing daily (auto-rebooting) the stop error is:
0x000000d1 (0x00000006 0xd0000002, 0x00000000 0xf78610bf)
We've done a memory check (everything checks out), a chassis swap, and are still having issues daily. Our service provider doesnt analyze minidump files as part of the troubleshooting process, but Ive had luck with dump files in the past, however Im not a system admin so dont feel super comfortable with my diagnosis skills. Here is the minidump file from the most recent (today) crash. It looks like windbg thinks that the offender is TM_CFW.sys does this look like it might be the culprit? (Im taking a look at the mdump on a remote machine btw)
Quote:
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Documents and Settings\xxxxx\Desktop\Mini062308-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: c:\windows\System32; c:\windows\system\System32; http://www.alexander.com/SymServe
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs) Free x86 compatible
Product: Server, suite: TerminalServer SingleUserTS
Built by: 3790.srv03_sp2_gdr.070304-2240
Kernel base = 0x80800000 PsLoadedModuleList = 0x808a6ea8
Debug session time: Mon Jun 23 09:33:44.437 2008 (GMT-7)
System Uptime: 1 days 12:09:39.064
Loading Kernel Symbols
.................................................................................................................
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {6, d0000002, 0, f78610bf}
Unable to load image \SystemRoot\system32\DRIVERS\TM_CFW.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for TM_CFW.sys
*** ERROR: Module load completed but symbols could not be loaded for TM_CFW.sys
Unable to load image \SystemRoot\system32\DRIVERS\e1000325.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for e1000325.sys
*** ERROR: Module load completed but symbols could not be loaded for e1000325.sys
Probably caused by : TM_CFW.sys ( TM_CFW+3ba0 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000006, memory referenced
Arg2: d0000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f78610bf, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: 00000006
CURRENT_IRQL: 2
FAULTING_IP:
NDIS!ethFilterDprIndicateReceivePacket+ee
f78610bf f6470605 test byte ptr [edi+6],5
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0xD1
PROCESS_NAME: Idle
TRAP_FRAME: 8089a144 -- (.trap 0xffffffff8089a144)
ErrCode = 00000000
eax=88368efc ebx=88368e78 ecx=00000002 edx=8089a21c esi=88368eb0 edi=00000000
eip=f78610bf esp=8089a1b8 ebp=8089a1fc iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286
NDIS!ethFilterDprIndicateReceivePacket+0xee:
f78610bf f6470605 test byte ptr [edi+6],5 ds:0023:00000006=??
Resetting default scope
LAST_CONTROL_TRANSFER: from f78610bf to 8088c963
STACK_TEXT:
8089a144 f78610bf badb0d00 8089a21c 7c1f2640 nt!KiTrap0E+0x2a7
8089a1fc ba368ba0 8a3e1a60 8089a21c 00000001 NDIS!ethFilterDprIndicateReceivePacket+0xee
WARNING: Stack unwind information not available. Following frames may be wrong.
8089a220 ba368d5d 88108088 8089a238 88e42b58 TM_CFW+0x3ba0
8089a23c ba370f9b 88e42b58 872cdcc4 87c86af8 TM_CFW+0x3d5d
8089a258 ba372754 88e42b58 872cdcc4 8a213640 TM_CFW+0xbf9b
8089a354 ba36781c 87c86af8 8a213640 8a51aec0 TM_CFW+0xd754
8089a3b4 f7861749 00000000 8a213640 8a0e600a TM_CFW+0x281c
8089a41c ba78659e 8a587130 8089a45c 00000001 NDIS!ethFilterDprIndicateReceivePacket+0x246
8089a56c ba787471 012a4008 8089a59b 8a587130 e1000325+0x59e
8089a590 f7856466 002a4008 ffdffa40 8a2a4460 e1000325+0x1471
8089a5a8 808320f0 8a2a4460 8a2a444c 00000000 NDIS!ndisMDpcX+0x21
8089a600 8088de1f 00000000 0000000e 00000000 nt!KiRetireDpcList+0xca
8089a604 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x37
STACK_COMMAND: kb
FOLLOWUP_IP:
TM_CFW+3ba0
ba368ba0 ?? ???
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: TM_CFW+3ba0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: TM_CFW
IMAGE_NAME: TM_CFW.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 462887a5
FAILURE_BUCKET_ID: 0xD1_TM_CFW+3ba0
BUCKET_ID: 0xD1_TM_CFW+3ba0
Followup: MachineOwner
---------
|
Any help or insight GREATLY appreciated. Im working on additional dump files to see if there is a pattern...
06-23-2008, 03:07 PM
