Announcement

Collapse
No announcement yet.

server crashing with no minidump

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • server crashing with no minidump

    I have my sbs 2003 r2 standard box set up to create a dump file on the C:/ drive when it crashes. It's been crashing here about once every 3 days early in the morning before anyone shows up for work. I was here over the weekend and actually saw a blue screen before it crashed (happened to be in the server room working on something else and looked over exactly when it crashed), but other times I'll come in and it'll just be completely locked up. I can't move the mouse, no keyboard response, nothing. How can I figure out what's wrong if I can't find any log of what happened? The best I can get is a system event stating the machine shut down unexpectedly at 4AM or whatever. Just guessing, I'd say backup exec may be causing this or mcafee..possibly both, but I really am not sure.

  • #2
    Re: server crashing with no minidump

    In my next post, I posted the minidump. Does it mean anything to anyone?
    Last edited by noRulez43; 21st March 2007, 16:25.

    Comment


    • #3
      Re: server crashing with no minidump

      0: kd> !analyze -v
      ************************************************** *****************************
      * *
      * Bugcheck Analysis *
      * *
      ************************************************** *****************************

      IRQL_NOT_LESS_OR_EQUAL (a)
      An attempt was made to access a pageable (or completely invalid) address at an
      interrupt request level (IRQL) that is too high. This is usually
      caused by drivers using improper addresses.
      If a kernel debugger is available get the stack backtrace.
      Arguments:
      Arg1: 00000000, memory referenced
      Arg2: 0000001b, IRQL
      Arg3: 00000001, value 0 = read operation, 1 = write operation
      Arg4: e0825d68, address which referenced memory

      Debugging Details:
      ------------------

      ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

      ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

      ************************************************** ***********************
      *** ***
      *** ***
      *** Your debugger is not using the correct symbols ***
      *** ***
      *** In order for this command to work properly, your symbol path ***
      *** must point to .pdb files that have full type information. ***
      *** ***
      *** Certain .pdb files (such as the public OS symbols) do not ***
      *** contain the required information. Contact the group that ***
      *** provided you with these symbols if you need this command to ***
      *** work. ***
      *** ***
      *** Type referenced: nt!_KPRCB ***
      *** ***
      ************************************************** ***********************
      ************************************************** ***********************
      *** ***
      *** ***
      *** Your debugger is not using the correct symbols ***
      *** ***
      *** In order for this command to work properly, your symbol path ***
      *** must point to .pdb files that have full type information. ***
      *** ***
      *** Certain .pdb files (such as the public OS symbols) do not ***
      *** contain the required information. Contact the group that ***
      *** provided you with these symbols if you need this command to ***
      *** work. ***
      *** ***
      *** Type referenced: nt!KPRCB ***
      *** ***
      ************************************************** ***********************
      ************************************************** ***********************
      *** ***
      *** ***
      *** Your debugger is not using the correct symbols ***
      *** ***
      *** In order for this command to work properly, your symbol path ***
      *** must point to .pdb files that have full type information. ***
      *** ***
      *** Certain .pdb files (such as the public OS symbols) do not ***
      *** contain the required information. Contact the group that ***
      *** provided you with these symbols if you need this command to ***
      *** work. ***
      *** ***
      *** Type referenced: nt!_KPRCB ***
      *** ***
      ************************************************** ***********************
      ************************************************** ***********************
      *** ***
      *** ***
      *** Your debugger is not using the correct symbols ***
      *** ***
      *** In order for this command to work properly, your symbol path ***
      *** must point to .pdb files that have full type information. ***
      *** ***
      *** Certain .pdb files (such as the public OS symbols) do not ***
      *** contain the required information. Contact the group that ***
      *** provided you with these symbols if you need this command to ***
      *** work. ***
      *** ***
      *** Type referenced: nt!KPRCB ***
      *** ***
      ************************************************** ***********************
      ************************************************** ***********************
      *** ***
      *** ***
      *** Your debugger is not using the correct symbols ***
      *** ***
      *** In order for this command to work properly, your symbol path ***
      *** must point to .pdb files that have full type information. ***
      *** ***
      *** Certain .pdb files (such as the public OS symbols) do not ***
      *** contain the required information. Contact the group that ***
      *** provided you with these symbols if you need this command to ***
      *** work. ***
      *** ***
      *** Type referenced: nt!_KPRCB ***
      *** ***
      ************************************************** ***********************
      ************************************************** ***********************
      *** ***
      *** ***
      *** Your debugger is not using the correct symbols ***
      *** ***
      *** In order for this command to work properly, your symbol path ***
      *** must point to .pdb files that have full type information. ***
      *** ***
      *** Certain .pdb files (such as the public OS symbols) do not ***
      *** contain the required information. Contact the group that ***
      *** provided you with these symbols if you need this command to ***
      *** work. ***
      *** ***
      *** Type referenced: nt!_KPRCB ***
      *** ***
      ************************************************** ***********************

      MODULE_NAME: mfehidk

      FAULTING_MODULE: e0800000 nt

      DEBUG_FLR_IMAGE_TIMESTAMP: 4589691f

      WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart
      unable to get nt!MmSpecialPoolEnd
      unable to get nt!MmPoolCodeStart
      unable to get nt!MmPoolCodeEnd
      00000000

      CURRENT_IRQL: 1b

      FAULTING_IP:
      nt+25d68
      e0825d68 8902 mov dword ptr [edx],eax

      CUSTOMER_CRASH_COUNT: 1

      DEFAULT_BUCKET_ID: WRONG_SYMBOLS

      BUGCHECK_STR: 0xA

      LAST_CONTROL_TRANSFER: from e0826005 to e0825d68

      STACK_TEXT:
      WARNING: Stack unwind information not available. Following frames may be wrong.
      f2ba1b54 e0826005 fc4805b0 fe0ad9a8 f2ba1b74 nt+0x25d68
      f2ba1b80 f2640fa6 fe0ad9a8 f2ba1b9c f2ba1cbc nt+0x26005
      f2ba1c84 f26413af fe0ad9a8 79000000 00045000 mfehidk+0xefa6
      f2ba1cbc f2641f44 fe0ad9a8 79000000 00045000 mfehidk+0xf3af
      f2ba1cf0 f26422e6 79000000 00045000 f2ba1d64 mfehidk+0xff44
      f2ba1d34 e0888c6c 00000014 ffffffff 0012f4e0 mfehidk+0x102e6
      f2ba1d64 7c82ed54 badb0d00 0012f3d0 00000000 nt+0x88c6c
      f2ba1d68 badb0d00 0012f3d0 00000000 00000000 0x7c82ed54
      f2ba1d6c 0012f3d0 00000000 00000000 00000000 0xbadb0d00
      f2ba1d70 00000000 00000000 00000000 00000000 0x12f3d0


      STACK_COMMAND: kb

      FOLLOWUP_IP:
      mfehidk+efa6
      f2640fa6 ?? ???

      SYMBOL_STACK_INDEX: 2

      FOLLOWUP_NAME: MachineOwner

      IMAGE_NAME: mfehidk.sys

      SYMBOL_NAME: mfehidk+efa6

      BUCKET_ID: WRONG_SYMBOLS

      Followup: MachineOwner
      ---------

      0: kd>

      Comment


      • #4
        Re: server crashing with no minidump

        just a quick question, did you already replaced the memory?
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: server crashing with no minidump

          No, the memory is fine. I analyzed that memory dump a bit and found mfehidk which is a Mcafee Antivirus file and seems to possibly be causing the problems. I know a while back I was able to stop all crashes by uninstalling it but thought I had that problem fixed. I don't know if this is resolveable or if I should just get a different antivirus for the server.

          edit: lots of info on the net about this problem, but as is my luck, no solution that I can find.
          Last edited by noRulez43; 21st March 2007, 17:12.

          Comment


          • #6
            Re: server crashing with no minidump

            You have Daemon Tools installed?

            https://knowledge.mcafee.com/Support...eId=SAL_Public

            which recommends removing Daemon Tools and:

            http://www.daemon-tools.cc/dtcc/showthread.php?t=11627

            which suggests excluding mfehidk.sys and ... from being scanned.
            Cheers,

            Rick

            ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

            © 2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

            Comment


            • #7
              Re: server crashing with no minidump

              Yeah, I've read all those. I can't find Daemon tools on my system and it is not in the add/remove programs, nor is there a folder called DAEMON anywhere on my system. There is also no mention of the PnP BIOS Extension in my hardware config.

              The guy that mentioned excluding those files later said his BSOD's came back. I still haven't found a definitive answer.
              Last edited by noRulez43; 21st March 2007, 19:35.

              Comment


              • #8
                Re: server crashing with no minidump

                Looks like this poor soul has your exact problem:

                http://www.daemon-tools.cc/dtcc/dsod...on-t15266.html
                Cheers,

                Rick

                ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                © 2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

                Comment


                • #9
                  Re: server crashing with no minidump

                  Look at this from McAfee:

                  http://forums.mcafeehelp.com/viewtopic.php?t=107440

                  Disable the SystemGuards:
                  Open SecurityCenter >> Computer and Files >> Configure. Click on SystemGurad protection is enabled and disable it from there.
                  Cheers,

                  Rick

                  ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                  © 2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

                  Comment


                  • #10
                    Re: server crashing with no minidump

                    I believe that's for the suite that gets installed for home use, etc. We have total protection for small business which has an online administration page much different.

                    Comment


                    • #11
                      Re: server crashing with no minidump

                      Have you opened a ticket w/ McAfee? Looks like everything points to them in some shape or form.
                      Cheers,

                      Rick

                      ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                      © 2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

                      Comment


                      • #12
                        Re: server crashing with no minidump

                        I will do that although they seem to be blaming DAEMON-Tools. Funny how that works. Thanks for the help! Looks like this one is gonna be a battle...or I'll just get a new antivirus solution for just the server.

                        Comment


                        • #13
                          Re: server crashing with no minidump

                          FWIW McAfee has been off my radar screen for a few years now for AV solutions. They regularly seem to have problems like this. I still use Symantec Enterprise though it is a bit heavy on resources, if the server is not strong enough. Popping up on the outer circle of the radar are Trend Micro and NOD32 but I am watching them to see if they come up with 64-bit versions in the near future. The management learning curve is always the most frightening for me. If you do not know the management console well enough, you are likely to misconfigure and a misconfigured AV solution can be fatal - to the server at least!
                          BTW you should download a new set of symbol files for your dump analysis and I was always of the impression that an IRQL_NOT_LESS_OR-EQUAL Stop error was as a result of hardware/drivers.
                          TIA

                          Steven Teiger [SBS-MVP(2003-2009)]
                          http://www.wintra.co.il/
                          sigpic
                          Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

                          We donít stop playing because we grow old, we grow old because we stop playing.

                          Comment

                          Working...
                          X