Announcement

Collapse
No announcement yet.

Help debugging BSOD EXCEPTION_DOUBLE_FAULT

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Help debugging BSOD EXCEPTION_DOUBLE_FAULT

    I have the Microsoft SDK installed and symbols loaded and have loaded in a minidump file but I am lost where to go from here.

    The server is SBS 2008 and crashes every time windows updates tries to run. In the mean time I have disabled the BITS service and Microsoft Update service to prevent BSOD restarts.

    Attached is the output from WinDbg in a text file.
    Attached Files

  • #2
    Re: Help debugging BSOD EXCEPTION_DOUBLE_FAULT

    A double-fault? That's pretty nasty, and unusual. Faults like that are usually caused by hardware faults, corrupt system files or in some rare cases, a really buggy device driver.

    The log doesn't really contain much useful information, which is to be expected when a double-fault occurs. The stack holds a reference to a fltmgr.sys function, which (if it was involved in causing the fault) could indicate file system corruption, storage device errors, buggy antivirus software or even a low-level virus or rootkit infection.

    Have you been able to pinpoint exactly what's causing the crash? Can you trigger it by running Windows Update manually? Does it get as far as the download or install phase, or does it crash during inventory? Has it ever crashed with Windows Update and BITS disabled?

    What kind of hardware is the OS running on? If the server isn't using ECC memory, I'd suggest you rule out memory errors first. A bad RAM chip can cause all sorts of errors, including BSOD and data corruption. I can recommend Memtest86+, it's free and quite thorough.

    If the server passes the RAM test, see if sfc /scannow finds any broken system files. You should probably also run chkdsk /f, but only if you're reasonably sure there's nothing wrong with the RAM.

    Comment


    • #3
      Re: Help debugging BSOD EXCEPTION_DOUBLE_FAULT

      The server is a Dell T300, it is getting long in the tooth being a few months away from 5 years old. I am pretty sure it has ECC ram but I would have to dig a little to verify. I know it is Xeon processor.

      I suspected possible hard drive failing so I ran checkdsk (through the GUI and rebooting) it didn't report any bad clusters but it took forever. I thought maybe the drives were going so I replaced the drives and restored from backup using the built in Windows backup software. The restore from backup was textbook no issues at all.

      I also ran sfc /scannow and it came back clean.

      It has BSOD crashed at other times other than Windows updates. It has a handful of updates waiting to be installed, I tried just choosing 1 at a time to see if it was one update causing it but that didn't seem to help just trying to install 1 update causes it to crash and reboot.

      I am aware of Memtest86+ but haven't got the chance to run it yet to see about the RAM.

      I think the recent patch Tuesday is what pushed it over the edge. This is the trouble with SBS it is a double edged sword having all you eggs in one basket (AD, Exchange, file, print etc...) but it can be a good option to get all the network services wrapped up into one package for small businesses with limited budgets. In it's current state and only supporting 10 users I will probably just export mail to .pst and start from scratch with a new server.


      Are there any adjustments I could make to how Windows collects the dump files to help gain more information for troubleshooting?

      Comment


      • #4
        Re: Help debugging BSOD EXCEPTION_DOUBLE_FAULT

        According to the official specs, the T300 uses DDR2 ECC RAM, so any RAM defects should have been caught by the chipset.

        If this is indeed a software failure, the cause must be a kernel component or a device driver. Double-faults are triggered whenever a ring 0 process causes a stack overflow. Did any of the recent Windows Updates include a driver update for the storage controller or NIC?

        Is antivirus software installed on this server? I've seen some reports of antivirus software causing stack overflows and double-faults during file access.

        If you change the debug setting to produce a full kernel memory dump instead of a 256k minidump, further debugging should be possible.

        I've installed and managed Windows SBS since NT 4.0, and I rather liked the 2000 and 2003 versions. The latter was almost bulletproof, and you could customize the installation to your heart's content without breaking any of the SBS wizards. As for the more recent versions, well, let's just say I wasn't too upset to learn that Microsoft had decided to discontinue the product.

        Comment


        • #5
          Re: Help debugging BSOD EXCEPTION_DOUBLE_FAULT

          The "write debugging information" is already set to kernel memory dump, the other option would be "small memory dump (128k)"

          It shows the dump file location as %SystemRoot%\memory.dmp. I have not tried to open that with debugging yet. I have only opened the files found in the minidump folder.

          I am getting the memory.dmp file now, I will try to put it on my Google drive or something so that hopefully somebody can take a look at it with me.

          Yes Antivirus Trend Micro is installed, no I don't think Windows updates has updated NIC or storage drivers recently.

          Comment


          • #6
            Re: Help debugging BSOD EXCEPTION_DOUBLE_FAULT

            The kernel memory dump should be available for download from my Gdrive

            https://drive.google.com/file/d/0B_b...it?usp=sharing

            Comment


            • #7
              Re: Help debugging BSOD EXCEPTION_DOUBLE_FAULT

              On Sun 18/05/2014 01:14:03 GMT your computer crashed
              crash dump file: C:\Windows\memory.dmp
              This was probably caused by the following module: tmevtmgr.sys (tmevtmgr+0x4481)
              Bugcheck code: 0x7F (0x8, 0x80050031, 0x6F8, 0xFFFFFA6000D918C0)
              Error: UNEXPECTED_KERNEL_MODE_TRAP
              Bug check description: This bug check indicates that the Intel CPU generated a trap and the kernel failed to catch this trap.
              A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: tmevtmgr.sys .
              Google query: tmevtmgr.sys UNEXPECTED_KERNEL_MODE_TRAP
              Don't forget to say thanks by giving "Kudos" to those that help solve your problems.

              Comment


              • #8
                Re: Help debugging BSOD EXCEPTION_DOUBLE_FAULT

                Originally posted by _TechSup1983 View Post
                On Sun 18/05/2014 01:14:03 GMT your computer crashed
                crash dump file: C:\Windows\memory.dmp
                This was probably caused by the following module: tmevtmgr.sys (tmevtmgr+0x4481)
                Bugcheck code: 0x7F (0x8, 0x80050031, 0x6F8, 0xFFFFFA6000D918C0)
                Error: UNEXPECTED_KERNEL_MODE_TRAP
                Bug check description: This bug check indicates that the Intel CPU generated a trap and the kernel failed to catch this trap.
                A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: tmevtmgr.sys .
                Google query: tmevtmgr.sys UNEXPECTED_KERNEL_MODE_TRAP
                Do you have Trend Micro installed on that system?

                Comment


                • #9
                  Re: Help debugging BSOD EXCEPTION_DOUBLE_FAULT

                  Through choice I wouldn't install trend micro on any system. I read stylus277 memory dump and posted the result.
                  Don't forget to say thanks by giving "Kudos" to those that help solve your problems.

                  Comment


                  • #10
                    Re: Help debugging BSOD EXCEPTION_DOUBLE_FAULT

                    Originally posted by _TechSup1983 View Post
                    Through choice I wouldn't install trend micro on any system. I read stylus277 memory dump and posted the result.
                    Sorry not keeping up.

                    OP,

                    Yeah the issue is with the Trend Micro Event Manager driver. Its a hidden driver that gets installed when you install Trend products.

                    If you can un-install Trend and see how the system goes.

                    Comment

                    Working...
                    X