Announcement

Collapse
No announcement yet.

Server crashed trying to find the cause

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Server crashed trying to find the cause

    I'm trying to find the cause of our server crashing. It creates a memory.dmp file. I used a tool to look at it and the below is the output. But I can't find the cause in here can anyone else read these?


    Microsoft (R) Windows Debugger Version 6.3.9600.16384 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\User Data\MEMORY.DMP]
    Kernel Bitmap Dump File: Only kernel address space is available


    ************* Symbol Path validation summary **************
    Response Time (ms) Location
    Deferred SRV*C:\Windows\symbol_cache*http://msdl.microsoft.com/download/symbols
    Symbol search path is: SRV*C:\Windows\symbol_cache*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows 8 Kernel Version 9600 MP (2 procs) Free x64
    Product: Server, suite: TerminalServer SingleUserTS
    Built by: 9600.17041.amd64fre.winblue_gdr.140305-1710
    Machine Name:
    Kernel base = 0xfffff803`23272000 PsLoadedModuleList = 0xfffff803`2353c2d0
    Debug session time: Thu Dec 18 13:05:51.341 2014 (UTC - 6:00)
    System Uptime: 22 days 5:21:12.521
    Loading Kernel Symbols
    .................................................. .............
    ..........................................Page 1219dd not present in the dump file. Type ".hh dbgerr004" for details
    ......................
    ....
    Loading User Symbols
    .................................................. ...........
    Loading unloaded module list
    .................................................. .....................
    ************************************************** *****************************
    * *
    * Bugcheck Analysis *
    * *
    ************************************************** *****************************

    Use !analyze -v to get detailed debugging information.

    BugCheck EF, {ffffe001e3a74080, 0, 0, 0}

    Page 1219dd not present in the dump file. Type ".hh dbgerr004" for details
    Probably caused by : wininit.exe

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    ************************************************** *****************************
    * *
    * Bugcheck Analysis *
    * *
    ************************************************** *****************************

    CRITICAL_PROCESS_DIED (ef)
    A critical system process died
    Arguments:
    Arg1: ffffe001e3a74080, Process object or thread object
    Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
    Arg3: 0000000000000000
    Arg4: 0000000000000000

    Debugging Details:
    ------------------

    Page 1219dd not present in the dump file. Type ".hh dbgerr004" for details

    PROCESS_OBJECT: ffffe001e3a74080

    IMAGE_NAME: wininit.exe

    DEBUG_FLR_IMAGE_TIMESTAMP: 0

    MODULE_NAME: wininit

    FAULTING_MODULE: 0000000000000000

    PROCESS_NAME: WmiPrvSE.exe

    BUGCHECK_STR: 0xEF_WmiPrvSE.exe

    DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

    CURRENT_IRQL: 0

    ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre

    LAST_CONTROL_TRANSFER: from fffff80323881dbc to fffff803233c5fa0

    STACK_TEXT:
    ffffd000`3ca7fae8 fffff803`23881dbc : 00000000`000000ef ffffe001`e3a74080 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
    ffffd000`3ca7faf0 fffff803`237a42ae : ffffe001`e3a74080 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PspCatchCriticalBreak+0xa4
    ffffd000`3ca7fb30 fffff803`236010e9 : ffffe001`e3a74080 ffffe001`ef20a900 ffffe001`e3a74080 ffffe001`e3a74080 : nt! ?? ::NNGAKEGL::`string'+0x7bce
    ffffd000`3ca7fb90 fffff803`23600e76 : ffffffff`ffffffff ffffe001`ef20a900 ffffe001`e3a74080 ffffe001`efc3c080 : nt!PspTerminateProcess+0xe5
    ffffd000`3ca7fbd0 fffff803`233d17b3 : ffffe001`e3a74080 ffffe001`efc3c080 ffffd000`3ca7fcc0 00000001`00c3a7d0 : nt!NtTerminateProcess+0x9e
    ffffd000`3ca7fc40 00007ffd`5629ae4a : 00007ffd`5388c1f9 00000000`00000000 00000001`00000000 00000000`00000444 : nt!KiSystemServiceCopyEnd+0x13
    00000001`00ded7d8 00007ffd`5388c1f9 : 00000000`00000000 00000001`00000000 00000000`00000444 00000000`00000000 : ntdll!NtTerminateProcess+0xa
    00000001`00ded7e0 00007ffd`4e886ae2 : 00000000`00000000 00007ffd`4e83ffd8 00000001`00ded890 00000000`00000444 : KERNELBASE!TerminateProcess+0x25
    00000001`00ded810 00007ffd`4e88282c : 00000000`00000003 00000001`00c3a260 00000001`0000019c 00000001`00c045a0 : cimwin32!Process::ExecTerminate+0x12e
    00000001`00ded880 00007ffd`502b76f2 : 00000001`00c3a650 00000000`00000000 00007ffd`4e9b8930 00000001`01e210f0 : cimwin32!CSecureKernelObj::AllAccessMask+0x110be
    00000001`00ded8c0 00007ffd`502b7456 : 00000001`00c3a650 00000000`00000000 00000000`00000000 00000001`00c3a7d0 : framedynos!Provider::ExecMethod+0x9a
    00000001`00ded940 00007ff7`66c7a1c7 : 00000001`01e3bdf0 00000001`00118630 00000001`00118620 00000001`01e7d3e0 : framedynos!CWbemProviderGlue::ExecMethodAsync+0x3c a
    00000001`00dedf50 00007ff7`66c79e24 : 00000000`00000000 00000000`00000000 00000001`00dee091 00000000`00000000 : wmiprvse!CInterceptor_IWbemSyncProvider::Helper_Ex ecMethodAsync+0x2f7
    00000001`00dee010 00007ffd`55cf2385 : 00000001`00000000 00000001`01d34828 00000001`01e51468 00000000`00000000 : wmiprvse!CInterceptor_IWbemSyncProvider::ExecMetho dAsync+0x134
    00000001`00dee0e0 00007ffd`55cfae16 : 00000001`00dee590 00007ffd`49ef1a42 00000001`00143768 00000001`0017f9b0 : RPCRT4!Invoke+0x65
    00000001`00dee160 00007ffd`54084bd2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : RPCRT4!NdrStubCall2+0x38b
    00000001`00dee7e0 00007ffd`54080f13 : 00000000`00000001 00000001`0013f120 00000000`00000000 00007ffd`54083eb1 : combase!CStdStubBuffer_Invoke+0x99 [d:\blue_gdr\com\combase\ndr\ndrole\stub.cxx @ 1582]
    00000001`00dee810 00007ffd`53f13efc : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : combase!SyncStubInvoke+0x300 [d:\blue_gdr\com\combase\dcomrem\channelb.cxx @ 1664]
    00000001`00dee9b0 00007ffd`540811ed : 00000000`00000000 00000000`00000000 000083ad`95b58220 00000000`00000000 : combase!CCtxComChnl::ContextInvoke+0x27c [d:\blue_gdr\com\combase\dcomrem\ctxchnl.cxx @ 1377]
    00000001`00deebc0 00007ffd`5408096b : 00000001`0013f120 00007ffd`53fb3fd8 00000001`00def130 00007ffd`54080791 : combase!AppInvoke+0x18d [d:\blue_gdr\com\combase\dcomrem\channelb.cxx @ 1481]
    00000001`00deecf0 00007ffd`5408182a : 00000000`00000000 00000000`00070005 00000001`00124220 00000000`00000000 : combase!ComInvokeWithLockAndIPID+0x661 [d:\blue_gdr\com\combase\dcomrem\channelb.cxx @ 2314]
    00000001`00deef30 00007ffd`55cf2614 : 00000000`00000000 00000000`00000000 00007ffd`53fb3460 00000001`015edb20 : combase!ThreadInvoke+0x488 [d:\blue_gdr\com\combase\dcomrem\channelb.cxx @ 5488]
    00000001`00def000 00007ffd`55cf2517 : 00000002`00000002 00000fb0`00001000 00000001`00def1b8 00000000`8b0c1a26 : RPCRT4!DispatchToStubInCNoAvrf+0x14
    00000001`00def050 00007ffd`55d06ebf : 00000001`00142fb0 00000000`00000000 00000001`00000000 00000001`001318a0 : RPCRT4!RPC_INTERFACE:ispatchToStubWorker+0x177
    00000001`00def150 00007ffd`55cf2cc1 : 00000000`8b0c1a26 00000001`001318a0 00000000`00000000 00000001`001318a0 : RPCRT4!LRPC_SCALL:ispatchRequest+0x531
    00000001`00def250 00007ffd`55cf2a97 : 0000159d`00000000 00000000`00000001 00000001`00000000 00000000`00000000 : RPCRT4!LRPC_SCALL::HandleRequest+0x201
    00000001`00def300 00007ffd`55cf1d04 : 00000001`00120c80 00000000`00000002 00007ffd`55d49b24 00000000`00000000 : RPCRT4!LRPC_SASSOCIATION::HandleRequest+0x237
    00000001`00def390 00007ffd`55cf1afe : 00000001`00def758 00000000`00000000 ffffffff`ffffffff 00007ffd`55d49b24 : RPCRT4!LRPC_ADDRESS::ProcessIO+0x36d
    00000001`00def4d0 00007ffd`5622af76 : 00000000`00000001 00000000`00000000 00000000`7ffe03b0 00000001`00def588 : RPCRT4!LrpcIoComplete+0xae
    00000001`00def570 00007ffd`562291e3 : 00000000`00000000 00000000`00000000 00000000`00000000 00000001`001eeb80 : ntdll!TppAlpcpExecuteCallback+0x1d6
    00000001`00def5e0 00007ffd`559716ad : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!TppWorkerThread+0x3b3
    00000001`00def9d0 00007ffd`56274629 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0xd
    00000001`00defa00 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d


    STACK_COMMAND: kb

    FOLLOWUP_NAME: MachineOwner

    IMAGE_VERSION:

    FAILURE_BUCKET_ID: 0xEF_WmiPrvSE.exe_IMAGE_wininit.exe

    BUCKET_ID: 0xEF_WmiPrvSE.exe_IMAGE_wininit.exe

    ANALYSIS_SOURCE: KM

    FAILURE_ID_HASH_STRING: km:0xef_wmiprvse.exe_image_wininit.exe

    FAILURE_ID_HASH: {dd961e7f-9fb2-75de-5c19-5602ba5ccdd2}

    Followup: MachineOwner
    ---------
    Jason

  • #2
    Re: Server crashed trying to find the cause

    The dump file isn't being too helpful....

    Try some of these links: http://www.bing.com/search?q=a+criti...1f3678177d18c9
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: Server crashed trying to find the cause

      I know there isn't much there, its from a 2012 file server. Running on VMware, no new S/W or hardware. All the pages I ever find are if you recently added any new .... of course are completely useless.

      Comment


      • #4
        Re: Server crashed trying to find the cause

        Have you tried stripping out anti-virus software and all utility software so that just the essentials are there?

        Also, you don't describe the conditions under which the server crashes - immediately after startup, after xxmins/hrs, when you do a particular task? This info would be very useful.
        A recent poll suggests that 6 out of 7 dwarfs are not happy

        Comment


        • #5
          Re: Server crashed trying to find the cause

          I haven't removed anything yet AV etc. So far its just happened once. Its essentially just a file server although the user profiles and roaming profiles store there so when its offline the users lose their desktop etc. It had been running for weeks with no issues. No one was logged into it or doing anything on it.

          Comment


          • #6
            Re: Server crashed trying to find the cause

            Did the crash coincide with any scheduled tasks? Did it happen during work hours or out of hours? Anything in the logs? etc
            A recent poll suggests that 6 out of 7 dwarfs are not happy

            Comment


            • #7
              Re: Server crashed trying to find the cause

              No, nothing no scheduled tasks, happened about 1PM during the work day. Noting in the Logs except this memory.dmp file which I couldn't learn anything from

              Comment


              • #8
                Re: Server crashed trying to find the cause

                In the absence of any meaningful logs or data I'd start by making sure that every single driver is the latest and greatest and that the firmware for any devices attached to the system is up to date as well.

                I'd also ensure the OS is healthy.

                [Edit]
                Make sure the BIOS is up to date as well.
                A recent poll suggests that 6 out of 7 dwarfs are not happy

                Comment


                • #9
                  Re: Server crashed trying to find the cause

                  Yea I've looked at all that, plus its on VMware so no real BIOS except its simulated one from Vmware

                  Comment


                  • #10
                    Re: Server crashed trying to find the cause

                    Hopefully, those with VM experience might be able to suggest some further troubleshooting/preventative tips for you. I've never worked with VM's.
                    A recent poll suggests that 6 out of 7 dwarfs are not happy

                    Comment


                    • #11
                      Re: Server crashed trying to find the cause

                      I don't think its a VM problem, we have 8 hosts with somewhere near 60 serves and this problem on just this one

                      Comment


                      • #12
                        Re: Server crashed trying to find the cause

                        Check for installed updates.

                        According to the error log there is a driver issue.

                        What HyperVisor are you using?

                        Comment


                        • #13
                          Re: Server crashed trying to find the cause

                          There were no recent updates and we are using Vmware version 5.5

                          Comment


                          • #14
                            Re: Server crashed trying to find the cause

                            Originally posted by jason0923 View Post
                            There were no recent updates and we are using Vmware version 5.5
                            Remove VMware Tools and re-install.

                            Comment

                            Working...
                            X