none
Windows Server 2008 R2 - BSOD 0x1D - Caused by RASPPTP.SYS

    Question

  • Dear friends, good morning!

    We use a Windows Server 2008 R2 with Microsoft Fofront Threat Management Gateway (TMG) to concentrate some branch offices VPNs.

    Today this server stopped working and rebooted.

    I analyzed the MEMORY.DMP file and I noticed that it was caused by RASPPTP.SYS file while it was trying to release some memory buffer.

    I'm pasting the MEMORY.DMP file content below.

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 0000000000000024, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
    Arg4: fffff880035ce05f, address which referenced memory

    Debugging Details:
    ------------------


    WRITE_ADDRESS:  0000000000000024

    CURRENT_IRQL:  2

    FAULTING_IP:
    raspptp!FreeBufferToPool+4f
    fffff880`035ce05f ff4024          inc     dword ptr [rax+24h]

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    BUGCHECK_STR:  0xD1

    PROCESS_NAME:  System

    TRAP_FRAME:  fffff88006175a60 -- (.trap 0xfffff88006175a60)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000000 rbx=0000000000000000 rcx=fffffa8004f1e2e0
    rdx=fffff8000187c200 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff880035ce05f rsp=fffff88006175bf0 rbp=0000000000000001
    r8=0000000000000001  r9=0000000000000000 r10=0000000000001255
    r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl zr na po nc
    raspptp!FreeBufferToPool+0x4f:
    fffff880`035ce05f ff4024          inc     dword ptr [rax+24h] ds:1088:0024=????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from fffff800016d61a9 to fffff800016d6c00

    STACK_TEXT: 
    fffff880`06175918 fffff800`016d61a9 : 00000000`0000000a 00000000`00000024 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
    fffff880`06175920 fffff800`016d4e20 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`04f1e2b0 : nt!KiBugCheckDispatch+0x69
    fffff880`06175a60 fffff880`035ce05f : fffffa80`06a873b8 00000000`00000000 fffff800`0187c1e0 fffffa80`04f1e2b0 : nt!KiPageFault+0x260
    fffff880`06175bf0 fffff880`035e833e : fffffa80`06fe9dc0 00000000`00000031 fffffa80`06a873b8 fffffa80`06a873a8 : raspptp!FreeBufferToPool+0x4f
    fffff880`06175c20 fffff880`035dcfcd : fffffa80`06a873b8 fffff880`06175ce8 fffffa80`0951dde0 fffffa80`06a87310 : raspptp!ReceiveDataComplete+0x2e
    fffff880`06175c50 fffff800`016e0251 : fffff800`0187c280 fffff800`0187c200 fffffa80`06a877e8 00000000`00000000 : raspptp!CallProcessRxPackets+0x15d
    fffff880`06175cb0 fffff800`01974ede : fffffa80`09990c60 fffffa80`07d1c800 00000000`00000080 fffffa80`03caf840 : nt!ExpWorkerThread+0x111
    fffff880`06175d40 fffff800`016c7906 : fffff800`01851e80 fffffa80`07d1c800 fffffa80`08eb5040 00000000`00000246 : nt!PspSystemThreadStartup+0x5a
    fffff880`06175d80 00000000`00000000 : fffff880`06176000 fffff880`06170000 fffff880`061759e0 00000000`00000000 : nt!KxStartSystemThread+0x16


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    raspptp!FreeBufferToPool+4f
    fffff880`035ce05f ff4024          inc     dword ptr [rax+24h]

    SYMBOL_STACK_INDEX:  3

    SYMBOL_NAME:  raspptp!FreeBufferToPool+4f

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: raspptp

    IMAGE_NAME:  raspptp.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce7a86f

    FAILURE_BUCKET_ID:  X64_0xD1_raspptp!FreeBufferToPool+4f

    BUCKET_ID:  X64_0xD1_raspptp!FreeBufferToPool+4f

    Followup: MachineOwner

    Operating System: Windows Server 2008 R2 x64 with SP1

    Server Roles: Firewall (TMG), NPAS (RRAS and NPS)

    TMG Version: Enterprise 7.0.9193.575 (used like an stand alone version)

    Hardware: HP Proliant DL 120 G6

    Memory: 4GB RAM

    NICs: 2 HP NC 107i NICs with Driver Version 15.4.0.19

    Could someone, please, give me some clue to try to solve this issue?

    Thanks a lot and best regards to everyone!


    Rogerio Silva .::. MCSE / MCTS / MCSA+M / MCT CompuNext Informatica Recife


    • Edited by Rogerio R. Silva Monday, July 01, 2013 3:05 PM Correcting server model
    Thursday, June 27, 2013 7:25 PM

All replies

  • DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

     

    You might have installed incorrect/incompatible driver. Undo any changes to the drivers may solve the problem. you can monitor your TMG server for some more days. If it keeps crashing on the same RASPPTP.SYS file, please contact Microsoft Customer Support Service (CSS) if you need any help on dump file debugging. To obtain the phone numbers for specific technology request, please refer to the website listed below: http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS If you are outside the US, please refer to http://support.microsoft.com for regional support phone numbers.


    TechNet Subscriber Support |If you have any feedback on Technet forum, please contact tnmff@microsoft.com.


    Friday, June 28, 2013 5:42 AM
  • Dear Zhang, how are you?

    No changes were made to any drivers on this system. This server uptime was more than 60 days.

    I believe this happened while some VPN disconnected from our server. We use Mikrotik router to stablish these VPNs.

    I found this article: http://support.microsoft.com/kb/2625737/en-us. I don't know if it is applicable, 'cause we are using these Mikrotik routers.

    I see that there is a problem with raspptp.sys RRAS PPTP VPN driver when it tries to release a buffer, placing some information on the server's memory. It is a problem with a Windows System driver.

    Do you believe there will be costs on case opening in Microsoft's PSS?

    Thanks a lot and best regards!


    Rogerio Silva .::. MCSE / MCTS / MCSA+M / MCT CompuNext Informatica Recife

    Friday, June 28, 2013 12:01 PM
  • Please upgrade the NIC drivers and check again 
    Monday, July 01, 2013 10:35 AM
  • Hi Syed. How are you? I hope you're fine.

    Dear friend, I searched HP and Broadcom websites, but there's no update for the NIC driver.

    As shown in the dump result, I believe there are two options for this issue:

    1. RASPPTP.SYS has a memory handling development issue
    2. The machine has a hardware issue

    The memory tests we did to this machine didn't bring a bit of change. So, I believe that there's a problem with RASPPTP.SYS.

    Well... I applied the hotfix described in the article I described before.

    I'll be monitoring this machine to see if the problem persists.

    Thanks a lot and best regards!


    Rogerio Silva .::. MCSE / MCTS / MCSA+M / MCT CompuNext Informatica Recife

    Monday, July 01, 2013 11:27 PM