Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
BSOD -STOP: 0x00000019 (0x00000020)

Answered BSOD -STOP: 0x00000019 (0x00000020)

  • Saturday, February 09, 2013 12:25 PM
     
     
    Sign In to Vote
    0

    Whenever specific application services are started server experiencing reboot with BSOD Stop error mentioned above. I have tried to analze the kernal memory dump, there are two things where it is highlighted as trouble 1 mfehidk.sys & 2 Appv.exe , but not sure which is casuing BSOD error. Any inputs would be appreciated.

    BugCheck 19, {20, e2c14408, e2c14470, c0d020a}

    Page 7afcb not present in the dump file. Type ".hh dbgerr004" for details

    Page 7af37 not present in the dump file. Type ".hh dbgerr004" for details

    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for mfehidk.sys -

    PEB is paged out (Peb.Ldr = 7ffdf00c).  Type ".hh dbgerr001" for details

    PEB is paged out (Peb.Ldr = 7ffdf00c).  Type ".hh dbgerr001" for details

    Probably caused by : mfehidk.sys ( mfehidk!DEVICEDISPATCH::LowerDispatchPassThrough+52 )

    Followup: MachineOwner

    ---------

    3: kd> !analyze -v

    *******************************************************************************

    *                                                                             *

    *                        Bugcheck Analysis                                    *

    *                                                                             *

    *******************************************************************************

    BAD_POOL_HEADER (19)

    The pool is already corrupt at the time of the current request.

    This may or may not be due to the caller.

    The internal pool links must be walked to figure out a possible cause of

    the problem, and then special pool applied to the suspect tags or the driver

    verifier to a suspect driver.

    Arguments:

    Arg1: 00000020, a pool block header size is corrupt.

    Arg2: e2c14408, The pool entry we were looking for within the page.

    Arg3: e2c14470, The next pool entry.

    Arg4: 0c0d020a, (reserved)

    Debugging Details:

    ------------------

    Page 7afcb not present in the dump file. Type ".hh dbgerr004" for details

    Page 7af37 not present in the dump file. Type ".hh dbgerr004" for details

    PEB is paged out (Peb.Ldr = 7ffdf00c).  Type ".hh dbgerr001" for details

    PEB is paged out (Peb.Ldr = 7ffdf00c).  Type ".hh dbgerr001" for details

    BUGCHECK_STR:  0x19_20

    POOL_ADDRESS:  e2c14408 Paged pool

    DEFAULT_BUCKET_ID:  DRIVER_FAULT

    PROCESS_NAME:  Appv.exe

    CURRENT_IRQL:  0

    LAST_CONTROL_TRANSFER:  from 808927bb to 80827c73

    STACK_TEXT: 

    b9ec067c 808927bb 00000019 00000020 e2c14408 nt!KeBugCheckEx+0x1b

    b9ec06e4 badc5c3c e2c14410 00000000 badc72bd nt!ExFreePoolWithTag+0x477

    b9ec079c badc5c7f 8811c008 e2a90d28 e33cecd8 Ntfs!NtfsAddDosOnlyName+0x1d1

    b9ec07d8 badd0837 8811c008 00000001 01040800 Ntfs!NtfsAddLink+0xac

    b9ec09d8 badd02ad 8811c008 880df878 888717f8 Ntfs!NtfsSetRenameInfo+0xc05

    b9ec0a4c bad9efd8 8811c008 888717f8 8b668ee8 Ntfs!NtfsCommonSetInformation+0x3f8

    b9ec0ab4 8081df75 89f782e0 888717f8 8b6da700 Ntfs!NtfsFsdSetInformation+0xa3

    b9ec0ac8 baf00c45 8b6da700 888717f8 00000000 nt!IofCallDriver+0x45

    b9ec0af0 8081df75 8b668ee8 888717f8 b9ec0c94 fltmgr!FltpDispatch+0x6f

    b9ec0b04 baedc702 b9ec0c94 888717f8 895e6008 nt!IofCallDriver+0x45

    WARNING: Stack unwind information not available. Following frames may be wrong.

    b9ec0b44 baea4692 b9ec0c94 880df878 895e6008 mfehidk!DEVICEDISPATCH::LowerDispatchPassThrough+0x52

    b9ec0be4 baea638f 00000001 88871988 880df878 mfehidk+0x11692

    b9ec0c80 baedce07 b9ec0c94 88871988 8b6dbca8 mfehidk+0x1338f

    b9ec0cac 8081df75 89fdca38 888717f8 00000000 mfehidk!DEVICEDISPATCH::DispatchPassThrough+0x87

    b9ec0cc0 808f115b b9ec0d64 531bfad0 808f0bbc nt!IofCallDriver+0x45

    b9ec0d48 808897fc 00001318 531bfb08 000aa318 nt!NtSetInformationFile+0x59f

    b9ec0d48 7c82845c 00001318 531bfb08 000aa318 nt!KiFastCallEntry+0xfc

    531bfb68 00000000 00000000 00000000 00000000 0x7c82845c

    STACK_COMMAND:  kb

    FOLLOWUP_IP:

    mfehidk!DEVICEDISPATCH::LowerDispatchPassThrough+52

    baedc702 3d03010000      cmp     eax,103h

    SYMBOL_STACK_INDEX:  a

    SYMBOL_NAME:  mfehidk!DEVICEDISPATCH::LowerDispatchPassThrough+52

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: mfehidk

    IMAGE_NAME:  mfehidk.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  4d2e1e3e

    FAILURE_BUCKET_ID:  0x19_20_mfehidk!DEVICEDISPATCH::LowerDispatchPassThrough+52

    BUCKET_ID:  0x19_20_mfehidk!DEVICEDISPATCH::LowerDispatchPassThrough+52

    Followup: MachineOwner

    ---------

     

All Replies

  • Monday, February 11, 2013 7:44 AM
    Moderator
     
     Answered
    Sign In to Vote
    0

    Hi,

    I would like to suggest you update the BIOS and the hardware drivers first.

    You may also analyze the dump files with Debugging Tools by yourself. You can install it and it’s Symbol Packages from the following link:

    http://www.microsoft.com/whdc/Devtools/Debugging/default.mspx

    WinDbg will tell you the possible cause. For more information, please read Microsoft KB article below:

    How to read the small memory dump files that Windows creates for debugging

    http://support.microsoft.com/kb/315263

    If no clue can be found, you may contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request. To troubleshoot this kind of kernel crash issue, we need to debug the crashed system dump. Unfortunately, debugging is beyond what we can do in the forum. Please be advised that contacting phone support will be a charged call.

    To obtain the phone numbers for specific technology request please take a look at the web site listed below:

    http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607

    Regards,

     
  • Monday, February 11, 2013 10:13 AM
     
     
    Sign In to Vote
    0

    Whenever specific application services are started server experiencing reboot with BSOD Stop error mentioned above. I have tried to analze the kernal memory dump, there are two things where it is highlighted as trouble 1 mfehidk.sys & 2 Appv.exe , but not sure which is casuing BSOD error. Any inputs would be appreciated.

    If you type mfehidk.sys into your favorite search engine, the search engine auto-completes it with "BSOD" The file appears to be from McAfee antivirus, maybe the people at those forums can help you? https://community.mcafee.com

     
  • Monday, February 11, 2013 11:20 AM
     
     
    Sign In to Vote
    0

    Mfehidk.sys is a system process that runs in the computer background and maintains the Host Intrusion Detection System for McAfee Anti-virus. To resolve the issue please contact Mcafee . Similar thread discussed here as well and seems to be a known issue.

    https://community.mcafee.com/thread/44620

    http://www.arabitpro.com