BSOD due to PROCESS_NAME: kntcma.exe and ntkrnlmp.exe
-
Thursday, October 04, 2012 3:20 AM
HI Team,
Please help to analyze this memory dump, can’t find the correct cause for this.
3: kd> ! analyze -v
ERROR: FindPlugIns 8007007b
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 80908895, The address that the exception occurred at
Arg3: b8b00c4c, Trap Frame
Arg4: 00000000Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".FAULTING_IP:
nt!NtQueryDirectoryObject+1d7
80908895 0fb74040 movzx eax,word ptr [eax+40h]TRAP_FRAME: b8b00c4c -- (.trap 0xffffffffb8b00c4c)
ErrCode = 00000000
eax=00000000 ebx=e112e058 ecx=00000000 edx=b8b00ce0 esi=8777e2a8 edi=e11d1570
eip=80908895 esp=b8b00cc0 ebp=b8b00d40 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!NtQueryDirectoryObject+0x1d7:
80908895 0fb74040 movzx eax,word ptr [eax+40h] ds:0023:00000040=????
Resetting default scopeDEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: kntcma.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 8085b8bb to 8087cc52
STACK_TEXT:
b8b00818 8085b8bb 0000008e c0000005 80908895 nt!KeBugCheckEx+0x1b
b8b00bdc 8083435c b8b00bf8 00000000 b8b00c4c nt!KiDispatchException+0x3a2
b8b00c44 80834310 b8b00d40 80908895 badb0d00 nt!CommonDispatchException+0x4a
b8b00c60 8092b572 e23d33c0 00001844 e112e408 nt!KiExceptionExit+0x186
b8b00d40 8083387f 00001844 01e91f60 00000400 nt!ExMapHandleToPointerEx+0x1e
b8b00d40 7c82845c 00001844 01e91f60 00000400 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0193eb68 00000000 00000000 00000000 00000000 0x7c82845c
STACK_COMMAND: kbFOLLOWUP_IP:
nt!NtQueryDirectoryObject+1d7
80908895 0fb74040 movzx eax,word ptr [eax+40h]SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!NtQueryDirectoryObject+1d7
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4fa2e3cd
FAILURE_BUCKET_ID: 0x8E_nt!NtQueryDirectoryObject+1d7
BUCKET_ID: 0x8E_nt!NtQueryDirectoryObject+1d7
Followup: MachineOwner
Vishwa
All Replies
-
Thursday, October 04, 2012 7:01 AM
Hi,
kntcma.exe is IBM tivoli application process. Kindly contact the vendor or post the query in the vendor specific forum.
We cannot do the debugging of the crash dump file here in the forum.
I would like to suggest that you contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607Regards,
Rafic
If you found this post helpful, please give it a "Helpful" vote.
If it answered your question, remember to mark it as an "Answer".
This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!- Proposed As Answer by Arthur_LiMicrosoft Contingent Staff, Moderator Friday, October 05, 2012 2:23 AM
- Marked As Answer by Arthur_LiMicrosoft Contingent Staff, Moderator Tuesday, October 09, 2012 6:27 AM
-
Thursday, October 04, 2012 7:16 AM
Yes its a process from IBM software that's crashing Windows please read this kb from IBM support
http://www-01.ibm.com/support/docview.wss?uid=swg21506304
If the problem does not resolves you might have to remove the IBM software and monitor the server. If it works the problem is confirmed and open a ticket from IBM as the problem has been already detected using the dmp analysis.
http://www.arabitpro.com
- Edited by Syed KhairuddinMVP Thursday, October 04, 2012 7:18 AM
-
Thursday, October 04, 2012 7:46 AM
please maintain a single thread to avoid confusions
@Moderators please merge
http://www.arabitpro.com
-
Thursday, October 04, 2012 10:23 AM
Thanks for your reply......
Vishwa
.png)
