none
Help - Server Crashes several times a week - [Dump files] RRS feed

  • Question

  • The server that the business I work for has been failing for the last ~2 months. Me (the IT guy in charge, but mostly web manteinance tasks) has been trying to fix it with no luck. I would need some professional help in order to find what is going on and what's failing. At first I thought it was the kaspersky center panel, but it wasn't as the bluescreen keeps happening. 

    I link here the 3 last dump files. 

    https://filebin.net/y8690qjmz9pdleib (Can't post links as my account is not verified yet)

    I beg you help finding the issue behind the problem. 


    Monday, December 30, 2019 9:16 AM

All replies

  • WinDbg report:


    Microsoft (R) Windows Debugger Version 10.0.18362.1 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Users\Administrador\Desktop\123019-21262-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: srv*
    Executable search path is: 
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
    Product: LanManNt, suite: TerminalServer SingleUserTS
    Built by: 7601.17803.amd64fre.win7sp1_gdr.120330-1504
    Machine Name:
    Kernel base = 0xfffff800`02408000 PsLoadedModuleList = 0xfffff800`0264c670
    Debug session time: Mon Dec 30 07:09:28.404 2019 (UTC + 0:00)
    System Uptime: 2 days 16:06:14.997
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ................
    Loading User Symbols
    Loading unloaded module list
    ......
    For analysis of this file, run !analyze -v
    4: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    IRQL_NOT_LESS_OR_EQUAL (a)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If a kernel debugger is available get the stack backtrace.
    Arguments:
    Arg1: 0000000000000000, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000001, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
    Arg4: fffff8000246431e, address which referenced memory

    Debugging Details:
    ------------------


    KEY_VALUES_STRING: 1


    PROCESSES_ANALYSIS: 1

    SERVICE_ANALYSIS: 1

    STACKHASH_ANALYSIS: 1

    TIMELINE_ANALYSIS: 1


    DUMP_CLASS: 1

    DUMP_QUALIFIER: 400

    BUILD_VERSION_STRING:  7601.17803.amd64fre.win7sp1_gdr.120330-1504

    SYSTEM_MANUFACTURER:  IBM

    SYSTEM_PRODUCT_NAME:  System x3300 M4 -[7382E3G]-

    SYSTEM_VERSION:  05

    BIOS_VENDOR:  IBM

    BIOS_VERSION:  -[YAE124BUS-1.10]-

    BIOS_DATE:  11/21/2012

    BASEBOARD_MANUFACTURER:  IBM

    BASEBOARD_PRODUCT:  00J6741

    DUMP_TYPE:  2

    BUGCHECK_P1: 0

    BUGCHECK_P2: 2

    BUGCHECK_P3: 1

    BUGCHECK_P4: fffff8000246431e

    WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800026b6100
    Unable to get MmSystemRangeStart
    GetUlongPtrFromAddress: unable to read from fffff800026b62e0
    GetUlongPtrFromAddress: unable to read from fffff800026b6490
    GetPointerFromAddress: unable to read from fffff800026b60b8
     0000000000000000 

    CURRENT_IRQL:  2

    FAULTING_IP: 
    nt!ExDeleteResourceLite+ce
    fffff800`0246431e 488908          mov     qword ptr [rax],rcx

    CPU_COUNT: 8

    CPU_MHZ: 898

    CPU_VENDOR:  GenuineIntel

    CPU_FAMILY: 6

    CPU_MODEL: 2d

    CPU_STEPPING: 7

    CPU_MICROCODE: 6,2d,7,0 (F,M,S,R)  SIG: 70D'00000000 (cache) 70D'00000000 (init)

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT_SERVER

    BUGCHECK_STR:  0xA

    PROCESS_NAME:  svchost.exe

    ANALYSIS_SESSION_HOST:  PCGM

    ANALYSIS_SESSION_TIME:  12-30-2019 11:43:30.0651

    ANALYSIS_VERSION: 10.0.18362.1 amd64fre

    TRAP_FRAME:  fffff8800683aa70 -- (.trap 0xfffff8800683aa70)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
    rdx=0000000000000024 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff8000246431e rsp=fffff8800683ac00 rbp=fffffa801d22eae0
     r8=0000000000000000  r9=0000000000000000 r10=fffffa801dc9c010
    r11=fffffa801da8f5c0 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl zr na po nc
    nt!ExDeleteResourceLite+0xce:
    fffff800`0246431e 488908          mov     qword ptr [rax],rcx ds:00000000`00000000=????????????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from fffff80002486769 to fffff800024871c0

    STACK_TEXT:  
    fffff880`0683a928 fffff800`02486769 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
    fffff880`0683a930 fffff800`024853e0 : fffffa80`0f1c5160 fffff800`02497f7c 00000000`00000000 fffffa80`1294aa38 : nt!KiBugCheckDispatch+0x69
    fffff880`0683aa70 fffff800`0246431e : fffffa80`1294aa38 00000000`00000005 00000000`00000020 fffffa80`1294aa20 : nt!KiPageFault+0x260
    fffff880`0683ac00 fffff880`02f535ac : fffffa80`1d22e8d0 fffffa80`1d22eae0 00000000`00000000 fffffa80`1294aa38 : nt!ExDeleteResourceLite+0xce
    fffff880`0683ac60 fffff880`02f533c3 : fffffa80`0e3246a0 fffffa80`0e3246a0 fffffa80`1294aa20 00000000`00000000 : termdd!IcaDereferenceChannel+0x8c
    fffff880`0683aca0 fffff880`02f52e01 : fffffa80`22657160 00000000`000000c0 fffff8a0`0248e000 fffff880`0683aee0 : termdd!IcaChannelInputInternal+0x5af
    fffff880`0683ad80 fffff880`04781188 : fffff8a0`104e9010 fffff880`02f57d6c fffffa80`1273e9a0 fffffa80`111f9210 : termdd!IcaChannelInput+0xdd
    fffff880`0683adc0 fffff880`0475e708 : 00000000`00000000 fffff800`00000001 00000000`00000000 00000000`00000000 : RDPWD!SignalBrokenConnection+0x54
    fffff880`0683ae20 fffff880`02f52d8f : fffffa80`22657160 fffffa80`1273ec80 fffffa80`1273e9a0 00000000`c000013c : RDPWD!WDLIB_MCSIcaChannelInput+0x90
    fffff880`0683ae70 fffff880`04bcf6a4 : fffffa80`1273ec80 fffffa80`1273ec80 fffffa80`1273e9a0 fffffa80`1273ec80 : termdd!IcaChannelInput+0x6b
    fffff880`0683aeb0 fffff880`02f56f3e : fffffa80`125637b0 fffffa80`1d3284a0 fffffa80`1dc9c010 fffffa80`12ea41b0 : tdtcp!TdInputThread+0x64c
    fffff880`0683b730 fffff880`02f55ae3 : fffffa80`1271da30 fffffa80`12ea41b0 fffffa80`0dfb57b0 fffffa80`1dc9c010 : termdd!IcaDriverThread+0x5a
    fffff880`0683b760 fffff880`02f549e9 : fffffa80`1d7129c0 fffff880`0683b898 fffff880`0683b8a0 00000000`00000000 : termdd!IcaDeviceControlStack+0x827
    fffff880`0683b840 fffff880`02f54689 : 00000000`00000000 fffffa80`12ea41b0 00000000`00000000 00000000`00000000 : termdd!IcaDeviceControl+0x75
    fffff880`0683b890 fffff800`0279d717 : fffffa80`21417c60 fffffa80`21417c60 fffff880`0683bb60 fffffa80`21417c60 : termdd!IcaDispatch+0x215
    fffff880`0683b8d0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x607


    THREAD_SHA1_HASH_MOD_FUNC:  667eb52ad21a7c2ac034a1ed2196891dd688ee61

    THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  a334102cd7a9decb5abd5b89cfc6a43e3e8f8c1b

    THREAD_SHA1_HASH_MOD:  af6312e080fbb73ebf4dd532950145b71141b782

    FOLLOWUP_IP: 
    termdd!IcaDereferenceChannel+8c
    fffff880`02f535ac 488d8f80000000  lea     rcx,[rdi+80h]

    FAULT_INSTR_CODE:  808f8d48

    SYMBOL_STACK_INDEX:  4

    SYMBOL_NAME:  termdd!IcaDereferenceChannel+8c

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: termdd

    IMAGE_NAME:  termdd.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce7ab0c

    IMAGE_VERSION:  6.1.7601.17514

    STACK_COMMAND:  .thread ; .cxr ; kb

    FAILURE_BUCKET_ID:  X64_0xA_termdd!IcaDereferenceChannel+8c

    BUCKET_ID:  X64_0xA_termdd!IcaDereferenceChannel+8c

    PRIMARY_PROBLEM_CLASS:  X64_0xA_termdd!IcaDereferenceChannel+8c

    TARGET_TIME:  2019-12-30T07:09:28.000Z

    OSBUILD:  7601

    OSSERVICEPACK:  1000

    SERVICEPACK_NUMBER: 0

    OS_REVISION: 0

    SUITE_MASK:  272

    PRODUCT_TYPE:  2

    OSPLATFORM_TYPE:  x64

    OSNAME:  Windows 7

    OSEDITION:  Windows 7 LanManNt (Service Pack 1) TerminalServer SingleUserTS

    OS_LOCALE:  

    USER_LCID:  0

    OSBUILD_TIMESTAMP:  2012-03-31 03:55:24

    BUILDDATESTAMP_STR:  120330-1504

    BUILDLAB_STR:  win7sp1_gdr

    BUILDOSVER_STR:  6.1.7601.17803.amd64fre.win7sp1_gdr.120330-1504

    ANALYSIS_SESSION_ELAPSED_TIME:  6074

    ANALYSIS_SOURCE:  KM

    FAILURE_ID_HASH_STRING:  km:x64_0xa_termdd!icadereferencechannel+8c

    FAILURE_ID_HASH:  {0e0a6b09-07d9-7685-e187-4788a0a5ff41}

    Followup:     MachineOwner
    ---------

    4: kd> lmvm termdd
    Browse full module list
    start             end                 module name
    fffff880`02f50000 fffff880`02f64000   termdd     (pdb symbols)          C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\sym\termdd.pdb\F0AB64EA94314CFDB4173FF70114F37E1\termdd.pdb
        Loaded symbol image file: termdd.sys
        Mapped memory image file: C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\sym\termdd.sys\4CE7AB0C14000\termdd.sys
        Image path: \SystemRoot\system32\drivers\termdd.sys
        Image name: termdd.sys
        Browse all global symbols  functions  data
        Timestamp:        Sat Nov 20 03:03:40 2010 (4CE7AB0C)
        CheckSum:         00019E15
        ImageSize:        00014000
        File version:     6.1.7601.17514
        Product version:  6.1.7601.17514
        File flags:       0 (Mask 3F)
        File OS:          40004 NT Win32
        File type:        3.7 Driver
        File date:        00000000.00000000
        Translations:     0409.04b0
        Information from resource tables:
            CompanyName:      Microsoft Corporation
            ProductName:      Microsoft® Windows® Operating System
            InternalName:     termdd.sys
            OriginalFilename: termdd.sys
            ProductVersion:   6.1.7601.17514
            FileVersion:      6.1.7601.17514 (win7sp1_rtm.101119-1850)
            FileDescription:  Remote Desktop Server Driver
            LegalCopyright:   © Microsoft Corporation. All rights reserved.

    Monday, December 30, 2019 12:08 PM
  • HI
    1.from your dump file ,termdd.sys cause your issue .
    when the problem happen,is there any more event log on issue server at this issue time or before this issue time ?
    event viewer\windows logs\
    application
    system
    2.
    0).open Command Prompt as Admin.
    1).enter sfc /scannow    and wait it finish to fix manifest and system file then go to step 2.
    2).Now type the following commands to stop Windows Update Services and then hit Enter after each one:
    net stop wuauserv
    net stop cryptSvc
    net stop bits
    net stop msiserver
    3).Next, type the following command to rename SoftwareDistribution Folder and then hit Enter:
    ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
    ren C:\Windows\System32\catroot2 catroot2.old
    4).Finally, type the following command to start Windows Update Services and hit Enter after each one:
    net start wuauserv
    net start cryptSvc
    net start bits
    net start msiserver
    5).restart your system
    3. please ensure the latest update has been installed to avoid known issue
    4.can you enter winver in command prompt on your issue server and look the os version and os version number ?[for example windows 10  enterprise 1809 (os build 17763.316)]
    5.we can enter below command in command prompt(open as admin) then check if we can find error
    sfc scannow
    dism /online /cleanup-image /scanhealth  
    dism /online /cleanup-image /restorehealth

    Best Regards
    Andy YOU
    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, December 31, 2019 7:40 AM
    Moderator
  • HI
    Is there any progress on your question?

    Best Regards
    Andy YOU
    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, January 1, 2020 10:34 AM
    Moderator
  • HI
    Is there anything to help you?

    Best Regards
    Andy YOU
    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, January 3, 2020 2:32 AM
    Moderator