locked
Pleaes help with a Windows 7 32-bit BSOD bugcheck/memory.dmp randomly RRS feed

Answers

  • Blaming netio.sys doesn't really do anyone any good...

    The F5 driver seems to be relatively new, but between January and now they probably released an updated version.

    1: kd> lmvm covpnwlh
    start    end        module name
    96bf7000 96bfec00   covpnwlh   (no symbols)          
        Loaded symbol image file: covpnwlh.sys
        Image path: \SystemRoot\system32\DRIVERS\covpnwlh.sys
        Image name: covpnwlh.sys
        Timestamp:        Tue Jan 04 16:22:14 2011 (4D23ABA6)
        CheckSum:         000180FB
        ImageSize:        00007C00
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4



    • Marked as answer by cp16 Thursday, April 12, 2012 2:50 PM
    Thursday, April 12, 2012 1:28 AM

All replies

  • Hello,

    The folder is empty. Please upload dump files in it.

    Please also try proceeding like that:

    • Update all possible drivers
    • Uninstall all unused programs
    • Run chkdsk /r /f and sfc /scannow
    • Perform a clean boot: http://support.microsoft.com/kb/929135
    • Disable all used security softwares
    • Run memtest86+ and check if all is okay with your RAM. If an error was detected then replace the faulty RAM or contact your manufacturer Technical Support for assistance

    You can also contact Microsoft CSS for assistance.


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    Wednesday, April 11, 2012 7:15 PM
  • Sorry, looks like my original upload hung. It should be there now, thank you!

    More details, installed is ms office 2010, adobe reader, itunes.

    Wednesday, April 11, 2012 7:35 PM
  • Use !analyze -v to get detailed debugging information.

    BugCheck 7F, {8, 8dd0c750, 0, 0}

    *** ERROR: Module load completed but symbols could not be loaded for vsdatant.sys
    *** ERROR: Module load completed but symbols could not be loaded for covpnwlh.sys
    Probably caused by : NETIO.SYS ( NETIO!CompareSecurityContexts+48 )

    Followup: MachineOwner
    ---------

    1: kd> !analyze -v

    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    UNEXPECTED_KERNEL_MODE_TRAP (7f)
    This means a trap occurred in kernel mode, and it's a trap of a kind
    that the kernel isn't allowed to have/catch (bound trap) or that
    is always instant death (double fault).  The first number in the
    bugcheck params is the number of the trap (8 = double fault, etc)
    Consult an Intel x86 family manual to learn more about what these
    traps are. Here is a *portion* of those codes:
    If kv shows a taskGate
            use .tss on the part before the colon, then kv.
    Else if kv shows a trapframe
            use .trap on that value
    Else
            .trap on the appropriate frame will show where the trap was taken
            (on x86, this will be the ebp that goes with the procedure KiTrap)
    Endif
    kb will then show the corrected stack.
    Arguments:
    Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
    Arg2: 8dd0c750
    Arg3: 00000000
    Arg4: 00000000

    Debugging Details:
    ------------------


    BUGCHECK_STR:  0x7f_8

    TSS:  00000028 -- (.tss 0x28)
    eax=9b117000 ebx=00000000 ecx=9b1170cc edx=00000000 esi=87eb397c edi=00000001
    eip=82acf2a4 esp=9b117000 ebp=9b117014 iopl=0         nv up ei pl zr na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
    nt!SepNormalAccessCheck+0x57:
    82acf2a4 ff7528          push    dword ptr [ebp+28h]  ss:0010:9b11703c=00000000
    Resetting default scope

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    PROCESS_NAME:  TunnelServer.e

    CURRENT_IRQL:  2

    LAST_CONTROL_TRANSFER:  from 82aceefa to 82acf2a4

    STACK_TEXT:  
    9b117014 82aceefa 00000000 9b117190 9b117190 nt!SepNormalAccessCheck+0x57
    9b1170bc 82acecb4 87eb3960 00000000 00000000 nt!SepAccessCheck+0x1f9
    9b117124 82ae4ad9 87eb3960 00000000 00117180 nt!SeAccessCheckWithHint+0x1f1
    9b117558 8bec96e1 87eb3960 8792d7dc 00000000 nt!SeAccessCheckFromState+0xea
    9b11759c 8bec9634 00000000 00000000 9b117638 NETIO!CompareSecurityContexts+0x48
    9b1175cc 8bec86f8 00000000 87eb3950 9b1177f8 NETIO!MatchValues+0x121
    9b1175e8 8bec8963 87eb3948 9b1177f8 9b117638 NETIO!MatchCondition+0x51
    9b11760c 8bec8a40 87ef1900 9b1178fc 878aab20 NETIO!FilterMatch+0x52
    9b11763c 8bec8865 88fd8740 9b1178fc 878aab20 NETIO!IndexListClassify+0x31
    9b11767c 8bec8218 00000000 9b1178fc 878aab20 NETIO!FindMatchingEntries+0xdc
    9b117780 8c09850b 00000030 9b1178fc 878aab20 NETIO!KfdClassify+0x195
    9b1177ac 8c04d104 9b1178fc 878aab20 87b4e018 tcpip!WfpAleClassify+0x38
    9b117918 8c04c5e4 87994b90 00000020 8c0fd488 tcpip!WfpAlepReauthorizeOutboundConnection+0x888
    9b1179b8 8c09b8aa 00000030 00000002 00000006 tcpip!WfpAleReauthorizeOutboundConnection+0x101
    9b117b70 8c0a56ae 01994b90 00000002 87994b90 tcpip!WfpAleReauthorizeConnection+0x2ac
    9b117c10 8c09258d 87994b90 00000002 87994b90 tcpip!TlShimOptionalReauthorizeConnection+0x188
    9b117c70 8c093157 87994cc8 00000000 00000002 tcpip!ProcessAleForTcpFastPath+0x7d
    9b117d1c 8c0836a6 00000006 00000002 0000cbdf tcpip!WfpProcessOutTransportStackIndication+0x17e
    9b117d84 8c083fad 00000000 890c41ac 878fb6cc tcpip!IppInspectLocalDatagramsOut+0x101
    9b117e4c 8c081181 00000000 00000007 8c106da0 tcpip!IppSendDatagramsCommon+0x5a8
    9b117e6c 8c077e0c 8792d418 9b117e88 48f6ccaf tcpip!IpNlpSendDatagrams+0x4b
    9b117fb8 8c095e56 861d4550 00000002 00000001 tcpip!TcpTcbSend+0x85a
    9b118008 8c067481 00000001 861d4550 00000000 tcpip!TcpFlushDelay+0x1f1
    9b118060 8c05f27d 861d4550 861d4648 00000001 tcpip!TcpDeliverInput+0x399
    9b1180b4 8bb92cb5 861d4550 9b1180cc 87bee750 tcpip!TcpRequestReceive+0x380
    9b1180ec 8bb8f85a 9b11810c 82a845be 87bee750 afd!WskProIRPReceive+0xaf
    9b1180f4 82a845be 87bee750 85f178e0 86127ae0 afd!AfdWskDispatchInternalDeviceControl+0x21
    9b11810c 8bb92bfd 9b118144 9b4f872b 855cd70c nt!IofCallDriver+0x63
    9b118114 9b4f872b 855cd70c 9b118138 00000002 afd!WskProAPIReceive+0x67
    9b118144 9b4ee787 86127ae0 87ae0fa0 8bb9de30 mrxsmb!SmbWskReceive+0x99
    9b118590 8bb90cbb 86127ae0 00000008 89021780 mrxsmb!SmbWskReceiveEvent+0x48f
    9b1185c4 8c078ce3 855cd6f8 00118630 9b118724 afd!WskProTLEVENTReceive+0xc4
    9b118654 8c07526d 890840dc 0000cbdf 9b118724 tcpip!TcpIndicateData+0x203
    9b1186e8 8c077154 861d4550 861d4648 9b118724 tcpip!TcpDeliverDataToClient+0x2fa
    9b11873c 8c0bc985 861d4550 861d4648 890216e0 tcpip!TcpDeliverReceive+0x96
    9b11876c 8c092902 861d4550 861d4648 890216e0 tcpip!TcpInspectReceive+0x77
    9b1187bc 8c0a8ce0 861d4550 9b1187e0 9b118818 tcpip!TcpTcbFastDatagram+0x2fd
    9b118824 8c08c438 87904428 861d4550 00118898 tcpip!TcpTcbReceive+0x142
    9b11888c 8c08cc6a 85dfe8b0 87932000 00000000 tcpip!TcpMatchReceive+0x237
    9b1188dc 8c08ccab 87904428 87932000 0000bd01 tcpip!TcpPreValidatedReceive+0x293
    9b1188f8 8c086fd5 87904428 87932000 9b118934 tcpip!TcpReceive+0x2d
    9b118908 8c08f20b 9b11891c c000023e 00000000 tcpip!TcpNlClientReceiveDatagrams+0x12
    9b118934 8c08eb56 8c106f90 9b118988 c000023e tcpip!IppDeliverListToProtocol+0x49
    9b118954 8c08cf18 8c106da0 00000006 9b118988 tcpip!IppProcessDeliverList+0x2a
    9b1189ac 8c08e9ff 8c106da0 00000006 887749e8 tcpip!IppReceiveHeaderBatch+0x1fb
    9b118a40 90eac317 85d69918 00000000 00000001 tcpip!IpFlcReceivePackets+0xbe5
    9b118acc 8be7718d 02abb1e4 00000000 00000000 wanarp!WanNdisReceivePackets+0x4f7
    9b118b04 8be65405 88619a60 890615b0 00000000 ndis!ndisMIndicateNetBufferListsToOpen+0x188
    9b118c90 8be10c1d 87f460e0 88619a60 00000000 ndis!ndisMDispatchReceiveNetBufferLists+0x7c
    9b118cac 8be4156a 87f460e0 890615b0 00000000 ndis!ndisMTopReceiveNetBufferLists+0x2d
    9b118cc8 8be41504 8861b558 890615b0 00000000 ndis!ndisFilterIndicateReceiveNetBufferLists+0x46
    9b118ce4 90618d17 8861b558 890615b0 00000000 ndis!NdisFIndicateReceiveNetBufferLists+0x2f
    9b118d20 8be4156a 88610800 890615b0 00000000 pacer!PcFilterReceiveNetBufferLists+0xcf
    9b118d3c 8be41504 8860cc98 890615b0 00000000 ndis!ndisFilterIndicateReceiveNetBufferLists+0x46
    9b118d58 90e21f7a 8860cc98 890615b0 00000000 ndis!NdisFIndicateReceiveNetBufferLists+0x2f
    WARNING: Stack unwind information not available. Following frames may be wrong.
    9b118d90 8be7ce94 0061b008 010615b0 00000000 vsdatant+0x10f7a
    9b118ddc 96ba7776 02f460e0 9b118e18 00000001 ndis!ndisMIndicatePacketsToNetBufferLists+0xea
    9b118e1c 96ba7a44 02e15610 000005b4 886910c0 ndiswan!IndicateRecvPacket+0x2b5
    9b118e50 96ba86f9 88e15610 8602f800 8863cca4 ndiswan!ProcessPPPFrame+0x124
    9b118e70 96ba5d11 88e15008 8602f800 8863cc60 ndiswan!ReceivePPP+0xb3
    9b118ea0 8be3f5b5 87a19078 000005bc 000005bc ndiswan!ProtoCoReceivePacket+0x226
    9b118ed0 8be9e8a4 882399a8 8869d178 00000001 ndis!ndisMCoIndicateReceiveNdisPacketToNdisPacket+0xda
    9b118ee4 96bf8248 882399a8 8869d170 00000003 ndis!NdisMCoIndicateReceivePacket+0x15
    9b118f00 96bf901f 88699000 00000fff 88699000 covpnwlh+0x1248
    9b118f1c 96bf9091 00000000 00000000 00000000 covpnwlh+0x201f
    9b118f54 82ac5933 00000000 00000000 88699000 covpnwlh+0x2091
    9b118f9c 907e4998 85cf11a8 85bd6698 9b119170 nt!IopfCompleteRequest+0x128
    9b118fb4 8c06090e 02790cc0 00000000 00000fff tdx!TdxReceiveConnectionTlRequestComplete+0xde
    9b11902c 8c067a79 85bd6698 00000000 85cf11a8 tcpip!TcpCompleteClientReceiveRequest+0x1c
    9b119170 8c074fec 85cf11a8 00000000 85cf12a0 tcpip!TcpSatisfyReceiveRequests+0x59f
    9b11920c 8c077154 85cf11a8 85cf12a0 9b119248 tcpip!TcpDeliverDataToClient+0x79
    9b119260 8c0bc985 85cf11a8 85cf12a0 8601fdd0 tcpip!TcpDeliverReceive+0x96
    9b119290 8c092902 85cf11a8 85cf12a0 8601fdd0 tcpip!TcpInspectReceive+0x77
    9b1192e0 8c0a8ce0 85cf11a8 9b119304 9b11933c tcpip!TcpTcbFastDatagram+0x2fd
    9b119348 8c08c438 87904428 85cf11a8 001193bc tcpip!TcpTcbReceive+0x142


    STACK_COMMAND:  .tss 0x28 ; kb

    FOLLOWUP_IP:
    NETIO!CompareSecurityContexts+48
    8bec96e1 817d08220000c0  cmp     dword ptr [ebp+8],0C0000022h

    SYMBOL_STACK_INDEX:  4

    SYMBOL_NAME:  NETIO!CompareSecurityContexts+48

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: NETIO

    IMAGE_NAME:  NETIO.SYS

    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce78963

    FAILURE_BUCKET_ID:  0x7f_8_NETIO!CompareSecurityContexts+48

    BUCKET_ID:  0x7f_8_NETIO!CompareSecurityContexts+48

    Followup: MachineOwner
    ---------

    ------------------------------------------------------

    The BSOD was caused when TunnelServer.exe process was running. More here: http://systemexplorer.net/db/tunnelserver.exe.html

    Start by updating the driver covpnwlh.sys driver: http://systemexplorer.net/db/covpnwlh.sys.html

    Also uninstall Zone Alarm. If this does not help then uninstall F5 Networks TunnelServer and check results.

    You can also contact Microsoft CSS for assistance.


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    Wednesday, April 11, 2012 7:53 PM
  • Blaming netio.sys doesn't really do anyone any good...

    The F5 driver seems to be relatively new, but between January and now they probably released an updated version.

    1: kd> lmvm covpnwlh
    start    end        module name
    96bf7000 96bfec00   covpnwlh   (no symbols)          
        Loaded symbol image file: covpnwlh.sys
        Image path: \SystemRoot\system32\DRIVERS\covpnwlh.sys
        Image name: covpnwlh.sys
        Timestamp:        Tue Jan 04 16:22:14 2011 (4D23ABA6)
        CheckSum:         000180FB
        ImageSize:        00007C00
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4



    • Marked as answer by cp16 Thursday, April 12, 2012 2:50 PM
    Thursday, April 12, 2012 1:28 AM
  • Thank you.  Weird because we have other Dell 6420s that do not have this problem although this one is brand new and included with other hardware the others don't have bluetooth/web cam.  Only other difference is we just installed Checkpoint Full Disk Encryption as well.  She can work all day in the office but using F5 it randomly blue screens.  Will look to F5 for a patch or fix.  Thanks again.
    Thursday, April 12, 2012 2:51 PM