none
Can anyone confirm this is correct? RRS feed

  • Question

  • Can anyone confirm I'm interpreting this correctly? This is the latest dump from windows 2003 Server.. when it BSOD'ed:

    Loading Dump File [C:\Program Files\Debugging Tools for Windows (x64)\File Server Blue Screen\032119-29827-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: https://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
    Product: Server, suite: TerminalServer SingleUserTS
    Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
    Machine Name:
    Kernel base = 0xfffff800`01668000 PsLoadedModuleList = 0xfffff800`018ade90
    Debug session time: Thu Mar 21 09:02:38.585 2019 (UTC + 8:00)
    System Uptime: 82 days 23:48:02.068
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ...........
    Loading User Symbols
    Loading unloaded module list
    ..............................
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 1E, {0, 0, 0, 0}

    Unable to load image \SystemRoot\system32\DRIVERS\snapman.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for snapman.sys
    *** ERROR: Module load completed but symbols could not be loaded for snapman.sys
    Unable to load image \SystemRoot\system32\DRIVERS\stcvsm.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for stcvsm.sys
    *** ERROR: Module load completed but symbols could not be loaded for stcvsm.sys
    Probably caused by : snapman.sys ( snapman+19089 )

    Followup: MachineOwner
    ---------

    4: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    KMODE_EXCEPTION_NOT_HANDLED (1e)
    This is a very common bugcheck.  Usually the exception address pinpoints
    the driver/function that caused the problem.  Always note this address
    as well as the link date of the driver/image that contains this address.
    Arguments:
    Arg1: 0000000000000000, The exception code that was not handled
    Arg2: 0000000000000000, The address that the exception occurred at
    Arg3: 0000000000000000, Parameter 0 of the exception
    Arg4: 0000000000000000, Parameter 1 of the exception

    Debugging Details:
    ------------------


    EXCEPTION_CODE: (Win32) 0 (0) - The operation completed successfully.

    FAULTING_IP:
    +6236346135346235
    00000000`00000000 ??              ???

    EXCEPTION_PARAMETER1:  0000000000000000

    EXCEPTION_PARAMETER2:  0000000000000000

    ERROR_CODE: (NTSTATUS) 0 - STATUS_WAIT_0

    BUGCHECK_STR:  0x1E_0

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP

    PROCESS_NAME:  System

    CURRENT_IRQL:  2

    LAST_CONTROL_TRANSFER:  from fffff800016dfffe to fffff800016e8610

    STACK_TEXT: 
    fffff880`01f66838 fffff800`016dfffe : 00000000`00000003 00000000`0000000c fffff880`01f67040 fffff800`017142a0 : nt!KeBugCheck
    fffff880`01f66840 fffff800`01713f6d : fffff800`018efa10 fffff800`0182bc78 fffff800`01668000 fffff880`01f66fa0 : nt!KiKernelCalloutExceptionHandler+0xe
    fffff880`01f66870 fffff800`01712d45 : fffff800`0182f0fc fffff880`01f668e8 fffff880`01f66fa0 fffff800`01668000 : nt!RtlpExecuteHandlerForException+0xd
    fffff880`01f668a0 fffff800`01716036 : fffff880`01f66fa0 fffff880`01f67040 00000000`00000001 fffff880`00000015 : nt!RtlDispatchException+0x415
    fffff880`01f66f80 fffff800`016f37c1 : 00000000`00000000 fffffa80`18d27100 fffffa80`00000000 fffff880`018ff002 : nt!RtlRaiseStatus+0x4e
    fffff880`01f67520 fffff880`018ff089 : 00000000`00000001 fffffa80`00000001 fffff880`01f3f180 fffff880`01911100 : nt!KeReleaseMutant+0x281
    fffff880`01f675d0 00000000`00000001 : fffffa80`00000001 fffff880`01f3f180 fffff880`01911100 fffffa80`17b93c30 : snapman+0x19089
    fffff880`01f675d8 fffffa80`00000001 : fffff880`01f3f180 fffff880`01911100 fffffa80`17b93c30 fffff880`018fa767 : 0x1
    fffff880`01f675e0 fffff880`01f3f180 : fffff880`01911100 fffffa80`17b93c30 fffff880`018fa767 ffffd8f0`00002710 : 0xfffffa80`00000001
    fffff880`01f675e8 fffff880`01911100 : fffffa80`17b93c30 fffff880`018fa767 ffffd8f0`00002710 fffff880`013b3f6f : 0xfffff880`01f3f180
    fffff880`01f675f0 fffffa80`17b93c30 : fffff880`018fa767 ffffd8f0`00002710 fffff880`013b3f6f fffffa80`1b0d1900 : snapman+0x2b100
    fffff880`01f675f8 fffff880`018fa767 : ffffd8f0`00002710 fffff880`013b3f6f fffffa80`1b0d1900 fffffa80`17b93c30 : 0xfffffa80`17b93c30
    fffff880`01f67600 ffffd8f0`00002710 : fffff880`013b3f6f fffffa80`1b0d1900 fffffa80`17b93c30 fffff880`009bf180 : snapman+0x14767
    fffff880`01f67608 fffff880`013b3f6f : fffffa80`1b0d1900 fffffa80`17b93c30 fffff880`009bf180 fffff880`0190459a : 0xffffd8f0`00002710
    fffff880`01f67610 fffffa80`1b0d1900 : fffffa80`17b93c30 fffff880`009bf180 fffff880`0190459a fffffa80`1b0d19f8 : stcvsm+0xdf6f
    fffff880`01f67618 fffffa80`17b93c30 : fffff880`009bf180 fffff880`0190459a fffffa80`1b0d19f8 fffffa80`1b0d19f8 : 0xfffffa80`1b0d1900
    fffff880`01f67620 fffff880`009bf180 : fffff880`0190459a fffffa80`1b0d19f8 fffffa80`1b0d19f8 fffffa80`17b93c30 : 0xfffffa80`17b93c30
    fffff880`01f67628 fffff880`0190459a : fffffa80`1b0d19f8 fffffa80`1b0d19f8 fffffa80`17b93c30 fffffa80`17a7ec70 : 0xfffff880`009bf180
    fffff880`01f67630 fffffa80`1b0d19f8 : fffffa80`1b0d19f8 fffffa80`17b93c30 fffffa80`17a7ec70 fffff880`01f67710 : snapman+0x1e59a
    fffff880`01f67638 fffffa80`1b0d19f8 : fffffa80`17b93c30 fffffa80`17a7ec70 fffff880`01f67710 00000000`00000000 : 0xfffffa80`1b0d19f8
    fffff880`01f67640 fffffa80`17b93c30 : fffffa80`17a7ec70 fffff880`01f67710 00000000`00000000 fffff880`01f676d8 : 0xfffffa80`1b0d19f8
    fffff880`01f67648 fffffa80`17a7ec70 : fffff880`01f67710 00000000`00000000 fffff880`01f676d8 fffff880`01903f72 : 0xfffffa80`17b93c30
    fffff880`01f67650 fffff880`01f67710 : 00000000`00000000 fffff880`01f676d8 fffff880`01903f72 00000000`00000001 : 0xfffffa80`17a7ec70
    fffff880`01f67658 00000000`00000000 : fffff880`01f676d8 fffff880`01903f72 00000000`00000001 00000000`00000000 : 0xfffff880`01f67710


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    snapman+19089
    fffff880`018ff089 ??              ???

    SYMBOL_STACK_INDEX:  6

    SYMBOL_NAME:  snapman+19089

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: snapman

    IMAGE_NAME:  snapman.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  45265d99

    FAILURE_BUCKET_ID:  X64_0x1E_0_snapman+19089

    BUCKET_ID:  X64_0x1E_0_snapman+19089

    Followup: MachineOwner

    ---------

    snapman.sys belongs to Acronis Snapshot manager..

    I'm addition should I be concerned about the 'Process Name'  if its 'System' ?

    Additionally, is the 'Image Name' and/or module Name sufficient enough?

    Friday, August 23, 2019 12:30 AM

Answers

  • "should I be concerned about the 'Process Name'  if its 'System' ?"

    Only if the Acronis software is not installed to run under System.  Running administrative and management programs under system is a very common practice.  It is also the reason they can cause a BSOD.  Programs running under System are often installed as drivers, and errors in drivers cause over 90% of the BSODs that occur.

    Have you had a recent update to the Acronis software?  If so, I would check with them to see if they support that update on Windows Server 2003.

    "is the 'Image Name' and/or module Name sufficient enough?"

    Sufficient for what?


    tim

    Friday, August 23, 2019 2:06 PM
  • Hi,

    According to the dump you provided, snapman.sys is related to Acronis. If you have had any other Acronis software installed then this could have introduced an older version of snapman.sys. I consider that you could uninstall it and reinstall.

    One possible further cause besides snapman.sys could be a failing memory module, so it may be worth running a full memory check.

    Regards,


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by TECH198 Friday, September 6, 2019 11:12 AM
    Friday, August 30, 2019 2:37 AM

All replies

  • "should I be concerned about the 'Process Name'  if its 'System' ?"

    Only if the Acronis software is not installed to run under System.  Running administrative and management programs under system is a very common practice.  It is also the reason they can cause a BSOD.  Programs running under System are often installed as drivers, and errors in drivers cause over 90% of the BSODs that occur.

    Have you had a recent update to the Acronis software?  If so, I would check with them to see if they support that update on Windows Server 2003.

    "is the 'Image Name' and/or module Name sufficient enough?"

    Sufficient for what?


    tim

    Friday, August 23, 2019 2:06 PM
  • The second part answers my question anyway.... Acronis is global (system wide), not "per user"

    If it was running under system, and installed for all users, then that would eliminate the need to look at "Process name as System".

    Friday, August 23, 2019 10:55 PM
  • Hi,

    According to the dump you provided, snapman.sys is related to Acronis. If you have had any other Acronis software installed then this could have introduced an older version of snapman.sys. I consider that you could uninstall it and reinstall.

    One possible further cause besides snapman.sys could be a failing memory module, so it may be worth running a full memory check.

    Regards,


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by TECH198 Friday, September 6, 2019 11:12 AM
    Friday, August 30, 2019 2:37 AM