Server 2008 R2 - Crash.Dump Translation RRS feed

  • Question

  • Server 2008 R2 - Random Dump...

    Copy of Crash.DMP posted below....Can anyone desipher any information out of the data?  ANy help would be appreciated.  Thanks !

    Is this a Driver issue or some bad Memory in the server? 


    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.

    Loading Dump File [\\4-201d-c01\c$\MEMORY.DMP]
    Kernel Summary Dump File: Only kernel address space is available

    Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (16 procs) Free x64
    Product: Server, suite: TerminalServer SingleUserTS
    Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
    Machine Name:
    Kernel base = 0xfffff800`0161a000 PsLoadedModuleList = 0xfffff800`0185e670
    Debug session time: Thu Nov 15 11:17:08.106 2012 (UTC - 6:00)
    System Uptime: 2 days 17:28:02.112
    Loading Kernel Symbols
    ...................................................Missing image name, possible paged-out or corrupt data.
    .*** WARNING: Unable to verify timestamp for Unknown_Module_00000000`00000000
    Unable to add module at 00000000`00000000
    Unable to read KLDR_DATA_TABLE_ENTRY at 00000000`00000000 - NTSTATUS 0xC0000147

    Loading unloaded module list
    WARNING: .reload failed, module list may be incomplete
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *

    Use !analyze -v to get detailed debugging information.

    BugCheck 7E, {ffffffffc0000005, fffff8800ae1a145, fffff8800c789908, fffff8800c789160}

    Probably caused by : ntkrnlmp.exe ( nt!PoIdle+52a )

    Followup: MachineOwner

    0: kd> !analyze -v
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *

    This is a very common bugcheck.  Usually the exception address pinpoints
    the driver/function that caused the problem.  Always note this address
    as well as the link date of the driver/image that contains this address.
    Arg1: ffffffffc0000005, The exception code that was not handled
    Arg2: fffff8800ae1a145, The address that the exception occurred at
    Arg3: fffff8800c789908, Exception Record Address
    Arg4: fffff8800c789160, Context Record Address

    Debugging Details:

    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

    fffff880`0ae1a145 ??              ???

    EXCEPTION_RECORD:  fffff8800c789908 -- (.exr 0xfffff8800c789908)
    Cannot read Exception record @ fffff8800c789908

    CONTEXT:  fffff8800c789160 -- (.cxr 0xfffff8800c789160)
    Unable to read context, NTSTATUS 0xC0000147



    PROCESS_NAME:  System


    LAST_CONTROL_TRANSFER:  from fffff800016a1ce9 to fffff880051c7c61

    fffff800`0151ac98 fffff800`016a1ce9 : 00000000`0029b9c3 fffffa80`130e2b60 fffff800`0180be80 00000000`00000000 : 0xfffff880`051c7c61
    fffff800`0151aca0 fffff800`01690e9c : fffff800`0180be80 fffff800`00000001 00000000`00000001 fffff800`00000000 : nt!PoIdle+0x52a
    fffff800`0151ad80 00000000`00000000 : fffff800`0151b000 fffff800`01515000 fffff800`0151ad40 00000000`00000000 : nt!KiIdleLoop+0x2c

    fffff800`016a1ce9 0fba2557e617000f bt      dword ptr [nt!PerfGlobalGroupMask+0x8 (fffff800`01820348)],0Fh


    SYMBOL_NAME:  nt!PoIdle+52a

    FOLLOWUP_NAME:  MachineOwner


    IMAGE_NAME:  ntkrnlmp.exe


    STACK_COMMAND:  .cxr 0xfffff8800c789160 ; kb

    FAILURE_BUCKET_ID:  X64_0x7E_nt!PoIdle+52a

    BUCKET_ID:  X64_0x7E_nt!PoIdle+52a

    Followup: MachineOwner

    0: kd> lmvm nt
    start             end                 module name
    fffff800`0161a000 fffff800`01c02000   nt         (pdb symbols)          c:\symbols\ntkrnlmp.pdb\ABD176D2C7AE41B88BBF2837A09A462C2\ntkrnlmp.pdb
        Loaded symbol image file: ntkrnlmp.exe
        Image path: ntkrnlmp.exe
        Image name: ntkrnlmp.exe
        Timestamp:        Fri May 04 03:18:59 2012 (4FA390F3)
        CheckSum:         00555F80
        ImageSize:        005E8000
        File version:     6.1.7601.17835
        Product version:  6.1.7601.17835
        File flags:       0 (Mask 3F)
        File OS:          40004 NT Win32
        File type:        1.0 App
        File date:        00000000.00000000
        Translations:     0409.04b0
        CompanyName:      Microsoft Corporation
        ProductName:      Microsoft® Windows® Operating System
        InternalName:     ntkrnlmp.exe
        OriginalFilename: ntkrnlmp.exe
        ProductVersion:   6.1.7601.17835
        FileVersion:      6.1.7601.17835 (win7sp1_gdr.120503-2030)
        FileDescription:  NT Kernel & System
        LegalCopyright:   © Microsoft Corporation. All rights reserved.

    Thursday, November 15, 2012 6:15 PM


  • Hi,

    As for this issue, we should analysis dump file, so I would like suggest you contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request. To troubleshoot this kind of kernel crash issue, we need to debug the crashed system dump. Unfortunately, debugging is beyond what we can do in the forum. Please be advised that contacting phone support will be a charged call.

    To obtain the phone numbers for specific technology request please take a look at the web site listed below.


    Thank you for understanding.


    Yan Li

    Yan Li

    TechNet Community Support

    • Marked as answer by Yan Li_ Friday, November 23, 2012 1:56 AM
    Monday, November 19, 2012 7:41 AM