Server 2008 R2 - Random Dump...
Copy of Crash.DMP posted below....Can anyone desipher any information out of the data? ANy help would be appreciated. Thanks !
Is this a Driver issue or some bad Memory in the server?
---------------
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [\\4-201d-c01\c$\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (16 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
Machine Name:
Kernel base = 0xfffff800`0161a000 PsLoadedModuleList = 0xfffff800`0185e670
Debug session time: Thu Nov 15 11:17:08.106 2012 (UTC - 6:00)
System Uptime: 2 days 17:28:02.112
Loading Kernel Symbols
...................................................Missing image name, possible paged-out or corrupt data.
.*** WARNING: Unable to verify timestamp for Unknown_Module_00000000`00000000
Unable to add module at 00000000`00000000
Unable to read KLDR_DATA_TABLE_ENTRY at 00000000`00000000 - NTSTATUS 0xC0000147
Loading unloaded module list
............
WARNING: .reload failed, module list may be incomplete
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 7E, {ffffffffc0000005, fffff8800ae1a145, fffff8800c789908, fffff8800c789160}
Probably caused by : ntkrnlmp.exe ( nt!PoIdle+52a )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8800ae1a145, The address that the exception occurred at
Arg3: fffff8800c789908, Exception Record Address
Arg4: fffff8800c789160, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
+6665313331393562
fffff880`0ae1a145 ?? ???
EXCEPTION_RECORD: fffff8800c789908 -- (.exr 0xfffff8800c789908)
Cannot read Exception record @ fffff8800c789908
CONTEXT: fffff8800c789160 -- (.cxr 0xfffff8800c789160)
Unable to read context, NTSTATUS 0xC0000147
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x7E
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff800016a1ce9 to fffff880051c7c61
STACK_TEXT:
fffff800`0151ac98 fffff800`016a1ce9 : 00000000`0029b9c3 fffffa80`130e2b60 fffff800`0180be80 00000000`00000000 : 0xfffff880`051c7c61
fffff800`0151aca0 fffff800`01690e9c : fffff800`0180be80 fffff800`00000001 00000000`00000001 fffff800`00000000 : nt!PoIdle+0x52a
fffff800`0151ad80 00000000`00000000 : fffff800`0151b000 fffff800`01515000 fffff800`0151ad40 00000000`00000000 : nt!KiIdleLoop+0x2c
FOLLOWUP_IP:
nt!PoIdle+52a
fffff800`016a1ce9 0fba2557e617000f bt dword ptr [nt!PerfGlobalGroupMask+0x8 (fffff800`01820348)],0Fh
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!PoIdle+52a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4fa390f3
STACK_COMMAND: .cxr 0xfffff8800c789160 ; kb
FAILURE_BUCKET_ID: X64_0x7E_nt!PoIdle+52a
BUCKET_ID: X64_0x7E_nt!PoIdle+52a
Followup: MachineOwner
---------
0: kd> lmvm nt
start end module name
fffff800`0161a000 fffff800`01c02000 nt (pdb symbols) c:\symbols\ntkrnlmp.pdb\ABD176D2C7AE41B88BBF2837A09A462C2\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Timestamp: Fri May 04 03:18:59 2012 (4FA390F3)
CheckSum: 00555F80
ImageSize: 005E8000
File version: 6.1.7601.17835
Product version: 6.1.7601.17835
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlmp.exe
OriginalFilename: ntkrnlmp.exe
ProductVersion: 6.1.7601.17835
FileVersion: 6.1.7601.17835 (win7sp1_gdr.120503-2030)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.
Server 2008 R2 - Crash.Dump Translation
