locked
Bluescreen KMODE_EXCEPTION_NOT_HANDLED RRS feed

  • Discussion générale

  • Bonjour,

    je me permets de poster mon problème ici car je n'arrive pas à le résoudre malgré le temps passé dessus.
    J'ai un serveur en Windows Server 2008R2 (avec un Exchange) qui subit des bluescreens très régulièrement (toutes les 3 à 4 min).
    Le serveur est à jour. J'ai effectué un SFC et un CHKDSK, rien d'anormal. J'ai remis une ancienne sauvegarde, même soucis.
    J'ai mis à jour le pilote de la carte réseau en dernière version (et même avant dernière version).

    Test disque et RAM : rien à signaler.
    J'ai changé tous les câbles USB, alim, réseaux, vidéo. Nous avons même déplacé le serveur dans une autre pièce, avec seulement le cordon d'alim et réseau.

    Si quelqu'un a une idée ou une piste, je serais preneur !

    Merci d'avance à vous,

    Anthony

    Voici le dump que j'obtiens :


    Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [E:\Desktop\BSOD Girard\Mini112117-07.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available


    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       srv*

    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       srv*
    Symbol search path is: srv*
    Executable search path is: srv*
    Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (4 procs) Free x64
    Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS
    Built by: 6002.18881.amd64fre.vistasp2_gdr.130707-1535
    Machine Name:
    Kernel base = 0xfffff800`0325a000 PsLoadedModuleList = 0xfffff800`0341ee30
    Debug session time: Tue Nov 21 10:42:41.439 2017 (UTC + 1:00)
    System Uptime: 0 days 0:11:59.113
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    .................
    Loading User Symbols
    Loading unloaded module list
    ........
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 1E, {ffffffffc0000005, fffffa8011cbd544, 0, 15f800008042}

    *** WARNING: Unable to verify timestamp for win32k.sys
    *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
    Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+291e7 )

    Followup: MachineOwner
    ---------

    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    KMODE_EXCEPTION_NOT_HANDLED (1e)
    This is a very common bugcheck.  Usually the exception address pinpoints
    the driver/function that caused the problem.  Always note this address
    as well as the link date of the driver/image that contains this address.
    Arguments:
    Arg1: ffffffffc0000005, The exception code that was not handled
    Arg2: fffffa8011cbd544, The address that the exception occurred at
    Arg3: 0000000000000000, Parameter 0 of the exception
    Arg4: 000015f800008042, Parameter 1 of the exception

    Debugging Details:
    ------------------


    READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003481080
    GetUlongFromAddress: unable to read from fffff80003481160
     0000000000000000 Nonpaged pool

    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - L'instruction   0x%p emploie l'adresse m moire 0x%p. L' tat de la m moire ne peut pas  tre %s.

    FAULTING_IP:
    +2239c3a0000
    fffffa80`11cbd544 ??              ???

    BUGCHECK_STR:  0x1E_c0000005_R

    CUSTOMER_CRASH_COUNT:  7

    DEFAULT_BUCKET_ID:  COMMON_SYSTEM_FAULT

    PROCESS_NAME:  System

    CURRENT_IRQL:  0

    ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre

    TRAP_FRAME:  fffffa6007587770 -- (.trap 0xfffffa6007587770)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=fffffa8012776040 rbx=0000000000000000 rcx=fffffa800cd37f18
    rdx=00000000c2558cca rsi=0000000000000000 rdi=0000000000000000
    rip=fffffa8011cbd544 rsp=fffffa6007587900 rbp=fffffa8011a2c000
     r8=fffffa800e697500  r9=fffff8800b1cc010 r10=00000000fffffffc
    r11=fffff8800b1cc11c r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei ng nz ac pe nc
    fffffa80`11cbd544 ??              ???
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from fffff80003294147 to fffff800032b1150

    STACK_TEXT:  
    fffffa60`07586f88 fffff800`03294147 : 00000000`0000001e ffffffff`c0000005 fffffa80`11cbd544 00000000`00000000 : nt!KeBugCheckEx
    fffffa60`07586f90 fffff800`032b0fa9 : fffffa60`075876c8 fffff800`0325a000 fffffa60`07587770 000015f8`00008042 : nt! ?? ::FNODOBFM::`string'+0x291e7
    fffffa60`07587590 fffff800`032afda5 : 00000000`00000000 fffffa60`0433e2db fffffa80`0e3cfa00 fffff800`0325a000 : nt!KiExceptionDispatch+0xa9
    fffffa60`07587770 fffffa80`11cbd544 : 00000000`00000000 fffffa80`12776040 fffffa60`075879e8 fffffa80`11a2c000 : nt!KiPageFault+0x1e5
    fffffa60`07587900 00000000`00000000 : fffffa80`12776040 fffffa60`075879e8 fffffa80`11a2c000 00000000`c2558cca : 0xfffffa80`11cbd544


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    nt! ?? ::FNODOBFM::`string'+291e7
    fffff800`03294147 cc              int     3

    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+291e7

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: nt

    IMAGE_NAME:  ntkrnlmp.exe

    DEBUG_FLR_IMAGE_TIMESTAMP:  51da19e2

    IMAGE_VERSION:  6.0.6002.18881

    FAILURE_BUCKET_ID:  X64_0x1E_c0000005_R_nt!_??_::FNODOBFM::_string_+291e7

    BUCKET_ID:  X64_0x1E_c0000005_R_nt!_??_::FNODOBFM::_string_+291e7

    ANALYSIS_SOURCE:  KM

    FAILURE_ID_HASH_STRING:  km:x64_0x1e_c0000005_r_nt!_??_::fnodobfm::_string_+291e7

    FAILURE_ID_HASH:  {52418fd0-4f93-3a6a-0cd4-9fba9d1d2a89}

    Followup: MachineOwner
    ---------

    mercredi 22 novembre 2017 12:33

Toutes les réponses