none
KMODE_EXCEPTION_NOT_HANDLED On Windows Server 2008 STD SP1 Production server.

    Domanda

  • Windows Server 2008 STD SP1 having blue screen error with bug check code 0x0000001e , unable to understand the BSOD as multiple BSOD's are with same Bug Check Code  : 0x0000001e

    Pleasehelp , below is the BSOD Description.

    ==================================================
    Dump File         : Mini052418-01.dmp
    Crash Time        : 24-05-2018 16:19:08
    Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
    Bug Check Code    : 0x0000001e
    Parameter 1       : ffffffff`c0000005
    Parameter 2       : fffffa80`1689a544
    Parameter 3       : 00000000`00000000
    Parameter 4       : 00000c87`00004810
    Caused By Driver  : serial.sys
    Caused By Address : serial.sys+13c37544
    File Description  : 
    Product Name      : 
    Company           : 
    File Version      : 
    Processor         : x64
    Crash Address     : ntoskrnl.exe+55390
    Stack Address 1   : 
    Stack Address 2   : 
    Stack Address 3   : 
    Computer Name     : 
    Full Path         : C:\Windows\MiniDump\Mini052418-01.dmp
    Processors Count  : 4
    Major Version     : 15
    Minor Version     : 6001
    Dump File Size    : 297,908
    Dump File Time    : 24-05-2018 16:20:00
    ==================================================
    • Modificato Vishal_it venerdì 6 luglio 2018 05:59
    venerdì 6 luglio 2018 05:50

Tutte le risposte

  • The KMODE_EXCEPTION_NOT_HANDLED bug check has a value of 0x0000001E. This indicates that a kernel-mode program generated an exception which the error handler did not catch.

    Have there been other crashes since Dump File Time    : 24-05-2018 16:20:00?

    1) To evaluate the BSOD please post logs for troubleshooting.

    2) Using administrative command prompt copy and paste this whole command.

    3) Make sure the default language is English so that the logs can be scanned and read.

    https://www.tenforums.com/tutorials/3813-language-add-remove-change-windows-10-a.html

    4) The command will automatically collect the computer files and place them on the desktop.

    5) Then use one 7zip and one drive or drop box to place share links into the thread for troubleshooting.

    https://support.office.com/en-us/article/Share-OneDrive-files-and-folders-9fcc2f7d-de0c-4cec-93b0-a82024800c07

    6) This command will automatically collect these files:  msinfo32, mini dumps, drivers, hosts, install, uninstall, services, startup, event viewer files, etc.

    7) Open administrative command prompt and copy and paste the whole command:

    copy %SystemRoot%\minidump\*.dmp "%USERPROFILE%\Desktop\"&dxdiag /t %Temp%\dxdiag.txt&copy %Temp%\dxdiag.txt "%USERPROFILE%\Desktop\SFdebugFiles\"&type %SystemRoot%\System32\drivers\etc\hosts >> "%USERPROFILE%\Desktop\hosts.txt"&systeminfo > "%USERPROFILE%\Desktop\systeminfo.txt"&driverquery /v > "%USERPROFILE%\Desktop\drivers.txt" &msinfo32 /nfo "%USERPROFILE%\Desktop\msinfo32.nfo"&wevtutil qe System /f:text > "%USERPROFILE%\Desktop\eventlog.txt"&reg export HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall "%USERPROFILE%\Desktop\uninstall.txt"&reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components" "%USERPROFILE%\Desktop\installed.txt"&net start > "%USERPROFILE%\Desktop\services.txt"&REM wmic startup list full /format:htable >"%USERPROFILE%\Desktop\startup.html"&wmic STARTUP GET Caption, Command, User >"%USERPROFILE%\Desktop\startup.txt"

    8) There are two files for you to find manually: 

    a) C:\Windows\MEMORY.DMP

    Use file explorer > this PC > local C: drive > right upper corner search for C:\windows.memory.dmp > zip > post a one drive or drop box share link into the thread

    b) Dxdiag:  In the left lower corner search type:  dxdiag > When the DirectX Diagnostic Tool opens click on the next page button so that each tab is opened > click on save all information > save to desktop > post one drive or drop box share link into the thread

    .

    .

    .

    Please remember to vote and to mark the replies as answers if they help.

    .

    .

    .




    venerdì 6 luglio 2018 06:53
  • Dear team,

    Thanks for reply.

    Please find logs here https://1drv.ms/u/s!AnJhi3gKn9cZjAxmjuXwUfiFrnA4

    Also , I didn't find Memory.dmp file in c location.

    Dxdiag and other logs are on the above link (onedrive)

    Awaiting for your valuable reply.


    Thanks & Regards, Vishal

    lunedì 9 luglio 2018 12:02
  • 1) The bugchecks were 1E and 7E.  There were symbol problems with multiple mini dump files.  The newest mini dump file submitted was from May, 2018.

    2) Memory dumps are not being created.  These types of files are very useful when troubleshooting BSOD.

    3) Please increase the free space on the Windows drive.  Once memory dump files are created they typically range from 500 MB to 4 GB and most often they are typically 1 GB.  During the troubleshooting please make sure that the Windows drive has at least 30 GB free space and make sure that the page file is on the Windows drive.  Windows may automatically delete memory dump files when the drive free space falls below 25 GB.

    4) And during the troubleshooting please make sure that Windows error reporting is not cleaned or deleted.

    5) If the computer has Ccleaner > click windows tab > scroll down to system and advanced > post an image into the thread

    6) In the left lower corner search type: system or system control > open system control panel > on the left pane click advanced system settings 
    a) > on the advanced tab under startup and recovery > click settings > post an image of the startup and recovery into the thread using a one drive or drop box share link
    b) > on the advanced tab under performance > click on settings > under performance options > click on the advanced tab > under virtual memory > click on change > post an image of the virtual memory tab into the thread using a one drive or drop box share link


     

    7) Uninstall Kaspersky AV by using the applicable uninstall tool:

    https://support.kaspersky.com/1464 

    8) Turn on Windows defender

    9) Wait one week to evaluate the computer environment.  Then reinstall Kaspersky AV if the environment is stable.  

    10) Uninstall and reinstall these drivers:

    a) lsi_sas.sys

    LSI SAS driver 

     b) E1G6032E.sys 

    Intel Ethernet 

    Updating a driver:  https://answers.microsoft.com/en-us/windows/wiki/windows_10-update/updating-a-driver/a5e6345e-af9b-4099-bef0-8d22254aa1c1

    .

    .

    .

    Event[42934]:
      Log Name: System
      Source: volmgr
      Date: 2018-02-12T16:43:50.365
      Event ID: 49
      Task: N/A
      Level: Error
      Opcode: N/A
      Keyword: Classic
      User: N/A
      User Name: N/A
      Computer: eccprd
      Description: 
    Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.

    .

    .

    .

    lsi_sas.sys
    LSI SAS driver
    http://www.lsi.com/support/ 

    LSI_SAS      LSI_SAS                LSI_SAS                Kernel        Boot       Running    OK         TRUE        FALSE        0          86,016     0      30-06-2007 06:30:56    C:\Windows\system32\drivers\lsi_sas.sys          4,096 

    Name LSI Adapter, SAS 3000 series, 8-port with 1068
    Manufacturer LSI Logic
    Status OK
    PNP Device ID PCI\VEN_1000&DEV_0054&SUBSYS_197615AD&REV_01\4&2732702B&0&00A8
    I/O Port 0x00004000-0x00004FFF
    Memory Address 0xFD4EC000-0xFD4EFFFF
    Memory Address 0xFD4F0000-0xFD4FFFFF
    IRQ Channel IRQ 4294967260
    Driver c:\windows\system32\drivers\lsi_sas.sys (1.25.6.22, 102.55 KB (105,016 bytes), 19-01-2008 10:06)


    lsi_sas LSI_SAS c:\windows\system32\drivers\lsi_sas.sys Kernel Driver Yes Boot Running OK Normal No Yes


    LSI Adapter, SAS 3000 series, 8-port with 1068 Yes SCSIADAPTER 1.25.6.22 29-06-2007 LSI Logic lsi_sas.inf Not Available PCI\VEN_1000&DEV_0054&SUBSYS_197615AD&REV_01\4&2732702B&0&00A8
    .
    .
    .



    E1G6032E.sys
    Intel Ethernet
    http://downloadcenter.intel.com/Default.aspx

    E1G60        Intel(R) PRO/1000 NDIS Intel(R) PRO/1000 NDIS Kernel        Manual     Running    OK         TRUE        FALSE        0          1,06,880   0      07-08-2007 21:45:10    C:\Windows\system32\DRIVERS\E1G6032E.sys         2,304     


    Name [00000006] Intel(R) PRO/1000 MT Network Connection
    Adapter Type Ethernet 802.3
    Product Type Intel(R) PRO/1000 MT Network Connection
    Installed Yes
    PNP Device ID PCI\VEN_8086&DEV_100F&SUBSYS_075015AD&REV_01\4&B70F118&0&0088
    Last Reset 24-05-2018 16:19
    Index 6
    Service Name E1G60

    Driver c:\windows\system32\drivers\e1g6032e.sys (8.3.2.8, 142.75 KB (146,176 bytes), 19-01-2008 15:08)


    e1g60 Intel(R) PRO/1000 NDIS 6 Adapter Driver c:\windows\system32\drivers\e1g6032e.sys Kernel Driver Yes Manual Running OK Normal No Yes

    .

    .

    .

    kltdi.sys

    klim6.sys

    .

    .

    .

     Operating System: Windows Server® 2008 Standard (6.0, Build 6001) Service Pack 1 (6001.longhorn_rtm.080118-1840)

    .

    .

    .

    Drive: C:
     Free Space: 14.0 GB
    Total Space: 41.0 GB
    File System: NTFS
          Model: VMware Virtual disk SCSI Disk Device

          Drive: D:
     Free Space: 0.5 GB
    Total Space: 30.0 GB
    File System: NTFS
          Model: VMware Virtual disk SCSI Disk Device

          Drive: F:
     Free Space: 74.5 GB
    Total Space: 512.0 GB
    File System: NTFS
          Model: VMware Virtual disk SCSI Disk Device

          Drive: I:
     Free Space: 3.8 GB
    Total Space: 15.3 GB
    File System: NTFS
          Model: VMware Virtual disk SCSI Disk Device

          Drive: J:
     Free Space: 3.5 GB
    Total Space: 410.4 GB
    File System: NTFS
          Model: VMware Virtual disk SCSI Disk Device

          Drive: L:
     Free Space: 18.8 GB
    Total Space: 30.7 GB
    File System: NTFS
          Model: VMware Virtual disk SCSI Disk Device.

    .

    .

    .

    Event[47349]:
      Log Name: System
      Source: volmgr
      Date: 2018-05-24T16:19:56.529
      Event ID: 49
      Task: N/A
      Level: Error
      Opcode: N/A
      Keyword: Classic
      User: N/A
      User Name: N/A
      Computer: eccprd
      Description: 
    Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.

    .

    .

    .

    .


    Please remember to vote and to mark the replies as answers if they help.
    .

    .

    .





    lunedì 9 luglio 2018 20:55
  • @Vishal_it,

    Please update the progress with the above steps.

    giovedì 12 luglio 2018 20:22
  • @questionsformicrosoftproducts As this is the production server hence I am doing above steps one by one.

    I might need more time and will update you accordingly how I am going with this.

    Thank you.


    Thanks & Regards, Vishal

    venerdì 13 luglio 2018 11:19
  • @questionsformicrosoftproducts CURRENT Status :

    1 > Acknowledged.

    2 > After may 2018 there is no dump.

    3 > Increase space on windows drive by keeping in mind that there should be min 30 GB Free. Page file reconfiguration pending.

    4 > Will make sure during the troubleshooting Windows error reporting is not cleaned or deleted.

    5 > This server is not having CCleaner installed.

    6 > Inserting image into this thread.

    6a --- 

    6b ---

    7 > Kaspersky antivirus is not installed

    8 > Turned ON windows defender.

    9 > As requested will wait for one week to evaluate environment.

    10 > Uninstalled and reinstalled below drivers:

    a : lsi_sas.sys

    b: E1G6032E.sys

    Currently we are monitoring this server and during downtime will proceed with pending activities such as adjusting page file.

    Thanks for your support.


    Thanks & Regards, Vishal

    mercoledì 18 luglio 2018 07:27
  • 1) When there is a BSOD and automatic restart is checked it can be easy to miss BSOD.

    It gets the server back to work quickly but that is the trade off.

    If automatic restart were unchecked it would display the bugcheck with : (

    Sometimes it may display the misbehaving driver in the form *.sys.

    2) For the write debugging information it is currently set to kernel memory dump.  If this were changed to automatic memory dump it would allow a larger size file to be created which may improve the debugging.  The trade off is that on occasion the file can be so large that it is not possible to zip and upload the memory dump.  Most often the file size is 500 to 1200 GB.  On occasion though the file size can be 15 GB.  We generally zip and upload files up to 2 GB.

    3) When troubleshooting the page file is changed back to default settings so that the box is checked to automatically manage paging file size for all drives.  And the page file is returned to the Windows drive.

    4) For any changes to startup and recovery system failure and/or page file please reboot to make sure the change is completed.

    5) When there is a BSOD dump files can fail to form and can be deleted.  The failure to form is reduced or improved by the above changes to the page file (placing it back to default on the Windows drive and automatic management).  The deletion occurs with third party software such as Ccleaner or by Windows.  Windows will delete memory.dmp files when the free space is less than 25 GB.  The memory.dmp files can be various sizes so it is recommended to have 30 GB free space on the drive before the BSOD.

    6) The Kaspersky uninstallation, with uninstalling and reinstalling the two drivers should fix the BSOD problem.  If there are no BSOD for the week you can reinstall Kaspersky and then if there is a BSOD post a new zip into the thread for troubleshooting.



    mercoledì 18 luglio 2018 08:57
  • @questionsformicrosoftproducts acknowledged , will follow the above suggestions and let you know if any issues , currently I have put this server under observation.

    Will come back with results shortly.

    Thank you very much for the help and suggestions on this issue.

     


    Thanks & Regards, Vishal

    venerdì 20 luglio 2018 03:38