none
windows2008 R2 Ent 얼마전부터 Bluescreen발생하면서 서버 reboot되고있습니다. RRS feed

  • 질문

  • 안녕하세요.

    이번달들어 시스템이 bluescreen과함께 reboot되고있습니다.

    dump 내용 확인해봤는데요.

    \system32\ntoskrnl.exe 이파일이 문제가 있는것으로 판단됩니다.

    이 파일이 정말 문제가 있으면 복구하는 방법을 좀 알려주시기 바랍니다.

    감사합니다.

    아래내용은 dump(full dump, mini dump)내용입니다. 답변좀 부탁드려요.

    ====================================Full DUMP====================================
    ADDITIONAL_DEBUG_TEXT: 
    Use '!findthebuild' command to search for the target build information.
    If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.

    MODULE_NAME: tdx

    FAULTING_MODULE: fffff80002808000 nt

    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce79332

    WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart
    unable to get nt!MmSpecialPoolEnd
    unable to get nt!MmPoolCodeStart
    unable to get nt!MmPoolCodeEnd
     000004cb387dccf4

    CURRENT_IRQL:  0

    FAULTING_IP:
    nt!KeAcquireSpinLockRaiseToDpc+55
    fffff800`02886cd5 f0480fba2900    lock bts qword ptr [rcx],0

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    BUGCHECK_STR:  0xA

    LAST_CONTROL_TRANSFER:  from fffff8000287d1a9 to fffff8000287dc00

    STACK_TEXT: 
    fffff880`06b5c348 fffff800`0287d1a9 : 00000000`0000000a 000004cb`387dccf4 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
    fffff880`06b5c350 fffff800`0287be20 : fffffa80`38f75ba0 00000000`00000000 fffffa80`38f75cb8 00000000`00000002 : nt!KeSynchronizeExecution+0x3d39
    fffff880`06b5c490 fffff800`02886cd5 : 00000000`00000000 fffffa80`19ad16c0 00000000`00000000 fffff800`02b79b7f : nt!KeSynchronizeExecution+0x29b0
    fffff880`06b5c620 fffff880`00dc86fc : fffffa80`2198d1e0 fffffa80`39aaf800 00000000`00000000 fffff880`00dc3bd0 : nt!KeAcquireSpinLockRaiseToDpc+0x55
    fffff880`06b5c670 fffff880`0b83a576 : 00000000`01bca9f7 fffff800`02b762d4 00080012`000807dd 000001ef`00290005 : tdx+0x66fc
    fffff880`06b5c710 fffff880`0b83a495 : fffffa80`38f75ba0 fffffa80`1b6f3040 00000000`00000001 fffff880`06b5cb00 : VRFWTM+0x1576
    fffff880`06b5c740 fffff800`02b8850f : fffffa80`38f75ba0 fffffa80`19a1e9e0 00000000`00000000 fffffa80`21f59dd0 : VRFWTM+0x1495
    fffff880`06b5c780 fffff800`02b76504 : 00000000`00000000 fffffa80`19a1e9e0 fffff880`00ddd110 00000000`00000000 : nt!MmCreateSection+0xbccf
    fffff880`06b5c810 fffff800`02b762c1 : fffffa80`19a1e9e0 fffffa80`00000001 fffff8a0`00001640 00000000`00000000 : nt!NtWaitForSingleObject+0xe04
    fffff880`06b5c890 fffff800`02b76884 : 00000000`000005ac fffffa80`19a1e9e0 fffff8a0`00001640 00000000`000005ac : nt!NtWaitForSingleObject+0xbc1
    fffff880`06b5c920 fffff800`0287ce93 : fffffa80`1af4eb50 fffff880`06b5c9f0 00000000`00000001 3232624e`00000000 : nt!NtWaitForSingleObject+0x1184
    fffff880`06b5c970 fffff800`02879450 : fffff880`0392b767 fffff800`02a23280 fffffa80`21f5e780 00000000`00000000 : nt!KeSynchronizeExecution+0x3a23
    fffff880`06b5cb08 fffff880`0392b767 : fffff800`02a23280 fffffa80`21f5e780 00000000`00000000 fffff880`039542c8 : nt!ZwUnlockFile+0x150
    fffff880`06b5cb10 fffff880`0392ae9d : 00000000`00000000 fffff800`02a23280 00000000`00000000 00000000`00000000 : netbt+0x5767
    fffff880`06b5cb40 fffff800`02887251 : fffff880`0392ae14 fffffa80`1af4eb50 fffff880`039542e0 fffffa80`1af4eb50 : netbt+0x4e9d
    fffff880`06b5cb70 fffff800`02b1bede : fffffa80`1ad8b180 fffffa80`1af4eb50 00000000`00000080 fffffa80`19a1e9e0 : nt!KeReleaseInStackQueuedSpinLock+0x2f1
    fffff880`06b5cc00 fffff800`0286e906 : fffff880`026b2180 fffffa80`1af4eb50 fffffa80`19ab3b50 00000000`00000000 : nt!PsCreateSystemThread+0x1da
    fffff880`06b5cc40 00000000`00000000 : fffff880`06b5d000 fffff880`06b57000 fffff880`06b5c8a0 00000000`00000000 : nt!KeInitializeSemaphore+0x25a


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    tdx+66fc
    fffff880`00dc86fc 8b9528030000    mov     edx,dword ptr [rbp+328h]

    SYMBOL_STACK_INDEX:  4

    SYMBOL_NAME:  tdx+66fc

    FOLLOWUP_NAME:  MachineOwner

    IMAGE_NAME:  tdx.sys

    BUCKET_ID:  WRONG_SYMBOLS

    Followup: MachineOwner
    ---------

    18: kd> lmvm tdx
    start             end                 module name
    fffff880`00dc2000 fffff880`00de4000   tdx        (no symbols)          
        Loaded symbol image file: tdx.sys
        Image path: \SystemRoot\system32\DRIVERS\tdx.sys
        Image name: tdx.sys
        Timestamp:        Sat Nov 20 18:21:54 2010 (4CE79332)
        CheckSum:         000288B2
        ImageSize:        00022000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    18: kd> lmvm nt
    start             end                 module name
    fffff800`02808000 fffff800`02dee000   nt         (export symbols)       ntkrnlmp.exe
        Loaded symbol image file: ntkrnlmp.exe
        Image path: ntkrnlmp.exe
        Image name: ntkrnlmp.exe
        Timestamp:        Tue Mar 19 12:21:42 2013 (5147D9C6)
        CheckSum:         00552B17
        ImageSize:        005E6000
        File version:     6.1.7601.18113
        Product version:  6.1.7601.18113
        File flags:       0 (Mask 3F)
        File OS:          40004 NT Win32
        File type:        1.0 App
        File date:        00000000.00000000
        Translations:     0409.04b0
        CompanyName:      Microsoft Corporation
        ProductName:      Microsoft® Windows® Operating System
        InternalName:     ntkrnlmp.exe
        OriginalFilename: ntkrnlmp.exe
        ProductVersion:   6.1.7601.18113
        FileVersion:      6.1.7601.18113 (win7sp1_gdr.130318-1533)
        FileDescription:  NT Kernel & System
        LegalCopyright:   © Microsoft Corporation. All rights reserved.

    ====================================MINI DUMP====================================
    ADDITIONAL_DEBUG_TEXT: 
    Use '!findthebuild' command to search for the target build information.
    If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.

    MODULE_NAME: nt

    FAULTING_MODULE: fffff80002808000 nt

    DEBUG_FLR_IMAGE_TIMESTAMP:  5147d9c6

    WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart
    unable to get nt!MmSpecialPoolEnd
    unable to get nt!MmPoolCodeStart
    unable to get nt!MmPoolCodeEnd
     000004cb387dccf4

    CURRENT_IRQL:  0

    FAULTING_IP:
    nt+7ecd5
    fffff800`02886cd5 f0480fba2900    lock bts qword ptr [rcx],0

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP

    BUGCHECK_STR:  0xA

    LAST_CONTROL_TRANSFER:  from fffff8000287d1a9 to fffff8000287dc00

    STACK_TEXT: 
    fffff880`06b5c348 fffff800`0287d1a9 : 00000000`0000000a 000004cb`387dccf4 00000000`00000002 00000000`00000001 : nt+0x75c00
    fffff880`06b5c350 00000000`0000000a : 000004cb`387dccf4 00000000`00000002 00000000`00000001 fffff800`02886cd5 : nt+0x751a9
    fffff880`06b5c358 000004cb`387dccf4 : 00000000`00000002 00000000`00000001 fffff800`02886cd5 fffff800`02a2fb20 : 0xa
    fffff880`06b5c360 00000000`00000002 : 00000000`00000001 fffff800`02886cd5 fffff800`02a2fb20 00000000`00000000 : 0x4cb`387dccf4
    fffff880`06b5c368 00000000`00000001 : fffff800`02886cd5 fffff800`02a2fb20 00000000`00000000 00000000`00000000 : 0x2
    fffff880`06b5c370 fffff800`02886cd5 : fffff800`02a2fb20 00000000`00000000 00000000`00000000 00000000`00000000 : 0x1
    fffff880`06b5c378 fffff800`02a2fb20 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt+0x7ecd5
    fffff880`06b5c380 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt+0x227b20


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    nt+7ecd5
    fffff800`02886cd5 f0480fba2900    lock bts qword ptr [rcx],0

    SYMBOL_STACK_INDEX:  6

    SYMBOL_NAME:  nt+7ecd5

    FOLLOWUP_NAME:  MachineOwner

    IMAGE_NAME:  ntoskrnl.exe

    BUCKET_ID:  WRONG_SYMBOLS

    Followup: MachineOwner
    ---------

    18: kd> lmvm nt
    start             end                 module name
    fffff800`02808000 fffff800`02dee000   nt       T (no symbols)          
        Loaded symbol image file: ntoskrnl.exe
        Image path: \SystemRoot\system32\ntoskrnl.exe
        Image name: ntoskrnl.exe
        Timestamp:        Tue Mar 19 12:21:42 2013 (5147D9C6)
        CheckSum:         00552B17
        ImageSize:        005E6000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    18: kd> lmvm nt
    start             end                 module name
    fffff800`02808000 fffff800`02dee000   nt       T (no symbols)          
        Loaded symbol image file: ntoskrnl.exe
        Image path: \SystemRoot\system32\ntoskrnl.exe
        Image name: ntoskrnl.exe
        Timestamp:        Tue Mar 19 12:21:42 2013 (5147D9C6)
        CheckSum:         00552B17
        ImageSize:        005E6000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

    2013년 8월 19일 월요일 오전 2:00

모든 응답

  • 안녕하세요 김병훈님,

    덤프파일 분석은 포럼 지원 범위 밖입니다.

    기술지원받으시길 바랍니다.

     

    [Microsoft 고객지원센터]

    1577-9700

    2013년 8월 19일 월요일 오전 6:30
    중재자