none
블루스크린 Ntfs.sys 덤프분석 요청 RRS feed

  • 질문

  • 원인이 무엇인지 알 수 가 없어서 문의 드립니다.


    2012년 2월 27일 Windows 보안 업데이트(28개 정도) 후 서버가 운영 중에 재부팅(3번)을 반복...


    현재는 괜찮은 상태이나 Windows 보안 업데이트 항목을 삭제 중.


    OS : Windows 2008 Std 32bit sp2


    minidump 내용----------------------------------------------------------------------------------------------------------

    kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    NTFS_FILE_SYSTEM (24)
        If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
        parameters are the exception record and context record. Do a .cxr
        on the 3rd parameter and then kb to obtain a more informative stack
        trace.
    Arguments:
    Arg1: 001904aa
    Arg2: 8d83a91c
    Arg3: 8d83a618
    Arg4: 8cc9654d

    Debugging Details:
    ------------------

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!KPRCB                                      ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!KPRCB                                      ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************

    ADDITIONAL_DEBUG_TEXT: 
    Use '!findthebuild' command to search for the target build information.
    If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.

    MODULE_NAME: Ntfs

    FAULTING_MODULE: 81a16000 nt

    DEBUG_FLR_IMAGE_TIMESTAMP:  49e0192a

    EXCEPTION_RECORD:  8d83a91c -- (.exr 0xffffffff8d83a91c)
    ExceptionAddress: 8cc9654d (Ntfs!NtfsMapStream+0x00000023)
       ExceptionCode: c0000005 (Access violation)
      ExceptionFlags: 00000000
    NumberParameters: 2
       Parameter[0]: 00000000
       Parameter[1]: 00000014
    Attempt to read from address 00000014

    CONTEXT:  8d83a618 -- (.cxr 0xffffffff8d83a618)
    eax=00000000 ebx=00000000 ecx=00001800 edx=00000000 esi=00000000 edi=00001400
    eip=8cc9654d esp=8d83a9e4 ebp=8d83a9ec iopl=0         nv up ei pl zr na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
    Ntfs!NtfsMapStream+0x23:
    8cc9654d ??              ???
    Resetting default scope

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP

    BUGCHECK_STR:  0x24

    CURRENT_IRQL:  0

    LAST_CONTROL_TRANSFER:  from 8cc96674 to 8cc9654d

    STACK_TEXT: 
    8d83a9ec 8cc96674 8c4c1498 00000000 00001400 Ntfs!NtfsMapStream+0x23
    8d83aa68 8cc9721f 8c4c1498 b0d1a0d8 a45b1010 Ntfs!NtfsReadMftRecord+0x7d
    8d83aa94 8cc96d6a 8c4c1498 b0d1a0d8 a45b1010 Ntfs!NtfsReadFileRecord+0x31
    8d83aac4 8cc692df 8c4c1498 a45b1008 a45b1010 Ntfs!NtfsLookupInFileRecord+0x11f
    8d83ab48 8cc0b51e 8c4c1498 a45b1008 8d83ab5c Ntfs!TxfReadTxfDataAttribute+0x42
    8d83ab94 8cc324d6 8c4c1498 a45b1008 8d83abe4 Ntfs!TxfReadTxfEpoch+0x17
    8d83ac14 8cc5dd69 8c4c1498 9b51a000 a45b10f8 Ntfs!TxfResetRm+0x363
    8d83aca8 8cca7898 b0d1a0d8 b0d14008 8c4c1498 Ntfs!TxfInitializeVolume+0x3d2
    8d83acc4 8cc0f8ce 8c4c1498 00000000 0147f7c1 Ntfs!NtfsCommonFileSystemControl+0x99
    8d83ad44 81abbe22 00000000 00000000 84b55580 Ntfs!NtfsFspDispatch+0x264
    WARNING: Stack unwind information not available. Following frames may be wrong.
    8d83ad7c 81bebfe2 8c4c1498 4edbfe45 00000000 nt+0xa5e22
    8d83adc0 81a54efe 81abbd25 00000000 00000000 nt+0x1d5fe2
    00000000 00000000 00000000 00000000 00000000 nt+0x3eefe


    FOLLOWUP_IP:
    Ntfs!NtfsMapStream+23
    8cc9654d ??              ???

    SYMBOL_STACK_INDEX:  0

    SYMBOL_NAME:  Ntfs!NtfsMapStream+23

    FOLLOWUP_NAME:  MachineOwner

    IMAGE_NAME:  Ntfs.sys

    STACK_COMMAND:  .cxr 0xffffffff8d83a618 ; kb

    BUCKET_ID:  WRONG_SYMBOLS

    Followup: MachineOwner

    2012년 2월 29일 수요일 오전 12:46

모든 응답

  • 안녕하십니까? shbang 님,
    Microsoft TechNet의Forum 사이트를 방문해 주셔서 감사합니다.
     
    문의 하신 ”블루스크린 Ntfs.sys 덤프분석 요청”에 대해 답변드리겠습니다.
     
    Windows Server 2008 SP2 설치가 되어있으신지요? 아래 URL을 참조하여 설치 부탁드립니다.

    Windows Server 2008 Service Pack 2 and Windows Vista Service Pack 2 - Five Language Standalone for x86-based Systems
    http://www.microsoft.com/downloads/details.aspx?FamilyID=a4dd31d5-f907-4406-9012-a5c3199ea2b3

    제가 문제에 대해 더 알아야 할 것이 있다면 응답 주시면 감사하겠습니다.
    제시해 드린 답변이 도움이 되었기를 바랍니다.
     
    답변이 문제 해결에 도움이 되었다면 답변으로 채택을 부탁드립니다.하지만 문제 해결이 되지 않아서 정확한 답변을 원하는 경우에는 문제의 정보를 더 자세하게 답변으로 제공해주시기 바랍니다.

    2012년 2월 29일 수요일 오전 1:59
    중재자
  • SP 2 설치된 상태입니다.

    1.이중화솔루션(Legato)가 설치되어 운영중입니다.

      - 디스크 동기화 포함

    2. 운영 담당자가 Windows 자동 업데이트 이전에 아래의 내용을 수동으로 업데이트 진행.

      - iexplorer 7운영 중인 서버에 KB2586448 을 수동으로 업데이트 했다고 함.

        이후 Windows 자동 업데이트 사이트에서 중요 업데이트(iexplorer 9 포함)를 진행 했다고 함.

    • 편집됨 shbang 2012년 3월 5일 월요일 오전 2:30 내용 추가
    2012년 3월 5일 월요일 오전 1:32
  • 안녕하십니까? shbanb 님,

    NTFS_FILE_SYSTEM (24)
    다음 Hotfix 설치 및 기술문서를 참고하여 해당사항이 있는지 확인 부탁 드립니다.
    확인 1 : E200/E200i HP Smart Array SAS/SATA controller
    Error message 1
    STOP: 0x00000024 ( parameter1 , parameter2 , parameter3 , parameter4 )
    Error message 2
    STOP: 0x00000050 ( parameter1 , parameter2 , parameter3 , parameter4 )
    Error message 3
    STOP: 0x0000004E ( parameter1 , parameter2 , parameter3 , parameter4 )

    [참조자료]
    A Stop error occurs on an HP ProLiant server that has the firmware from an E200/E200i HP Smart Array SAS/SATA controller installed on any Windows Server platform
    http://support.microsoft.com/kb/969550/en-us

    확인 2 : Hotfix 설치
    현재 설치되어 있는 버전을 확인하여 다음 Hotfix와 비교하여 이전버전일 경우 업데이트 하시기 바랍니다.
    For all supported x86-based versions of Windows Server 2008 and of Windows Vista
    File name File version File size Date Time Platform
    Ntfs.sys 6.0.6001.22762 1,079,696 13-Sep-2010 23:40 x86
    Ntfs.sys 6.0.6002.22486 1,081,744 13-Sep-2010 23:40 x86
    For all supported x64-based versions of Windows Server 2008 and of Windows Vista
    File name File version File size Date Time Platform
    Ntfs.sys 6.0.6001.22762 1,524,112 13-Sep-2010 23:36 x64
    Ntfs.sys 6.0.6002.22486 1,504,656 13-Sep-2010 23:36 x64
    For all supported IA-64-based versions of Windows Server 2008
    File name File version File size Date Time Platform
    Ntfs.sys 6.0.6001.22762 3,279,248 13-Sep-2010 23:31 IA-64
    Ntfs.sys 6.0.6002.22486 3,282,320 13-Sep-2010 23:31 IA-64

    다음 사이트에서 다운로드 받기 바랍니다.
    The computer stops responding when you rename a folder in Windows Server 2008, in Windows Vista, in Windows 7 and in Windows Server 2008 R2
    http://support.microsoft.com/kb/980382/en-US

    [참고자료]
    A computer that is running Windows Server 2008 SP2 or Windows Vista SP2 stops responding when an application uses the NTFS sparse files
    http://support.microsoft.com/kb/974646/en-us

    Stop error message on a computer that is running Windows Server 2008 SP2 or Windows Vista SP2: "0x00000024 NTFS_FILE_SYSTEM"
    http://support.microsoft.com/kb/975663/en-us


    제가 문제에 대해 더 알아야 할 것이 있다면 응답 주시면 감사하겠습니다.
    제시해 드린 답변이 도움이 되었기를 바랍니다.
     
    답변이 문제 해결에 도움이 되었다면 답변으로 채택을 부탁드립니다.하지만 문제 해결이 되지 않아서 정확한 답변을 원하는 경우에는 문제의 정보를 더 자세하게 답변으로 제공해주시기 바랍니다.

    2012년 3월 5일 월요일 오전 7:58
    중재자
  • 확인 1 : HP ML350 G6 모델로 Smart Array P410i controlle 운영 중.

    확인 2 : Ntfs.sys 버전
                현재버전 - 6.0.6002.18005
                Hotfix를 설치해야 하나요?
                문제가 발생한 서버의 현상과 Hotfix 의 현상 및 원인이 유사한지요?

    2012년 3월 6일 화요일 오전 2:02