none
Windows Server 2012 R2 Standard 不定时蓝屏卡死机,只能手动重启服务器. RRS feed

  • 问题

  • 哪位大神帮忙查看下蓝屏报错问题,信息如下:

    Your PC ran into a problem and needs to restart. Were just collecting some error into, and then well testart for you. (100% complete)

    if youd like to know more, you can search online later for this error:

    KERNRL_SECURITY_CHECK_FAILURE

    如下地址是我们服务器的“MEMORY.DMP”文件,请大神帮忙分析下蓝屏原因,非常感谢。

    https://pan.baidu.com/s/1Jyzb1YFeKCjvTSeGctKX7A


    2018年11月2日 8:58

答案

  • 您好,

    感谢您的回复。

    如果您有任何其他疑问,请随时贴出。

    Best regards,

    Yilia


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • 已标记为答案 hc65929 2019年5月6日 8:28
    2018年11月8日 1:09
    版主

全部回复

  • 您好,

    感谢您的发帖。

    根据您提供的dump信息,可能是 topsecpf.sys 导致的蓝屏,该文件时天融信网络客服端的某个驱动程序。

    建议您:

    1. 升级或卸载该应用,观察问题是否依旧出现。

    2. 联系天融信技术支持寻求进一步的帮助。

    Best regards,

    Yilia


    Please remember to mark the reply as an answer if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    2018年11月5日 6:02
    版主
  • 你好,是否可以把具体“MEMORY.DMP”分析报错结果给我,这是我们另外一台服务器,服务器上已经没有“topsecpf.sys”这文件了,谢谢。
    2018年11月5日 6:08
  • 您好,

    感谢您的回复。

    分析结果:

    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    KERNEL_SECURITY_CHECK_FAILURE (139)
    A kernel component has corrupted a critical data structure.  The corruption
    could potentially allow a malicious user to gain control of this machine.
    Arguments:
    Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
    Arg2: ffffd00024237b80, Address of the trap frame for the exception that caused the bugcheck
    Arg3: ffffd00024237ad8, Address of the exception record for the exception that caused the bugcheck
    Arg4: 0000000000000000, Reserved
    Debugging Details:
    ------------------

    KEY_VALUES_STRING: 1

    STACKHASH_ANALYSIS: 1
    TIMELINE_ANALYSIS: 1

    DUMP_CLASS: 1
    DUMP_QUALIFIER: 401
    BUILD_VERSION_STRING:  9600.16384.amd64fre.winblue_rtm.130821-1623
    SYSTEM_MANUFACTURER:  Dell Inc.
    SYSTEM_PRODUCT_NAME:  PowerEdge R730
    SYSTEM_SKU:  SKU=NotProvided;ModelName=PowerEdge R730
    BIOS_VENDOR:  Dell Inc.
    BIOS_VERSION:  2.4.3
    BIOS_DATE:  01/17/2017
    BASEBOARD_MANUFACTURER:  Dell Inc.
    BASEBOARD_PRODUCT:  0WCJNT
    BASEBOARD_VERSION:  A07
    DUMP_TYPE:  1
    BUGCHECK_P1: 3
    BUGCHECK_P2: ffffd00024237b80
    BUGCHECK_P3: ffffd00024237ad8
    BUGCHECK_P4: 0
    TRAP_FRAME:  ffffd00024237b80 -- (.trap 0xffffd00024237b80)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=ffffe00006908990 rbx=0000000000000000 rcx=0000000000000003
    rdx=ffffe00000592190 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff8010276c891 rsp=ffffd00024237d10 rbp=0000000000000000
     r8=fffff80000fce350  r9=0000000000000000 r10=fffff80001619200
    r11=ffffd00024237e88 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up di pl nz na pe nc
    nt!ExInterlockedInsertTailList+0xad:
    fffff801`0276c891 cd29            int     29h
    Resetting default scope
    EXCEPTION_RECORD:  ffffd00024237ad8 -- (.exr 0xffffd00024237ad8)
    ExceptionAddress: fffff8010276c891 (nt!ExInterlockedInsertTailList+0x00000000000000ad)
       ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
      ExceptionFlags: 00000001
    NumberParameters: 1
       Parameter[0]: 0000000000000003
    Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
    CPU_COUNT: 6
    CPU_MHZ: 6a4
    CPU_VENDOR:  GenuineIntel
    CPU_FAMILY: 6
    CPU_MODEL: 4f
    CPU_STEPPING: 1
    CPU_MICROCODE: 6,4f,1,0 (F,M,S,R)  SIG: B00001F'00000000 (cache) B00001F'00000000 (init)
    BUGCHECK_STR:  0x139
    PROCESS_NAME:  lsass.exe
    CURRENT_IRQL:  0
    DEFAULT_BUCKET_ID:  FAIL_FAST_CORRUPT_LIST_ENTRY
    ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
    EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
    EXCEPTION_CODE_STR:  c0000409
    EXCEPTION_PARAMETER1:  0000000000000003
    ANALYSIS_SESSION_HOST:  VYALZH559VM
    ANALYSIS_SESSION_TIME:  11-05-2018 15:37:20.0782
    ANALYSIS_VERSION: 10.0.17763.1 amd64fre
    LAST_CONTROL_TRANSFER:  from fffff801027d6be9 to fffff801027cb0a0
    STACK_TEXT: 
    ffffd000`24237858 fffff801`027d6be9 : 00000000`00000139 00000000`00000003 ffffd000`24237b80 ffffd000`24237ad8 : nt!KeBugCheckEx
    ffffd000`24237860 fffff801`027d6f10 : ffffe000`1039328b fffff800`00bb2200 ffffe000`10003170 ffffd000`24237a89 : nt!KiBugCheckDispatch+0x69
    ffffd000`242379a0 fffff801`027d6134 : ffffe000`0d1b1d10 ffffe000`01579f30 ffffe000`016b97c0 fffff800`011584d0 : nt!KiFastFailDispatch+0xd0
    ffffd000`24237b80 fffff801`0276c891 : ffffe000`067257c0 ffffc000`03569af0 ffffe000`0c069880 ffffd000`24237dc0 : nt!KiRaiseSecurityCheckFailure+0xf4
    ffffd000`24237d10 fffff800`00fc9d14 : ffffe000`168139a0 ffffd000`24237e29 ffffe000`01858f30 ffffe000`16813a73 : nt!ExInterlockedInsertTailList+0xad
    ffffd000`24237d50 fffff801`026be118 : ffffe000`168139a0 ffffe000`00592100 ffff85cd`000f0100 fffff801`029560c0 : topsecpf+0x2d14
    ffffd000`24237d80 fffff800`016053f4 : ffffe000`03c99010 ffffe000`16813a02 ffffe000`168139a0 00000000`000007ff : nt!IopfCompleteRequest+0x438
    ffffd000`24237e90 fffff800`00fc9eb6 : 69746365`6e6e6f43 ffffe000`0f59b580 73736572`64644174 ffffd000`24237f40 : tdx!TdxTdiDispatchCreate+0x214
    ffffd000`24237f20 fffff800`00fc826d : ffffe000`16813ab8 ffffe000`168139a0 ffffe000`168139a0 00000000`00000000 : topsecpf+0x2eb6
    ffffd000`24237f60 fffff800`00fc8739 : ffffe000`01858de0 ffffe000`16813ab8 ffffe000`168139a0 ffffe000`16813b00 : topsecpf+0x126d
    ffffd000`24237f90 fffff801`02a464e3 : 00000000`00000085 00000000`00000000 ffffe000`168139a0 00000000`00000000 : topsecpf+0x1739
    ffffd000`24237fc0 fffff801`02a4207f : ffffc000`00014d58 ffffc000`00014d58 ffffe000`0a3c9010 ffffe000`01831030 : nt!IopParseDevice+0x7b3
    ffffd000`242381c0 fffff801`02a3fa83 : 00000000`00000000 ffffd000`242383b8 ffffe000`00000240 ffffe000`0038ac60 : nt!ObpLookupObjectName+0x6ef
    ffffd000`24238340 fffff801`02a3ce72 : 00000000`00000001 ffffe000`04a370a8 ffffd000`24238658 00000000`00000020 : nt!ObOpenObjectByName+0x1e3
    ffffd000`24238470 fffff801`02b295e2 : ffffe000`102bd8f8 00000000`c0100000 ffffd000`24238628 0000008e`0011f6d0 : nt!IopCreateFile+0x372
    ffffd000`24238510 fffff800`00ba5ac2 : ffffe000`102bd850 ffffe000`078516d0 ffffd000`24238691 00000000`00000000 : nt!IoCreateFile+0x8a
    ffffd000`242385a0 fffff800`00b86bf8 : ffffe000`10393318 ffffe000`10393170 ffffe000`078516d0 ffffd000`24238b80 : afd! ?? ::GFJBLGFE::`string'+0x187c
    ffffd000`242386e0 fffff800`00b8548d : ffffe000`07855330 ffffd000`24238b80 ffffe000`10393170 ffffe000`07851601 : afd!AfdAddFreeConnection+0xb8
    ffffd000`24238730 fffff800`00bad2a6 : 00000000`00000000 00000000`00000000 ffffe000`078516d0 ffffe000`07851f20 : afd!AfdReplenishListenBacklog+0x29
    ffffd000`24238760 fffff800`00b933a6 : ffffe000`10393170 00000000`00012083 ffffe000`07851f20 ffffe000`078516d0 : afd! ?? ::GFJBLGFE::`string'+0x9b9f
    ffffd000`24238840 fffff801`02a45395 : ffffe000`10393170 ffffd000`24238b80 ffffe000`07851f20 fffff801`0296c180 : afd!AfdDispatchDeviceControl+0x66
    ffffd000`24238870 fffff801`02a45d2a : e0000676`a85078c7 0000000c`001f0003 00000000`00000000 0000008e`65e21b98 : nt!IopXxxControlFile+0x845
    ffffd000`24238a20 fffff801`027d68b3 : 00000000`00000102 ffffd000`24238ad8 00000000`00000001 00000000`00000000 : nt!NtDeviceIoControlFile+0x56
    ffffd000`24238a90 00007ffc`17c07b4a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    0000008e`0011f7f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffc`17c07b4a

    THREAD_SHA1_HASH_MOD_FUNC:  7275c380e72cc7800d0f1de134ecdde03a3b514c
    THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  235e5707c939daba5a48314ea2ee1c015f72bb92
    THREAD_SHA1_HASH_MOD:  10ef8bd4b1722253590a721db30ffbd321528926
    FOLLOWUP_IP:
    topsecpf+2d14
    fffff800`00fc9d14 4885f6          test    rsi,rsi
    FAULT_INSTR_CODE:  74f68548
    SYMBOL_STACK_INDEX:  5
    SYMBOL_NAME:  topsecpf+2d14
    FOLLOWUP_NAME:  MachineOwner
    MODULE_NAME: topsecpf
    IMAGE_NAME:  topsecpf.sys
    DEBUG_FLR_IMAGE_TIMESTAMP:  4d6da0f2
    STACK_COMMAND:  .thread ; .cxr ; kb
    BUCKET_ID_FUNC_OFFSET:  2d14
    FAILURE_BUCKET_ID:  0x139_3_CORRUPT_LIST_ENTRY_topsecpf!unknown_function
    BUCKET_ID:  0x139_3_CORRUPT_LIST_ENTRY_topsecpf!unknown_function
    PRIMARY_PROBLEM_CLASS:  0x139_3_CORRUPT_LIST_ENTRY_topsecpf!unknown_function
    TARGET_TIME:  2018-11-02T06:31:41.000Z
    OSBUILD:  9600
    OSSERVICEPACK:  0
    SERVICEPACK_NUMBER: 0
    OS_REVISION: 0
    SUITE_MASK:  272
    PRODUCT_TYPE:  2
    OSPLATFORM_TYPE:  x64
    OSNAME:  Windows 8.1
    OSEDITION:  Windows 8.1 LanManNt TerminalServer SingleUserTS
    OS_LOCALE: 
    USER_LCID:  0
    OSBUILD_TIMESTAMP:  2013-08-22 17:52:38
    BUILDDATESTAMP_STR:  130821-1623
    BUILDLAB_STR:  winblue_rtm
    BUILDOSVER_STR:  6.3.9600.16384.amd64fre.winblue_rtm.130821-1623
    ANALYSIS_SESSION_ELAPSED_TIME:  da5
    ANALYSIS_SOURCE:  KM
    FAILURE_ID_HASH_STRING:  km:0x139_3_corrupt_list_entry_topsecpf!unknown_function
    FAILURE_ID_HASH:  {7d6915eb-8c8b-b32e-d4d4-a1676df73917}
    Followup:     MachineOwner
    ---------
      

    0: kd> lmvm topsecpf
    Browse full module list
    start             end                 module name
    fffff800`00fc7000 fffff800`00fd5000   topsecpf   (no symbols)          
        Loaded symbol image file: topsecpf.sys
        Image path: \??\C:\Windows\sysWOW64\drivers\topsecpf.sys
        Image name: topsecpf.sys
        Browse all global symbols  functions  data
      Timestamp:        Tue Mar  1 18:44:18 2011 (4D6DA0F2)
        CheckSum:         0000F8D7
        ImageSize:        0000E000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
        Information from resource tables:

    Best regards,

    Yilia


    Please remember to mark the reply as an answer if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    2018年11月5日 6:39
    版主
  • 好的,谢谢我需要继续测试下。
    2018年11月5日 7:22
  • 您好,

    请问您的问题进展的怎么样了?

    我十分乐意帮助解决您的问题,希望您能及时给我一个反馈。

    Best regards,

    Yilia Zhao



    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2018年11月7日 1:12
    版主
  • 我在Server中没有搜索到topsecpf.sys这个文件,但我已经把天融信软件卸载了,我会在测试几天时间,非常感谢。
    2018年11月8日 0:28
  • 您好,

    感谢您的回复。

    如果您有任何其他疑问,请随时贴出。

    Best regards,

    Yilia


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • 已标记为答案 hc65929 2019年5月6日 8:28
    2018年11月8日 1:09
    版主