Remove From My Forums

Windows Server 2012 总是重启，已附上dmp文件截图

问题

登录进行投票

Windows Server 2012 服务器总是重启，获取了MEMORY.dmp和MiniDmp文件，能否帮忙分析一下原因。

----------------------------MEMORY.dmp

Microsoft (R) Windows Debugger Version 10.0.18914.1001 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\futur\Desktop\MEMORY.DMP] Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available. ************* Path validation summary ************** Response Time (ms) Location Deferred srv* Symbol search path is: srv* Executable search path is: Windows 8 Kernel Version 9200 MP (80 procs) Free x64 Product: Server, suite: TerminalServer SingleUserTS Built by: 9200.22775.amd64fre.win8_ldr_escrow.190522-1700 Machine Name: Kernel base = 0xfffff801`0061c000 PsLoadedModuleList = 0xfffff801`008b89c0 Debug session time: Thu Jul 4 09:56:14.729 2019 (UTC + 8:00) System Uptime: 0 days 0:37:13.437 Loading Kernel Symbols ............................................................... ........................................................Page 110b6a not present in the dump file. Type ".hh dbgerr004" for details ........ ............................ Loading User Symbols PEB is paged out (Peb.Ldr = 00000000`7ffdf018). Type ".hh dbgerr001" for details Loading unloaded module list ........ For analysis of this file, run !analyze -v nt!KeBugCheckEx: fffff801`007cb720 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffff880`059cb5b0=000000000000003b 28: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. Arguments: Arg1: 00000000c0000005, Exception code that caused the bugcheck Arg2: fffff880015024c4, Address of the instruction which caused the bugcheck Arg3: fffff880059cbea0, Address of the context record for the exception that caused the bugcheck Arg4: 0000000000000000, zero. Debugging Details: ------------------ KEY_VALUES_STRING: 1 Key : Analysis.CPU.Sec Value: 3 Key : Analysis.Elapsed.Sec Value: 27 Key : Analysis.Memory.CommitPeak.Mb Value: 67 PROCESSES_ANALYSIS: 1 SERVICE_ANALYSIS: 1 STACKHASH_ANALYSIS: 1 TIMELINE_ANALYSIS: 1 DUMP_CLASS: 1 DUMP_QUALIFIER: 401 BUILD_VERSION_STRING: 9200.22775.amd64fre.win8_ldr_escrow.190522-1700 SYSTEM_MANUFACTURER: Huawei SYSTEM_PRODUCT_NAME: RH5885 V3 SYSTEM_SKU: Type1Sku0 SYSTEM_VERSION: V100R003 BIOS_VENDOR: American Megatrends Inc. BIOS_VERSION: BLISV787 BIOS_DATE: 11/04/2016 BASEBOARD_MANUFACTURER: Huawei BASEBOARD_PRODUCT: BC61BLCB BASEBOARD_VERSION: V100R003 DUMP_TYPE: 1 BUGCHECK_P1: c0000005 BUGCHECK_P2: fffff880015024c4 BUGCHECK_P3: fffff880059cbea0 BUGCHECK_P4: 0 EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%p 0x%p %s FAULTING_IP: NDIS!ndisFreePacketPool+30 fffff880`015024c4 488b11 mov rdx,qword ptr [rcx] CONTEXT: fffff880059cbea0 -- (.cxr 0xfffff880059cbea0) rax=0000000000000000 rbx=fffffab000003d09 rcx=00fffffab000003d rdx=0000000000000000 rsi=fffffab01ec65fb0 rdi=fffffab000003d51 rip=fffff880015024c4 rsp=fffff880059cc890 rbp=0000000000000000 r8=0000000000000000 r9=0000000000000012 r10=fffffab000618f00 r11=0000000000000000 r12=fffffab05d6b2240 r13=fffffab009cdb060 r14=0000000000000001 r15=fffffab05d6b2240 iopl=0 nv up ei pl nz na pe cy cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010203 NDIS!ndisFreePacketPool+0x30: fffff880`015024c4 488b11 mov rdx,qword ptr [rcx] ds:002b:00fffffa`b000003d=???????????????? Resetting default scope BUGCHECK_STR: 0x3B_c0000005 CPU_COUNT: 50 CPU_MHZ: 767 CPU_VENDOR: GenuineIntel CPU_FAMILY: 6 CPU_MODEL: 3f CPU_STEPPING: 4 CPU_MICROCODE: 6,3f,4,0 (F,M,S,R) SIG: E'00000000 (cache) E'00000000 (init) DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT PROCESS_NAME: vrvarp.exe CURRENT_IRQL: 2 ANALYSIS_SESSION_HOST: DESKTOP-DA2M5V3 ANALYSIS_SESSION_TIME: 07-04-2019 13:19:00.0431 ANALYSIS_VERSION: 10.0.18914.1001 amd64fre LAST_CONTROL_TRANSFER: from fffff880015025f1 to fffff880015024c4 STACK_TEXT: fffff880`059cc890 fffff880`015025f1 : fffffab0`00003d09 00000000`00000000 fffffab0`1ec65fb0 fffffab0`1ec65ee0 : NDIS!ndisFreePacketPool+0x30 fffff880`059cc8c0 fffff880`12486c13 : 00000000`00000001 fffffab0`1e890000 00000000`00000000 fffffab0`1ec65ee0 : NDIS!NdisFreePacketPool+0x2e fffff880`059cc8f0 fffff801`0099db36 : fffffab0`5c39d620 00000000`00000000 fffffab0`5c39d620 00000000`00000000 : EdpPcap+0x2c13 fffff880`059cc930 fffff801`0099d69a : 00000000`00000000 00000000`0008fd00 fffffab0`005d8e90 00000000`00000000 : nt!IopCloseFile+0x146 fffff880`059cc9c0 fffff801`0099d463 : 00000000`00000144 fffffab0`5c39d5f0 fffffab0`5d6b2240 00000000`7ffdb000 : nt!ObpDecrementHandleCount+0x9a fffff880`059cca60 fffff801`007db483 : fffffab0`5d5adb00 00000000`7ffdb000 00000000`7ffdb000 00000000`0008fdb0 : nt!NtClose+0x383 fffff880`059ccb00 000007fb`8c8d34aa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`0008e518 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x000007fb`8c8d34aa THREAD_SHA1_HASH_MOD_FUNC: 3739a9629eb3b5f0524b7f88ec78babca54c29ce THREAD_SHA1_HASH_MOD_FUNC_OFFSET: a2ff24136b4f3520b8ff8659d14c1fc0ed3b5bdf THREAD_SHA1_HASH_MOD: 0fc2728c969489861c16401cca0840677517fd69 FOLLOWUP_IP: EdpPcap+2c13 fffff880`12486c13 488b8b501d0000 mov rcx,qword ptr [rbx+1D50h] FAULT_INSTR_CODE: 508b8b48 SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: EdpPcap+2c13 FOLLOWUP_NAME: MachineOwner MODULE_NAME: EdpPcap IMAGE_NAME: EdpPcap.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4a002bbb STACK_COMMAND: .cxr 0xfffff880059cbea0 ; kb BUCKET_ID_FUNC_OFFSET: 2c13 FAILURE_BUCKET_ID: 0x3B_c0000005_EdpPcap!unknown_function BUCKET_ID: 0x3B_c0000005_EdpPcap!unknown_function PRIMARY_PROBLEM_CLASS: 0x3B_c0000005_EdpPcap!unknown_function TARGET_TIME: 2019-07-04T01:56:14.000Z OSBUILD: 9200 OSSERVICEPACK: 22775 SERVICEPACK_NUMBER: 0 OS_REVISION: 0 SUITE_MASK: 272 PRODUCT_TYPE: 3 OSPLATFORM_TYPE: x64 OSNAME: Windows 8 OSEDITION: Windows 8 Server TerminalServer SingleUserTS OS_LOCALE: USER_LCID: 0 OSBUILD_TIMESTAMP: 2019-05-23 10:22:34 BUILDDATESTAMP_STR: 190522-1700 BUILDLAB_STR: win8_ldr_escrow BUILDOSVER_STR: 6.2.9200.22775.amd64fre.win8_ldr_escrow.190522-1700 ANALYSIS_SESSION_ELAPSED_TIME: 6c7a ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:0x3b_c0000005_edppcap!unknown_function FAILURE_ID_HASH: {7c5d7973-da6b-e48a-64f2-2ad03744647d} Followup: MachineOwner ---------

--------------------070319-39796-01.dmp

Microsoft (R) Windows Debugger Version 10.0.18914.1001 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Users\futur\Desktop\新建文件夹 (2)\070319-39796-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 8 Kernel Version 9200 MP (80 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Built by: 9200.22775.amd64fre.win8_ldr_escrow.190522-1700
Machine Name:
Kernel base = 0xfffff803`2be77000 PsLoadedModuleList = 0xfffff803`2c1139c0
Debug session time: Wed Jul 3 18:16:25.679 2019 (UTC + 8:00)
System Uptime: 0 days 6:43:05.100
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
........
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff803`2c026720 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffff880`13fe1840=0000000000000019
42: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000021, the data following the pool block being freed is corrupt. Typically this means the consumer (call stack ) has overrun the block.
Arg2: fffffab04100c000, The pool pointer being freed.
Arg3: 0000000000002990, The number of bytes allocated for the pool block.
Arg4: 0000000000000000, The corrupted value found following the pool block.

Debugging Details:
------------------

*** WARNING: Unable to verify timestamp for EdpPcap.sys
GetUlongPtrFromAddress: unable to read from fffff8032c196318

KEY_VALUES_STRING: 1

Key : Analysis.CPU.Sec
Value: 2

Key : Analysis.Elapsed.Sec
Value: 7

Key : Analysis.Memory.CommitPeak.Mb
Value: 61

PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1

DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING: 9200.22775.amd64fre.win8_ldr_escrow.190522-1700

SYSTEM_MANUFACTURER: Huawei

SYSTEM_PRODUCT_NAME: RH5885 V3

SYSTEM_SKU: Type1Sku0

SYSTEM_VERSION: V100R003

BIOS_VENDOR: American Megatrends Inc.

BIOS_VERSION: BLISV787

BIOS_DATE: 11/04/2016

BASEBOARD_MANUFACTURER: Huawei

BASEBOARD_PRODUCT: BC61BLCB

BASEBOARD_VERSION: V100R003

DUMP_TYPE: 2

BUGCHECK_P1: 21

BUGCHECK_P2: fffffab04100c000

BUGCHECK_P3: 2990

BUGCHECK_P4: 0

BUGCHECK_STR: 0x19_21

POOL_ADDRESS: GetPointerFromAddress: unable to read from fffff8032c196170
Unable to get MmSystemRangeStart
GetUlongPtrFromAddress: unable to read from fffff8032c196380
GetUlongPtrFromAddress: unable to read from fffff8032c1964a8
GetPointerFromAddress: unable to read from fffff8032c196070
fffffab04100c000 Nonpaged pool

CPU_COUNT: 50

CPU_MHZ: 767

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 3f

CPU_STEPPING: 4

CPU_MICROCODE: 6,3f,4,0 (F,M,S,R) SIG: E'00000000 (cache) E'00000000 (init)

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT_SERVER

PROCESS_NAME: vrvarp.exe

CURRENT_IRQL: 0

ANALYSIS_SESSION_HOST: DESKTOP-DA2M5V3

ANALYSIS_SESSION_TIME: 07-04-2019 13:43:03.0564

ANALYSIS_VERSION: 10.0.18914.1001 amd64fre

LAST_CONTROL_TRANSFER: from fffff8032c0b6493 to fffff8032c026720

STACK_TEXT:
fffff880`13fe1838 fffff803`2c0b6493 : 00000000`00000019 00000000`00000021 fffffab0`4100c000 00000000`00002990 : nt!KeBugCheckEx
fffff880`13fe1840 fffff880`11481c8b : fffffab0`40f62060 fffffab0`3e05d5e0 00000000`00000000 fffffab0`304f5741 : nt!ExFreePoolWithTag+0x493
fffff880`13fe18f0 fffffab0`40f62060 : fffffab0`3e05d5e0 00000000`00000000 fffffab0`304f5741 00000000`00000000 : EdpPcap+0x2c8b
fffff880`13fe18f8 fffffab0`3e05d5e0 : 00000000`00000000 fffffab0`304f5741 00000000`00000000 fffffab0`3e05d510 : 0xfffffab0`40f62060
fffff880`13fe1900 00000000`00000000 : fffffab0`304f5741 00000000`00000000 fffffab0`3e05d510 00000000`00000000 : 0xfffffab0`3e05d5e0

THREAD_SHA1_HASH_MOD_FUNC: 6ba027c83e9976149ffacba9fbfa88024f6e8a27

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: d4a74348b3d10f364f9e78e1bc5ffeb4a4fa95bc

THREAD_SHA1_HASH_MOD: d3b72f2dd4f628a9a9ddeddf2c8d495199d321c1

FOLLOWUP_IP:
EdpPcap+2c8b
fffff880`11481c8b ?? ???

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: EdpPcap+2c8b

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: EdpPcap

IMAGE_NAME: EdpPcap.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4a002bbb

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 2c8b

FAILURE_BUCKET_ID: 0x19_21_EdpPcap!unknown_function

BUCKET_ID: 0x19_21_EdpPcap!unknown_function

PRIMARY_PROBLEM_CLASS: 0x19_21_EdpPcap!unknown_function

TARGET_TIME: 2019-07-03T10:16:25.000Z

OSBUILD: 9200

OSSERVICEPACK: 22775

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 272

PRODUCT_TYPE: 3

OSPLATFORM_TYPE: x64

OSNAME: Windows 8

OSEDITION: Windows 8 Server TerminalServer SingleUserTS

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 2019-05-23 10:22:34

BUILDDATESTAMP_STR: 190522-1700

BUILDLAB_STR: win8_ldr_escrow

BUILDOSVER_STR: 6.2.9200.22775.amd64fre.win8_ldr_escrow.190522-1700

ANALYSIS_SESSION_ELAPSED_TIME: 1c3f

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:0x19_21_edppcap!unknown_function

FAILURE_ID_HASH: {18c84e6f-2058-fffc-9ece-e896e7b640a0}

Followup: MachineOwner
---------

2019年7月4日 5:43

全部回复

0

登录进行投票

更新重置一下

2019年7月8日 5:31

回复

|

引用
0

登录进行投票
你好，

根据你提供的memory dump和mini dump 文件来看，主要受到问题的进程是vrvarp.exe。堆栈中：EdpPcap+0x2c8b，出现问题的文件IMAGE_NAME: EdpPcap.sys，这三个似乎显示你的电脑中安装的是三方的安全软件，这个安全软件的进程阻止了某些文件的运行，导致系统重启。可以进行卸载，或者更换一下软件的版本。

希望对您有帮助，如果回答是有帮助的, 请将其标记为答案, 可以帮助其他有相同问题的社区成员, 并快速找到有用的答复。

Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
- 已建议为答案 Carl FanMicrosoft contingent staff 2019年7月12日 7:47
2019年7月8日 7:59

回复

|

引用
0

登录进行投票

感谢您的回答，您说的更新重置一下是指系统更新么？

2019年7月12日 4:53

回复

|

引用
0

登录进行投票
你好，

根据dump来看就是基本就是这个安全软件引起的。可以卸载一下或者更新一下软件的版本。

您指的更新应该是系统的安全更新。例如下方链接中的windows server 2012更新历史，显示了每个月的安全更新。可以手动下载安装。

https://support.microsoft.com/en-sg/help/4009471/windows-server-2012-update-history

或者就直接通过系统自带的check for update。

希望对您有帮助，如果回答是有帮助的, 请将其标记为答案, 可以帮助其他有相同问题的社区成员, 并快速找到有用的答复。
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
- 已建议为答案 Carl FanMicrosoft contingent staff 2019年7月29日 9:30
2019年7月12日 7:47

回复

|

引用
0

登录进行投票
你好，
几天没收到你的留言了, 请问问题有什么进展吗？
我正在建议有帮助的答复为 "回答"。请随时尝试一下, 让我知道结果。如果回答是有帮助的, 请记住将其标记为答案, 可以帮助其他有相同问题的社区成员, 并快速找到有用的答复。
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
- 已建议为答案 Carl FanMicrosoft contingent staff 2019年7月31日 2:17
2019年7月29日 9:31

回复

|

引用

产品

Resources

Solutions

更新

试用版

相关站点

培训

认证

其他资源

产品支持

其他支持

不是 IT 专业人员？

询问者

Windows Server 2012 总是重启，已附上dmp文件截图

问题

全部回复