locked
windows server 2008 r2 shutdown and reboot RRS feed

  • 問題

  • Hi, Engineer,

     

    Our company has a terminal server (windows server 2008 r2), the server is shutdown and reboot, I open event viewer and check the error code as follow,

     

    Log Name:      System

    Source:        EventLog

    Date:          8/14/2012 7:34:04 PM

    Event ID:      6008

    Task Category: None

    Level:         Error

    Keywords:      Classic

    User:          N/A

    Computer:      vterminal.oval.com

    Description:

    The previous system shutdown at 19:31:00 on 14/8/2012 was unexpected.

     

    I already check forums and download debugger tools for trace the memory dump file. the message as follow:

     

    Loading User Symbols

    Loading unloaded module list
    ....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck BE, {8fb53000, b8003121, 8d5b3b60, b}

    Probably caused by : ntkrpamp.exe ( nt!KiTrap0E+dc )

    Followup: MachineOwner
    ---------

    2: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    ATTEMPTED_WRITE_TO_READONLY_MEMORY (be)
    An attempt was made to write to readonly memory.  The guilty driver is on the
    stack trace (and is typically the current instruction pointer).
    When possible, the guilty driver's name (Unicode string) is printed on
    the bugcheck screen and saved in KiBugCheckDriver.
    Arguments:
    Arg1: 8fb53000, Virtual address for the attempted write.
    Arg2: b8003121, PTE contents.
    Arg3: 8d5b3b60, (reserved)
    Arg4: 0000000b, (reserved)

    Debugging Details:
    ------------------


    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    BUGCHECK_STR:  0xBE

    PROCESS_NAME:  System

    CURRENT_IRQL:  0

    TRAP_FRAME:  8d5b3b60 -- (.trap 0xffffffff8d5b3b60)
    ErrCode = 00000003
    eax=87f7e000 ebx=87f7b000 ecx=00000400 edx=00000000 esi=87f7d000 edi=8fb53000
    eip=818f7073 esp=8d5b3bd4 ebp=8d5b3bdc iopl=0         nv up ei pl nz ac po nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010212
    nt!memcpy+0x33:
    818f7073 f3a5            rep movs dword ptr es:[edi],dword ptr [esi]
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from 8189bdd4 to 818e6379

    STACK_TEXT:  
    8d5b3b48 8189bdd4 00000001 8fb53000 00000000 nt!MmAccessFault+0x10a
    8d5b3b48 818f7073 00000001 8fb53000 00000000 nt!KiTrap0E+0xdc
    8d5b3bdc 81a23eb4 8fb51000 87f7b000 00003000 nt!memcpy+0x33
    8d5b3c3c 81a3126c c7a512e8 d4a9c520 00000004 nt!CmpFileWriteThroughCache+0x98
    8d5b3cd0 81a30547 00000004 8d5b3cf0 c7a51610 nt!HvWriteHive+0x285
    8d5b3cf8 81a32118 8194de10 81983ec8 00000000 nt!HvSyncHive+0xa8
    8d5b3d14 81a31f8e 81950100 8d5b3d36 8d5b3d3c nt!CmpDoFlushNextHive+0xdc
    8d5b3d44 818f3e22 00000000 00000000 84db2ad0 nt!CmpLazyFlushWorker+0x9a
    8d5b3d7c 81a23fe2 00000000 73ba0910 00000000 nt!ExpWorkerThread+0xfd
    8d5b3dc0 8188cefe 818f3d25 00000001 00000000 nt!PspSystemThreadStartup+0x9d
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


    STACK_COMMAND:  kb

    FOLLOWUP_IP: 
    nt!KiTrap0E+dc
    8189bdd4 85c0            test    eax,eax

    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  nt!KiTrap0E+dc

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: nt

    IMAGE_NAME:  ntkrpamp.exe

    DEBUG_FLR_IMAGE_TIMESTAMP:  4dfb5603

    FAILURE_BUCKET_ID:  0xBE_nt!KiTrap0E+dc

    BUCKET_ID:  0xBE_nt!KiTrap0E+dc

    Followup: MachineOwner

     

    Please help me what cause affect the server shutdown and reboot, how to solve the problems?

     

    Thanks!

    Dickson

    2012年8月26日 下午 04:07

所有回覆

  • 你可以試下這個方法~

    Event ID: 41 Source: Kernel-Power

    Source: Kernel-Power
    Type: Critical
    Description:
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding crashed or lost power unexpectedly.
     
    Comments:

            This event is simply recording the fact that the system was shut down ungracefully. It does not provide information on the source of the problem,  but just the fact there is a problem. When this is happening there is a risk of data loss (the information still in the memory cache,  that was not flushed to the hard disk). In most cases this indicates a serious problem with the operating system such as corrupted operating system files,  faulty memory modules,  faulty hardware drivers.

    At the very least,  the following steps should be performed:
    1. Shut down the system,  unplug it from power and wait at least 10 seconds.
    2. Turn on the system,  run a checkdsk against all the drives in order to identify and correct hard disk errors (this may or may not fix the problem,  it depends on the nature of the corrupted files - if ay)
    3. Run an antivirus and scan the whole system (it may take a while but it's a good thing to do anyway).
    4. Run the Windows Update to install all the latests service pack and hotfixes applicable to that system.
    5. If new hardware has been installed,  disconnect it and try to obtain the latest drivers for it
    6. Backup all the important data - you may not get many more chances to do that
    2012年8月28日 下午 01:48