BSoD on 2003 TS - varying error codes
in [Terminal Services]
|
Prev: TSE 2008 AND FUNCTION DOMAIN 2003
Next: Receiving error 4105 on licensing server - how can I eliminate it?
From: TP on 28 Jan 2009 11:35 Hi, Most likely one or more of the following are causing the problem: - Faulty hardware - Corrupt files - Virus/malware/rootkit - Faulty device drivers - Bug in windows Since this has been an ongoing problem I would recommend you open a case with Microsoft PSS so that they can assist in dump analysis. It may be necessary to open another case with IBM as well. Another option is to completely wipe the server and reinstall from a known good image or from scratch. If the problem comes back then it is most likely faulty hardware. Below are some suggestions for troubleshooting/fixing the problem: 1. Possible faulty hardware - Run all hardware diagnostics provided by hardware vendor(s) for devices installed in the server - Run memory test/stress utilities - Remove all RAM chips and reinstall them - Remove and reinstall cards, if present (for example, NIC, RAID) - If above does not narrow down or fix the issue, swap out parts one at a time and then test to see if crash occurs, starting with RAM chips (for RAM swap a bank at a time to narrow it down quicker) 2. Possible file corruption/disk issues - Make certain you have a current backup - Run the consistency check on your RAID array(s) using your vendor's Array management software - Check the event log for the array for errors/warnings - Run chkdsk on all drives using the /r option. For the C: drive and others that are in use you will need to schedule it for next reboot. - Run sfc /scannow to check & replace problem system files 3. Possible Virus/Malware--malware that uses kernel-mode components often cause STOP errors. - Scan all drives using multiple virus and malware scanners - Scan using *multiple* packages specifically designed to look for cloaked viruses/malware. Cloaked software typically will not show up using regular virus scan software. - If needed scan/examine manually the contents of the drives offline so that any malware will not be running and thus unable to hide itself or prevent removal. - Examine everything that is starting up on this server using autoruns.exe and compare to healthy servers for clues. Use verify signatures and hide ms entries to limit the results. - Watch Mark Russinovich's video on Malware removal: http://www.microsoft.com/emea/spotlight/sessionh.aspx?videoid=359 4. Possible Faulty Device Drivers - Perform analysis of dump file to see if it points to a specific driver - Look for errors in the event logs for clues - Update drivers for critical system devices (NIC, RAID, Motherboard devices, etc.) - Update firmware for motherboard, RAID, etc. - Uninstall non-critical software that uses kernel-mode drivers. For example, anti-virus, anti-malware, firewall, backup agents, etc. 5. Bug in windows--there are hotfixes available to fix various Stop errors that occur, many related to TS environments. One may be applicable to you. - Analyze dump file for clues - Narrow down what happens near the time of each crash. For example, is a user logging off immediately before the crash? If yes there is a hotfix to address that. Is there heavy disk activity around the crash time? How about heavy network activity? Etc. - Use the Advanced Search feature of the MS knowledge base to search for Stop errors similar to yours. For example, here are the results for the ab error: http://support.microsoft.com/search/default.aspx?mode=a&query=%22Stop+0x000000ab%22&spid=3198 Please see the following document for more information: Windows Server 2003 Troubleshooting Stop Errors http://www.microsoft.com/downloads/details.aspx?familyid=859637b4-85f1-4215-b7d0-25f32057921c Thanks. -TP Michael (Xcitelogic) wrote: > Gday All > > I have a Windows Server 2003 SP2 Terminal Server which has been > giving me grief on and off for a year or so now. The server restarts > approximately once a day - without an apparent trigger for doing so. > The server in question is an IBM x306m with the latest > firmware/device drivers as per directions from IBM Technical Support. > > I seem to get fairly consistent STOP 0x00000050 codes, interspersed > with a STOP 0x000000ab or two, and a STOP 0x000000be and a STOP > 0x000000c2 for good measure. I'm being assured by the hardware > vendor that the problem lies at the software side - and having > googled for all relevant STOP codes and applying every hotfix I could > see, I still receive BSoD's on this Terminal Server. > > The last series of STOP codes were these: > Error code 000000ab, parameter1 00000001, parameter2 fffffd78, > parameter3 00000000, parameter4 ffffffff. > Error code 000000be, parameter1 f714a0b8, parameter2 bfc30121, > parameter3 f78cea4c, parameter4 0000000b. > Error code 00000050, parameter1 f7460000, parameter2 00000001, > parameter3 80834bde, parameter4 00000000. > Error code 000000ab, parameter1 00000004, parameter2 fffff338, > parameter3 00000000, parameter4 ffffffff. > Error code 000000ab, parameter1 00000013, parameter2 fffff5d8, > parameter3 00000000, parameter4 ffffffff. > Error code 000000ab, parameter1 00000001, parameter2 fffff510, > parameter3 00000000, parameter4 ffffffff. > Error code 00000050, parameter1 f7468000, parameter2 00000001, > parameter3 80834bde, parameter4 00000000. > > Is anyone able to point me in the right direction at resolving this > issue? > > Thanks in advance for any help you can provide.
From: TP on 28 Jan 2009 11:48 Hi Vera, It is much less likely that Blue Screens on 2003 are caused by a faulty printer driver because installing kernel-mode printer drivers is blocked by default. The admin would first have to disable the GP setting. Faulty user-mode printer drivers are unable to directly cause a blue screen. They *are* able to cause Print Spooler crashes and all sorts of strange behavior. -TP Vera Noest [MVP] wrote: > I *always* believe that it is a bad printer driver :-) > > Seriously, since you've ruled out hardware failure (you've opened a > support case with the IBM hardware team, I assume that they have > run every conceivable hardware stress test), experience tells that > in 99 out of 100 cases the problem is a bad printer driver. Just > check the posts in this newsgroup. > > Many 3rd party drivers are known and documented to be TS > incompatible. The fact that they don't give any problems on your > other TS doesn't mean a thing. They can work OK for years and then > start bluescreening your server. Or work OK for one user and not > for another. Or .... > > HP is the only printer manufacturer who tests his drivers for TS > (in) compatibility. So if you have any HP printer drivers > installed, check if they are on the list (note that printer driver > versions numbers must match exactly). > > HP Printers Supported in Citrix MetaFrame Presentation and Terminal > Server Environments > http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp? > objectID=c00213455 > _________________________________________________________ > Vera Noest > MCSE, CCEA, Microsoft MVP - Terminal Server > TS troubleshooting: http://ts.veranoest.net > ___ please respond in newsgroup, NOT by private email ___
From: Vera Noest [MVP] on 28 Jan 2009 15:32 Good point, TP, I guess I got a bit carried away :-) And let me also add that HP is *not* the only printer manufacturer who tests his drivers, but the only one that I know of who makes this information easily available to the public. _________________________________________________________ Vera Noest MCSE, CCEA, Microsoft MVP - Terminal Server TS troubleshooting: http://ts.veranoest.net ___ please respond in newsgroup, NOT by private email ___ "TP" <tperson.knowspamn(a)mailandnews.com> wrote on 28 jan 2009 in microsoft.public.windows.terminal_services: > Hi Vera, > > It is much less likely that Blue Screens on 2003 are caused > by a faulty printer driver because installing kernel-mode > printer drivers is blocked by default. The admin would > first have to disable the GP setting. > > Faulty user-mode printer drivers are unable to directly > cause a blue screen. They *are* able to cause Print > Spooler crashes and all sorts of strange behavior. > > -TP > > Vera Noest [MVP] wrote: >> I *always* believe that it is a bad printer driver :-) >> >> HP is the only printer manufacturer who tests his drivers for TS >> (in) compatibility.
From: Michael (Xcitelogic) on 2 Feb 2009 23:34 Thanks very much TP & Vera I can confirm that I have not enabled installing kernel-mode printer drivers as noted, so this should not be applicable. I appreciate your suggestions and help so far! Thanks again "Vera Noest [MVP]" wrote: > Good point, TP, I guess I got a bit carried away :-) > > And let me also add that HP is *not* the only printer manufacturer > who tests his drivers, but the only one that I know of who makes > this information easily available to the public. > _________________________________________________________ > Vera Noest > MCSE, CCEA, Microsoft MVP - Terminal Server > TS troubleshooting: http://ts.veranoest.net > ___ please respond in newsgroup, NOT by private email ___ > > "TP" <tperson.knowspamn(a)mailandnews.com> wrote on 28 jan 2009 in > microsoft.public.windows.terminal_services: > > > Hi Vera, > > > > It is much less likely that Blue Screens on 2003 are caused > > by a faulty printer driver because installing kernel-mode > > printer drivers is blocked by default. The admin would > > first have to disable the GP setting. > > > > Faulty user-mode printer drivers are unable to directly > > cause a blue screen. They *are* able to cause Print > > Spooler crashes and all sorts of strange behavior. > > > > -TP > > > > Vera Noest [MVP] wrote: > >> I *always* believe that it is a bad printer driver :-) > >> > >> HP is the only printer manufacturer who tests his drivers for TS > >> (in) compatibility. > >
From: Michael (Xcitelogic) on 2 Feb 2009 23:37 Thanks very much for your reply Benny I can confirm that during the rebuild of the server, prior to returning it to the CoLocation facility, I performed the IBM provided Hardware Diagnostics, and in addition to this ran a comprehensive MemTest - (I believe for around 24 hours). Unfortunately it did not show up any errors, which is a shame as I agree corrupt memory would be an ideal fit for the problems I'm having. Once again, thank you for taking the time to reply to me! "Benny Tritsch [MVP]" wrote: > The debugchk shows components that clearly belong to the OS, they're most > likely not the ones that create the BSoD. Are you really sure that the cause > is not a bad memory chip? I know you said that IBM asured you it's a > software issue. But maybe you should track the amount of memory used on the > box and find out if the bluescreen always happens when you reach a certain > point in main memory consumption or with a certain number of user sessions > logged on. > > Or just temporarily replace the main memory and see if the box still > bluescreens. > > Benny > > -- > Benny Tritsch > Microsoft MVP - Terminal Services > -- > "Michael (Xcitelogic)" <MichaelXcitelogic(a)discussions.microsoft.com> schrieb > im Newsbeitrag news:26911416-99E6-46F8-80DA-2BC44ADDA893(a)microsoft.com... > > Gday Vera > > > > Thank you very much for your response to date. I have run debugchk with > > the > > appropriate symbols on the last four BSoD's (one more happened yesterday) > > and > > the following is the output (relevant info only, in order): > > > > BugCheck 50, {f7468000, 1, 80834bde, 0} > > Could not read faulting driver name > > Probably caused by : memory_corruption ( > > nt!MiCaptureAndResetWorkingSetAccessBits+98 ) > > Followup: MachineOwner > > > > BugCheck AB, {1, fffffd78, 0, ffffffff} > > Probably caused by : ntkrnlpa.exe ( nt!KeDelayExecutionThread+b9 ) > > Followup: MachineOwner > > > > BugCheck 50, {f7460000, 1, 80834bde, 0} > > Could not read faulting driver name > > Probably cuased by : memory_corruption ( > > nt!MiCaptureAndResetWorkingSetAccessBits+98 ) > > Followup: MachineOwner > > > > BugCheck BE, {f714a0b8, bfc30121, f78cea4c, b} > > Unable to load image \SystemRootsystem32\DRIVERS\rdbss.sys, Win32 error > > 0n2 > > *** WARNING: Unable to verify timestamp for rdbss.sys > > *** WARNING: Unable to verify timestamp for Mup.sys > > Probably caused by : rdbss.sys ( rdbss!RxInitializeContext+79) > > Followup: MachineOwner > > > > With regards to your note about Printer Drivers, I may be able to perform > > this test in a couple of days - however I should note that I am using > > identical drivers to 3 other identical terminal servers in my facility > > (forming part of an NLB) without having this issue. If the above > > dumpchk's > > still lead you to believe that Printer Drivers may be the cause of the > > problem, I'll happily perform the abovementioned test. > > > > Hope this helps, and once again thank you very much for taking the time to > > reply to my question. > > > > Michael > > > > "Vera Noest [MVP]" wrote: > > > >> The memory locations for the STOP errors don't tell us much, but > >> did you notice if there was a driver name mentioned, on the fourth > >> line of the BSoD? That would be helpfull. > >> > >> Anyway, most of these STOP errors indicate a faulty driver, which > >> is handling memory incorrectly: > >> > >> Bug Check 0xBE: ATTEMPTED_WRITE_TO_READONLY_MEMORY > >> Bug Check 0xC2: BAD_POOL_CALLER > >> Bug Check 0x50: PAGE_FAULT_IN_NONPAGED_AREA > >> Bug Check 0xAB: SESSION_HAS_VALID_POOL_ON_EXIT > >> > >> And on a TS, that means in 99,99% a faulty printer driver. > >> Uninstall *all* 3rd party printer drivers (all drivers that did not > >> come with the OS). Those drivers are very often incompatible with > >> TS and are known to crash the printer spooler or the whole server. > >> > >> After completely uninstalling all printer drivers, your user's > >> local printers will probably not be redirected anymore. > >> Use the Events in the EventLog to see which drivers are missing and > >> then map those printers to a native driver, using the information > >> here: > >> > >> 239088 - Windows 2000 or Windows Server 2003 Terminal Services > >> server logs events 1111, 1105, and 1106 > >> http://support.microsoft.com/?kbid=239088 > >> > >> And / Or configure a fallback printer driver / buy a 3rd party > >> "driver free" management solution. > >> _________________________________________________________ > >> Vera Noest > >> MCSE, CCEA, Microsoft MVP - Terminal Server > >> TS troubleshooting: http://ts.veranoest.net > >> ___ please respond in newsgroup, NOT by private email ___ > >> > >> =?Utf-8?B?TWljaGFlbCAoWGNpdGVsb2dpYyk=?= <Michael > >> (Xcitelogic)@discussions.microsoft.com> wrote on 27 jan 2009 in > >> microsoft.public.windows.terminal_services: > >> > >> > Gday All > >> > > >> > I have a Windows Server 2003 SP2 Terminal Server which has been > >> > giving me grief on and off for a year or so now. The server > >> > restarts approximately once a day - without an apparent trigger > >> > for doing so. The server in question is an IBM x306m with the > >> > latest firmware/device drivers as per directions from IBM > >> > Technical Support. > >> > > >> > I seem to get fairly consistent STOP 0x00000050 codes, > >> > interspersed with a STOP 0x000000ab or two, and a STOP > >> > 0x000000be and a STOP 0x000000c2 for good measure. I'm being > >> > assured by the hardware vendor that the problem lies at the > >> > software side - and having googled for all relevant STOP codes > >> > and applying every hotfix I could see, I still receive BSoD's on > >> > this Terminal Server. > >> > > >> > The last series of STOP codes were these: > >> > Error code 000000ab, parameter1 00000001, parameter2 fffffd78, > >> > parameter3 00000000, parameter4 ffffffff. > >> > Error code 000000be, parameter1 f714a0b8, parameter2 bfc30121, > >> > parameter3 f78cea4c, parameter4 0000000b. > >> > Error code 00000050, parameter1 f7460000, parameter2 00000001, > >> > parameter3 80834bde, parameter4 00000000. > >> > Error code 000000ab, parameter1 00000004, parameter2 fffff338, > >> > parameter3 00000000, parameter4 ffffffff. > >> > Error code 000000ab, parameter1 00000013, parameter2 fffff5d8, > >> > parameter3 00000000, parameter4 ffffffff. > >> > Error code 000000ab, parameter1 00000001, parameter2 fffff510, > >> > parameter3 00000000, parameter4 ffffffff. > >> > Error code 00000050, parameter1 f7468000, parameter2 00000001, > >> > parameter3 80834bde, parameter4 00000000. > >> > > >> > Is anyone able to point me in the right direction at resolving > >> > this issue? > >> > > >> > Thanks in advance for any help you can provide. > >> > > >
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 Prev: TSE 2008 AND FUNCTION DOMAIN 2003 Next: Receiving error 4105 on licensing server - how can I eliminate it? |