Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BLUE SCREEN SERVER 2008


  • Please log in to reply
3 replies to this topic

#1 conway784

conway784

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 02 May 2017 - 08:31 AM

Hi Guys,

 

need your help. I am running server 2008 r2 service pack to on a HP Proliant ML350 G6. It randomly restarts(Blue screen). Nothing changes on this server except virus protection updates. I am running avg 2012 business. Norton is installed but disabled. Attached is my mini dump files.

 

Thank you for your help

Attached Files



BC AdBot (Login to Remove)

 


#2 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 3,024 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:07:39 AM

Posted 02 May 2017 - 08:51 AM

Hello,

There were two main bugchecks: STOP 0x00000050: PAGE_FAULT_IN_NONPAGED_AREA and STOP 0x1000007E: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M. From the latest dump file, indicating a STOP 0x1000007E: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M bugcheck, we see SYMTDIV.sys, a Symantec driver referenced in the stack:

3: kd> knL
 # Child-SP          RetAddr           Call Site
00 fffffa60`01d93b00 fffffa60`042d84b0 nt!KeAcquireSpinLockRaiseToDpc+0x13
01 fffffa60`01d93b30 00000000`00000001 SYMTDIV+0xe4b0
02 fffffa60`01d93b38 00000000`0002000a 0x1
03 fffffa60`01d93b40 fffffa60`043282e0 0x2000a
04 fffffa60`01d93b48 fffffa80`1141aca8 SYMTDIV+0x5e2e0
05 fffffa60`01d93b50 fffffa80`1141ac80 0xfffffa80`1141aca8
06 fffffa60`01d93b58 fffffa60`042d5a20 0xfffffa80`1141ac80
07 fffffa60`01d93b60 00000000`00000000 SYMTDIV+0xba20

It dates back from 2013:

3: kd> lm k vm SYMTDIV
start             end                 module name
fffffa60`042ca000 fffffa60`04341000   SYMTDIV  T (no symbols)           
    Loaded symbol image file: SYMTDIV.SYS
    Image path: \SystemRoot\system32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMTDIV.SYS
    Image name: SYMTDIV.SYS
    Timestamp:        Tue Apr 09 19:21:36 2013 (5164A280)
    CheckSum:         000703AF
    ImageSize:        00077000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Other older dump files indicate STOP 0x00000050: PAGE_FAULT_IN_NONPAGED_AREA bugchecks; some blame an AVG driver:

1: kd> knL
 # Child-SP          RetAddr           Call Site
00 fffffa60`066f4548 fffff800`022d39b0 nt!KeBugCheckEx
01 fffffa60`066f4550 fffff800`0226dcd9 nt! ?? ::FNODOBFM::`string'+0x2d48c
02 fffffa60`066f4630 fffffa60`035c3039 nt!KiPageFault+0x119
03 fffffa60`066f47c0 fffffa60`0460fd6e TDI!TdiCopyBufferToMdl+0x29
04 fffffa60`066f4830 00000000`00000080 avgtdia+0x4d6e
05 fffffa60`066f4838 fffffa60`0460fd1a 0x80
06 fffffa60`066f4840 fffffa80`110da550 avgtdia+0x4d1a
07 fffffa60`066f4848 fffffa80`126321d8 0xfffffa80`110da550
08 fffffa60`066f4850 00000000`00000000 0xfffffa80`126321d8
1: kd> lmkvm avgtdia
start             end                 module name
fffffa60`0460b000 fffffa60`0466d000   avgtdia  T (no symbols)           
    Loaded symbol image file: avgtdia.sys
    Image path: \SystemRoot\system32\DRIVERS\avgtdia.sys
    Image name: avgtdia.sys
    Timestamp:        Mon May 18 18:10:54 2015 (555A636E)
    CheckSum:         00066EEC
    ImageSize:        00062000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

And others have the Symantec driver again referenced in the "raw stack":

7: kd> dps fffffa60097b9000 fffffa60097bf000
...
fffffa60`097bea08  fffffa60`042e734eUnable to load image \SystemRoot\system32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMTDIV.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for SYMTDIV.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMTDIV.SYS
 SYMTDIV+0x2234e
...

So what does all this mean? Well, your two anti-viruses are conflicting with each other. This is an excellent example showing how an inactive anti-virus can still cause trouble. I'd uninstall BOTH anti-viruses, then reinstall the anti-virus that you would like to use.

Regards,
bwv848


Edited by bwv848, 02 May 2017 - 08:52 AM.

If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#3 conway784

conway784
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 06 May 2017 - 12:10 PM

I removed symantec(clean uninstall) and everything functioned great for two days. And now I am back to the bsod. I have attached the mini dump. 

 

 

I have not removed AVG. Thank you for your help



#4 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 3,024 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:07:39 AM

Posted 09 May 2017 - 04:57 PM

Replied to your new topic: https://www.bleepingcomputer.com/forums/t/646052/bsod-server-2008-r2/


If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users