Jump to content
Sign in to follow this  
garu

Blue dump issue windows 2003 server

Recommended Posts

Hi,

1>we have found out that blue dump issue is coming on windows server 2003 r2, previously installed ks4ws(10.1.1.746).

2> we have  uninstall  ks4ws(10.1.1746) rebooted the system and installed sp1mr4 remotely still the same issue

3> we have checked and found out esset file security  is there, so we have uninstall  eset file security but the issue remains same.

4> net-worm issue is coming ,so we have run the kvrt tool, block 139 and 445 and install the security updates as well

We have collected the memory dump ,gsi log and events log. Kindly help to resolve the issue.

Kindly access the below link for memory dump & GSI

"https://drive.google.com/drive/folders/1NWfpr7r1kqXU8tj1UwW0t08g8mUplw4H?usp=sharing"

Thank You

Share this post


Link to post

hi,

what is your expertise finding on the logs which I have provided?

BR

Share this post


Link to post

Hi,

It's working fine without av but after installing av its getting rebooted & BSOD error is coming. It's happening abruptly.

BR

Share this post


Link to post
8 часов назад, garu сказал:

Hi,

It's working fine without av but after installing av its getting rebooted & BSOD error is coming. It's happening abruptly.

BR

Hello!

Please describe on what stage the BSOD presists.

What actions can cause it or it happens randomly?

Thank you!

Share this post


Link to post

Hello,

By the dump it seems like a network stack issue:

FAULTING_MODULE: 80800000 nt

DEBUG_FLR_IMAGE_TIMESTAMP:  3f9ef2d7

READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPagedPoolEnd
unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
 0001000b 

CURRENT_IRQL:  0

FAULTING_IP: 
tcpip!IPGetAddrType+3a62
b9be6aa0 395e0c          cmp     dword ptr [esi+0Ch],ebx

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0xD1

ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre

LAST_CONTROL_TRANSFER:  from b9be6aa0 to 8088e730

STACK_TEXT:  
WARNING: Stack unwind information not available. Following frames may be wrong.
8089c0d0 b9be6aa0 badb0d00 00001eb0 8089c0f8 nt!Kei386EoiHelper+0x27d8
8089c158 b9be6902 460210ac 460210ac 00005ecd tcpip!IPGetAddrType+0x3a62
8089c240 b9be2ffc 8b912bd0 460210ac 5b0210ac tcpip!IPGetAddrType+0x38c4
8089c2a0 b9be1242 00000020 8b912bd0 b9be6770 tcpip!IPRcvComplete+0x1cc1
8089c330 b9be1468 8b912bd0 8b4a202c 000005c8 tcpip!IPRcvPacket+0x27b
8089c370 b9be12fb 00000000 8b8a6718 8b4a200a tcpip!IPRcvComplete+0x12d
8089c3c8 ba8a3208 8b5c3008 8b8a6718 8b579008 tcpip!IPRcvPacket+0x334
8089c41c ba08659e 8b673130 8089c45c 00000001 NDIS!FddiFilterDprIndicateReceive+0x1205
8089c56c ba087471 00579008 8089c59b 8b673130 e1000325+0x59e
8089c590 ba898466 00579008 ffdffa40 8b579470 e1000325+0x1471
8089c5a8 80832cfc 8b579470 8b57945c 00000000 NDIS!NdisCompletePnPEvent+0xee9
8089c600 8088fbdf 00000000 0000000e 00000000 nt!ZwYieldExecution+0x24c8
8089fb40 00000000 8089fb48 8089fb48 8089fb50 nt!KiDispatchInterrupt+0x32f

And in the dump there are KES drivers present, so I'd say it can be related to the dump:

kd> lmvm kneps
start    end        module name
b99e3000 b9a04280   kneps      (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\kneps.sys
    Image name: kneps.sys
[..]
    FileVersion:      5.2.2.47 built by: WinDDK
    FileDescription:  KNEPS Power [fre_wxp_x86]
    LegalCopyright:   Copyright © Kaspersky Lab ZAO 1996-2012.

If you have a dump with KSWS 10.1.1 installed, please share it with me - we'll see what is the cause of the issue. By the way, there's a patch for KSWS 10.1.1 already (Core3), there are fixes that could improve the driver stability as well, so maybe it's a good idea to request this patch from our Support Service.

Share this post


Link to post

Hi,

blue dump issue on win7 sp1

all version tried like - kes10sp2mr3 as well as Kes11

bu the result is same.

Please find the GSI & complete Memory dump. Please help us to resolve the issue.

Download link
https://wetransfer.com/downloads/1f9b2a0de2893d4977d2d34bc570c1db20190520104906/995cb24a5f107ae6a65fc3d8d664cbb320190520104906/204efe

1 file
GetSystemInfo_IND-DT-01454_Parina Nagar_2019_05_20_16_06_15.zip

 

Download link
https://wetransfer.com/downloads/9270280706ea74945605255644d324f320190520055230/a464e95c5a334ed50e1e5185d734b0cb20190520055230/a84850

1 file
MEMORY.DMP

 

BR

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.