询问者
Windows Server 2016 蓝屏
问题
-
【情景描述】:辅助域控蓝屏日志
【诉求】:IMAGE_NAME: ntoskrnl.exe,何故,如何解决?
Mini Kernel Dump File: Only registers and stack trace are available
WARNING: Inaccessible path: 'set _NT_SYMBOL_PATH=srvDownstreamStorehttps://msdl.microsoft.com/download/symbols'
Symbol search path is: set _NT_SYMBOL_PATH=srvDownstreamStorehttps://msdl.microsoft.com/download/symbols;SRV*C:\Symbols* http://msdl.microsoft.com/download/symbols
Executable search path is:
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 7 Kernel Version 14393 MP (8 procs) Free x64
Product: LanManNt, suite: TerminalServer DataCenter SingleUserTS
Built by: 14393.3383.amd64fre.rs1_release.191125-1816
Machine Name:
Kernel base = 0xfffff802`89a83000 PsLoadedModuleList = 0xfffff802`89d86020
Debug session time: Mon Jun 8 08:31:42.657 2020 (UTC + 8:00)
System Uptime: 1 days 9:23:52.259
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
.
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
..............................................................
................................................................
.......................
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {41792, fffffe0102a41c40, 2000000000000, 0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Probably caused by : ntoskrnl.exe ( nt+15ce00 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041792, The subtype of the bugcheck.
Arg2: fffffe0102a41c40
Arg3: 0002000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
MODULE_NAME: nt
FAULTING_MODULE: fffff80289a83000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 5ddcba81
BUGCHECK_STR: 0x1a_41792
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80289b0f330 to fffff80289bdfe00
STACK_TEXT:
ffffdb00`e9c46708 fffff802`89b0f330 : 00000000`0000001a 00000000`00041792 fffffe01`02a41c40 00020000`00000000 : nt+0x15ce00
ffffdb00`e9c46710 00000000`0000001a : 00000000`00041792 fffffe01`02a41c40 00020000`00000000 00000000`00000000 : nt+0x8c330
ffffdb00`e9c46718 00000000`00041792 : fffffe01`02a41c40 00020000`00000000 00000000`00000000 ffffdb00`e9c467d0 : 0x1a
ffffdb00`e9c46720 fffffe01`02a41c40 : 00020000`00000000 00000000`00000000 ffffdb00`e9c467d0 00000000`00000139 : 0x41792
ffffdb00`e9c46728 00020000`00000000 : 00000000`00000000 ffffdb00`e9c467d0 00000000`00000139 00000000`00000000 : 0xfffffe01`02a41c40
ffffdb00`e9c46730 00000000`00000000 : ffffdb00`e9c467d0 00000000`00000139 00000000`00000000 00000000`00000000 : 0x20000`00000000
STACK_COMMAND: kb
FOLLOWUP_IP:
nt+15ce00
fffff802`89bdfe00 48894c2408 mov qword ptr [rsp+8],rcx
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt+15ce00
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: ntoskrnl.exe
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041792, The subtype of the bugcheck.
Arg2: fffffe0102a41c40
Arg3: 0002000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
MODULE_NAME: nt
FAULTING_MODULE: fffff80289a83000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 5ddcba81
BUGCHECK_STR: 0x1a_41792
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80289b0f330 to fffff80289bdfe00
STACK_TEXT:
ffffdb00`e9c46708 fffff802`89b0f330 : 00000000`0000001a 00000000`00041792 fffffe01`02a41c40 00020000`00000000 : nt+0x15ce00
ffffdb00`e9c46710 00000000`0000001a : 00000000`00041792 fffffe01`02a41c40 00020000`00000000 00000000`00000000 : nt+0x8c330
ffffdb00`e9c46718 00000000`00041792 : fffffe01`02a41c40 00020000`00000000 00000000`00000000 ffffdb00`e9c467d0 : 0x1a
ffffdb00`e9c46720 fffffe01`02a41c40 : 00020000`00000000 00000000`00000000 ffffdb00`e9c467d0 00000000`00000139 : 0x41792
ffffdb00`e9c46728 00020000`00000000 : 00000000`00000000 ffffdb00`e9c467d0 00000000`00000139 00000000`00000000 : 0xfffffe01`02a41c40
ffffdb00`e9c46730 00000000`00000000 : ffffdb00`e9c467d0 00000000`00000139 00000000`00000000 00000000`00000000 : 0x20000`00000000
STACK_COMMAND: kb
FOLLOWUP_IP:
nt+15ce00
fffff802`89bdfe00 48894c2408 mov qword ptr [rsp+8],rcx
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt+15ce00
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: ntoskrnl.exe
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041792, The subtype of the bugcheck.
Arg2: fffffe0102a41c40
Arg3: 0002000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
MODULE_NAME: nt
FAULTING_MODULE: fffff80289a83000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 5ddcba81
BUGCHECK_STR: 0x1a_41792
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80289b0f330 to fffff80289bdfe00
STACK_TEXT:
ffffdb00`e9c46708 fffff802`89b0f330 : 00000000`0000001a 00000000`00041792 fffffe01`02a41c40 00020000`00000000 : nt+0x15ce00
ffffdb00`e9c46710 00000000`0000001a : 00000000`00041792 fffffe01`02a41c40 00020000`00000000 00000000`00000000 : nt+0x8c330
ffffdb00`e9c46718 00000000`00041792 : fffffe01`02a41c40 00020000`00000000 00000000`00000000 ffffdb00`e9c467d0 : 0x1a
ffffdb00`e9c46720 fffffe01`02a41c40 : 00020000`00000000 00000000`00000000 ffffdb00`e9c467d0 00000000`00000139 : 0x41792
ffffdb00`e9c46728 00020000`00000000 : 00000000`00000000 ffffdb00`e9c467d0 00000000`00000139 00000000`00000000 : 0xfffffe01`02a41c40
ffffdb00`e9c46730 00000000`00000000 : ffffdb00`e9c467d0 00000000`00000139 00000000`00000000 00000000`00000000 : 0x20000`00000000
STACK_COMMAND: kb
FOLLOWUP_IP:
nt+15ce00
fffff802`89bdfe00 48894c2408 mov qword ptr [rsp+8],rcx
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt+15ce00
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: ntoskrnl.exe
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041792, The subtype of the bugcheck.
Arg2: fffffe0102a41c40
Arg3: 0002000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
MODULE_NAME: nt
FAULTING_MODULE: fffff80289a83000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 5ddcba81
BUGCHECK_STR: 0x1a_41792
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80289b0f330 to fffff80289bdfe00
STACK_TEXT:
ffffdb00`e9c46708 fffff802`89b0f330 : 00000000`0000001a 00000000`00041792 fffffe01`02a41c40 00020000`00000000 : nt+0x15ce00
ffffdb00`e9c46710 00000000`0000001a : 00000000`00041792 fffffe01`02a41c40 00020000`00000000 00000000`00000000 : nt+0x8c330
ffffdb00`e9c46718 00000000`00041792 : fffffe01`02a41c40 00020000`00000000 00000000`00000000 ffffdb00`e9c467d0 : 0x1a
ffffdb00`e9c46720 fffffe01`02a41c40 : 00020000`00000000 00000000`00000000 ffffdb00`e9c467d0 00000000`00000139 : 0x41792
ffffdb00`e9c46728 00020000`00000000 : 00000000`00000000 ffffdb00`e9c467d0 00000000`00000139 00000000`00000000 : 0xfffffe01`02a41c40
ffffdb00`e9c46730 00000000`00000000 : ffffdb00`e9c467d0 00000000`00000139 00000000`00000000 00000000`00000000 : 0x20000`00000000
STACK_COMMAND: kb
FOLLOWUP_IP:
nt+15ce00
fffff802`89bdfe00 48894c2408 mov qword ptr [rsp+8],rcx
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt+15ce00
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: ntoskrnl.exe
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
1: kd> lmvm nt
start end module name
fffff802`89a83000 fffff802`8a29f000 nt T (no symbols)
Loaded symbol image file: ntoskrnl.exe
Image path: \SystemRoot\system32\ntoskrnl.exe
Image name: ntoskrnl.exe
Timestamp: Tue Nov 26 13:39:13 2019 (5DDCBA81)
CheckSum: 0077714B
ImageSize: 0081C000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
1: kd> !process
GetPointerFromAddress: unable to read from fffff80289cf7d20
全部回复
-
您好,
我们注意到这个帖子与另外一个帖子https://social.microsoft.com/Forums/zh-CN/7f8b73c1-54c4-4134-8d24-9859ee88d088/windows-server-2016-3401323631?forum=windowsserversystemzhchs为同一个帖,建议您移步到另外一个帖查看关于本问题的回复。
针对Windows 2008/2008R2的扩展支持将于2020年结束,之后微软将不再为其提供安全更新。点击此处或扫描二维码获取《在 Azure 上运行 Windows Server 的终极指南》,把握良机完成云迁移并实现业务现代化。
