none
windows server 2008 R2 SP1 非正常重启 RRS feed

  • 问题

  • 发现服务器非正常重启,查看日志:

    ID:1001

    计算机已经从检测错误后重新启动。检测错误: 0x0000001a (0x0000000000041284, 0x0000000002000001, 0x0000000000000000, 0xfffff70001080000)。已将转储的数据保存在: C:\Windows\MEMORY.DMP。报告 ID: 091512-37377-01。

    dmp文件内容:


    Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Users\administrator.SFDOMAIN\Desktop\MEMORY.DMP]
    Kernel Summary Dump File: Only kernel address space is available

    Symbol search path is: http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (24 procs) Free x64
    Product: Server, suite: Enterprise TerminalServer SingleUserTS
    Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
    Machine Name:
    Kernel base = 0xfffff800`01a0f000 PsLoadedModuleList = 0xfffff800`01c53670
    Debug session time: Wed Sep 19 21:39:20.254 2012 (GMT+8)
    System Uptime: 0 days 18:34:37.884
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    .........................
    Loading User Symbols
    PEB is paged out (Peb.Ldr = 00000000`7efdf018).  Type ".hh dbgerr001" for details
    Loading unloaded module list
    ..........
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck A, {fffff70440000e00, 0, 0, fffff80001ac0c23}

    Page 45fcc2 not present in the dump file. Type ".hh dbgerr004" for details
    PEB is paged out (Peb.Ldr = 00000000`7efdf018).  Type ".hh dbgerr001" for details
    PEB is paged out (Peb.Ldr = 00000000`7efdf018).  Type ".hh dbgerr001" for details
    Probably caused by : memory_corruption ( nt!MiUpdateWsleHash+1e3 )

    Followup: MachineOwner
    ---------

    5: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    IRQL_NOT_LESS_OR_EQUAL (a)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If a kernel debugger is available get the stack backtrace.
    Arguments:
    Arg1: fffff70440000e00, memory referenced
    Arg2: 0000000000000000, IRQL
    Arg3: 0000000000000000, bitfield :
     bit 0 : value 0 = read operation, 1 = write operation
     bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
    Arg4: fffff80001ac0c23, address which referenced memory

    Debugging Details:
    ------------------

    Page 45fcc2 not present in the dump file. Type ".hh dbgerr004" for details
    PEB is paged out (Peb.Ldr = 00000000`7efdf018).  Type ".hh dbgerr001" for details
    PEB is paged out (Peb.Ldr = 00000000`7efdf018).  Type ".hh dbgerr001" for details

    READ_ADDRESS:  fffff70440000e00

    CURRENT_IRQL:  0

    FAULTING_IP:
    nt!MiUpdateWsleHash+1e3
    fffff800`01ac0c23 4d3914c0        cmp     qword ptr [r8+rax*8],r10

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    BUGCHECK_STR:  0xA

    PROCESS_NAME:  NETSTAT.EXE

    TRAP_FRAME:  fffff8800b63ec50 -- (.trap 0xfffff8800b63ec50)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000076fac500 rbx=0000000000000000 rcx=0000000000000005
    rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff80001d47eb4 rsp=fffff8800b63ede0 rbp=fffff8800b63fca0
     r8=0000000000000005  r9=fffffa803afee790 r10=0000000000000020
    r11=fffff80001c86300 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl zr na po nc
    nt!PspWow64InitThread+0x64:
    fffff800`01d47eb4 8b04256003fe7f  mov     eax,dword ptr [SharedUserData+0x360 (00000000`7ffe0360)] ds:00000000`7ffe0360=771701b4
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from fffff80001a8d769 to fffff80001a8e1c0

    STACK_TEXT: 
    fffff880`0b63e508 fffff800`01a8d769 : 00000000`0000000a fffff704`40000e00 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
    fffff880`0b63e510 fffff800`01a8c3e0 : 00000000`00000000 fffff704`40000e00 fffff6fb`82200000 00000000`7ffe0011 : nt!KiBugCheckDispatch+0x69
    fffff880`0b63e650 fffff800`01ac0c23 : 00000000`00000000 00000000`00000801 00000000`00000000 7250694d`9cc0b867 : nt!KiPageFault+0x260
    fffff880`0b63e7e0 fffff800`01aa07a5 : 00000000`7ffe0011 fffffa80`242e09d0 fffffa80`242e0d68 00000000`00000000 : nt!MiUpdateWsleHash+0x1e3
    fffff880`0b63e850 fffff800`01aac89d : 00000000`0000001c 00000000`0000001b fffff700`01080000 fffffa80`242e0d68 : nt!MiUpdateWsle+0x3f5
    fffff880`0b63e8c0 fffff800`01aabf8f : 81c00000`001ba025 80000000`001ba121 00000000`00000000 fffffa80`242e09d0 : nt!MiCompleteProtoPteFault+0x2cd
    fffff880`0b63e950 fffff800`01aaaaa3 : 00000000`00460eeb 00000000`7ffe0360 fffff680`003fff00 fffffa80`242e0d68 : nt!MiResolveProtoPteFault+0x1cf
    fffff880`0b63e9e0 fffff800`01a9a749 : 00000000`00000000 00000000`7ffe0360 fffff880`0b63ec50 fffff680`00000000 : nt!MiDispatchFault+0x1c3
    fffff880`0b63eaf0 fffff800`01a8c2ee : 00000000`00000000 00000000`7ffe0360 fffffa80`00000000 00000000`0023fd20 : nt!MmAccessFault+0x359
    fffff880`0b63ec50 fffff800`01d47eb4 : fffff880`0b63fca0 fffff880`00000005 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x16e
    fffff880`0b63ede0 fffff800`01d76336 : 00000000`00001000 00000000`00000000 00000000`00000000 00000000`00000005 : nt!PspWow64InitThread+0x64
    fffff880`0b63ee60 fffff800`01d33552 : fffffa80`242e09d0 00000000`00000000 fffff880`0b63f601 fffff880`0b63f6f0 : nt!PspAllocateThread+0x6c5
    fffff880`0b63f080 fffff800`01a8d453 : 00000000`00000000 0000007f`ffffffff 00000000`00000000 00000980`00000000 : nt!NtCreateUserProcess+0x65d
    fffff880`0b63fbb0 00000000`76fd1dea : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    00000000`000edce8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76fd1dea


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    nt!MiUpdateWsleHash+1e3
    fffff800`01ac0c23 4d3914c0        cmp     qword ptr [r8+rax*8],r10

    SYMBOL_STACK_INDEX:  3

    SYMBOL_NAME:  nt!MiUpdateWsleHash+1e3

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: nt

    DEBUG_FLR_IMAGE_TIMESTAMP:  4fa390f3

    IMAGE_NAME:  memory_corruption

    FAILURE_BUCKET_ID:  X64_0xA_nt!MiUpdateWsleHash+1e3

    BUCKET_ID:  X64_0xA_nt!MiUpdateWsleHash+1e3

    Followup: MachineOwner
    ---------

    5: kd> .trap 0xfffff8800b63ec50
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000076fac500 rbx=0000000000000000 rcx=0000000000000005
    rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff80001d47eb4 rsp=fffff8800b63ede0 rbp=fffff8800b63fca0
     r8=0000000000000005  r9=fffffa803afee790 r10=0000000000000020
    r11=fffff80001c86300 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl zr na po nc
    nt!PspWow64InitThread+0x64:
    fffff800`01d47eb4 8b04256003fe7f  mov     eax,dword ptr [SharedUserData+0x360 (00000000`7ffe0360)] ds:00000000`7ffe0360=771701b4
    5: kd> lmvm nt
    start             end                 module name
    fffff800`01a0f000 fffff800`01ff7000   nt         (pdb symbols)          C:\Program Files\Debugging Tools for Windows (x64)\sym\ntkrnlmp.pdb\ABD176D2C7AE41B88BBF2837A09A462C2\ntkrnlmp.pdb
        Loaded symbol image file: ntkrnlmp.exe
        Image path: ntkrnlmp.exe
        Image name: ntkrnlmp.exe
        Timestamp:        Fri May 04 16:18:59 2012 (4FA390F3)
        CheckSum:         00555F80
        ImageSize:        005E8000
        File version:     6.1.7601.17835
        Product version:  6.1.7601.17835
        File flags:       0 (Mask 3F)
        File OS:          40004 NT Win32
        File type:        1.0 App
        File date:        00000000.00000000
        Translations:     0409.04b0
        CompanyName:      Microsoft Corporation
        ProductName:      Microsoft® Windows® Operating System
        InternalName:     ntkrnlmp.exe
        OriginalFilename: ntkrnlmp.exe
        ProductVersion:   6.1.7601.17835
        FileVersion:      6.1.7601.17835 (win7sp1_gdr.120503-2030)
        FileDescription:  NT Kernel & System
        LegalCopyright:   © Microsoft Corporation. All rights reserved.

    请问是什么原因,如何解决,谢谢

    2012年9月20日 7:53

答案

  • 您好! 

    由于造成计算机自动重启的原因较多,我们建议您尝试以下步骤进行排错:

    1. 请您尝试做一次Clean Boot

    a. 运行MSCONFIG

    b. 在常规下选择 选择性启动

    c. 然后清除Process System.ini File, Process Win.ini FileLoad Startup Items 的复选框,但是保留使用原始Boot.ini

    d. 在服务下,先点隐藏所有windows 服务,然后选择 disable all.

    e. 然后重新启动。观察问题是否依旧发生。

    关于Clean boot的详细步骤请您查看:

    http://support.microsoft.com/kb/310353/zh-cn

    另外,我还建议您尝试以下操作:

    a. 从光盘启动计算机,启动故障恢复控制台,然后使用 Chkdsk 命令行实用工具,确定硬盘或文件系统未损坏。

    b. 进入微软网站,更新所有系统补丁。

    希望我的回答对您有所帮助,如果有不清楚的地方,请告诉我。       


    如果您对我们的论坛在线支持服务有任何的意见或建议,请通过邮件告诉我们。
    Description: Description: TechNet 论坛好帮手立刻免费下载  TechNet 论坛好帮手

    2012年9月21日 3:20
    版主

全部回复

  • 您好! 

    由于造成计算机自动重启的原因较多,我们建议您尝试以下步骤进行排错:

    1. 请您尝试做一次Clean Boot

    a. 运行MSCONFIG

    b. 在常规下选择 选择性启动

    c. 然后清除Process System.ini File, Process Win.ini FileLoad Startup Items 的复选框,但是保留使用原始Boot.ini

    d. 在服务下,先点隐藏所有windows 服务,然后选择 disable all.

    e. 然后重新启动。观察问题是否依旧发生。

    关于Clean boot的详细步骤请您查看:

    http://support.microsoft.com/kb/310353/zh-cn

    另外,我还建议您尝试以下操作:

    a. 从光盘启动计算机,启动故障恢复控制台,然后使用 Chkdsk 命令行实用工具,确定硬盘或文件系统未损坏。

    b. 进入微软网站,更新所有系统补丁。

    希望我的回答对您有所帮助,如果有不清楚的地方,请告诉我。       


    如果您对我们的论坛在线支持服务有任何的意见或建议,请通过邮件告诉我们。
    Description: Description: TechNet 论坛好帮手立刻免费下载  TechNet 论坛好帮手

    2012年9月21日 3:20
    版主
  • 这台服务器是生产系统,您给的测试解决方案不大可行
    2012年9月21日 9:08
  • 您好!         

    如果您出现问题的服务器是在生产环境的话,我们建议您在服务器较为空闲的时候执行该操作,尝试解决该问题。

    希望我的回答对您有所帮助。


    如果您对我们的论坛在线支持服务有任何的意见或建议,请通过邮件告诉我们。
    Description: Description: TechNet 论坛好帮手立刻免费下载  TechNet 论坛好帮手

    2012年10月8日 9:12
    版主