none
windows2003 PV2出现蓝屏重启请问是什么问题 RRS feed

  • 问题

  • 我们这个机器是win server 2003系统,之前是物理机,然后PV2到vmware虚拟机,最近出现了蓝屏重启的现象,请帮忙分析下什么原因?windbg信息如下:


    Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [E:\Mini010219-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: srv*
    Executable search path is: 
    Unable to load image \WINDOWS\system32\ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
    Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs) Free x64
    Product: Server, suite: Enterprise TerminalServer SingleUserTS
    Machine Name:
    Kernel base = 0xfffff800`01000000 PsLoadedModuleList = 0xfffff800`011d5100
    Debug session time: Wed Jan  2 09:47:30.442 2019 (UTC + 8:00)
    System Uptime: 201 days 0:17:08.611
    Unable to load image \WINDOWS\system32\ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
    Loading Kernel Symbols
    .

    Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
    Run !sym noisy before .reload to track down problems loading symbols.

    ..............................................................
    ................................................................
    ...........
    Loading User Symbols
    Loading unloaded module list
    ...

    ************* Symbol Loading Error Summary **************
    Module name            Error
    ntoskrnl               The system cannot find the file specified

    You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
    You should also verify that your symbol search path (.sympath) is correct.
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck D1, {24, 2, 0, fffffadf26e229bb}

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Either you specified an unqualified symbol, or your debugger   ***
    ***    doesn't have full symbol information.  Unqualified symbol      ***
    ***    resolution is turned off by default. Please either specify a   ***
    ***    fully qualified symbol module!symbolname, or enable resolution ***
    ***    of unqualified symbols by typing ".symopt- 100". Note that     ***
    ***    enabling unqualified symbol resolution with network symbol     ***
    ***    server shares in the symbol path may cause the debugger to     ***
    ***    appear to hang for long periods of time when an incorrect      ***
    ***    symbol name is typed or the network symbol server is down.     ***
    ***                                                                   ***
    ***    For some commands to work properly, your symbol path           ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_EPROCESS                                  ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Either you specified an unqualified symbol, or your debugger   ***
    ***    doesn't have full symbol information.  Unqualified symbol      ***
    ***    resolution is turned off by default. Please either specify a   ***
    ***    fully qualified symbol module!symbolname, or enable resolution ***
    ***    of unqualified symbols by typing ".symopt- 100". Note that     ***
    ***    enabling unqualified symbol resolution with network symbol     ***
    ***    server shares in the symbol path may cause the debugger to     ***
    ***    appear to hang for long periods of time when an incorrect      ***
    ***    symbol name is typed or the network symbol server is down.     ***
    ***                                                                   ***
    ***    For some commands to work properly, your symbol path           ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Either you specified an unqualified symbol, or your debugger   ***
    ***    doesn't have full symbol information.  Unqualified symbol      ***
    ***    resolution is turned off by default. Please either specify a   ***
    ***    fully qualified symbol module!symbolname, or enable resolution ***
    ***    of unqualified symbols by typing ".symopt- 100". Note that     ***
    ***    enabling unqualified symbol resolution with network symbol     ***
    ***    server shares in the symbol path may cause the debugger to     ***
    ***    appear to hang for long periods of time when an incorrect      ***
    ***    symbol name is typed or the network symbol server is down.     ***
    ***                                                                   ***
    ***    For some commands to work properly, your symbol path           ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Either you specified an unqualified symbol, or your debugger   ***
    ***    doesn't have full symbol information.  Unqualified symbol      ***
    ***    resolution is turned off by default. Please either specify a   ***
    ***    fully qualified symbol module!symbolname, or enable resolution ***
    ***    of unqualified symbols by typing ".symopt- 100". Note that     ***
    ***    enabling unqualified symbol resolution with network symbol     ***
    ***    server shares in the symbol path may cause the debugger to     ***
    ***    appear to hang for long periods of time when an incorrect      ***
    ***    symbol name is typed or the network symbol server is down.     ***
    ***                                                                   ***
    ***    For some commands to work properly, your symbol path           ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Either you specified an unqualified symbol, or your debugger   ***
    ***    doesn't have full symbol information.  Unqualified symbol      ***
    ***    resolution is turned off by default. Please either specify a   ***
    ***    fully qualified symbol module!symbolname, or enable resolution ***
    ***    of unqualified symbols by typing ".symopt- 100". Note that     ***
    ***    enabling unqualified symbol resolution with network symbol     ***
    ***    server shares in the symbol path may cause the debugger to     ***
    ***    appear to hang for long periods of time when an incorrect      ***
    ***    symbol name is typed or the network symbol server is down.     ***
    ***                                                                   ***
    ***    For some commands to work properly, your symbol path           ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KTHREAD                                   ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Either you specified an unqualified symbol, or your debugger   ***
    ***    doesn't have full symbol information.  Unqualified symbol      ***
    ***    resolution is turned off by default. Please either specify a   ***
    ***    fully qualified symbol module!symbolname, or enable resolution ***
    ***    of unqualified symbols by typing ".symopt- 100". Note that     ***
    ***    enabling unqualified symbol resolution with network symbol     ***
    ***    server shares in the symbol path may cause the debugger to     ***
    ***    appear to hang for long periods of time when an incorrect      ***
    ***    symbol name is typed or the network symbol server is down.     ***
    ***                                                                   ***
    ***    For some commands to work properly, your symbol path           ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Either you specified an unqualified symbol, or your debugger   ***
    ***    doesn't have full symbol information.  Unqualified symbol      ***
    ***    resolution is turned off by default. Please either specify a   ***
    ***    fully qualified symbol module!symbolname, or enable resolution ***
    ***    of unqualified symbols by typing ".symopt- 100". Note that     ***
    ***    enabling unqualified symbol resolution with network symbol     ***
    ***    server shares in the symbol path may cause the debugger to     ***
    ***    appear to hang for long periods of time when an incorrect      ***
    ***    symbol name is typed or the network symbol server is down.     ***
    ***                                                                   ***
    ***    For some commands to work properly, your symbol path           ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    Probably caused by : ntoskrnl.wrong.symbols.exe ( nt_wrong_symbols!45D69A89490000 )

    Followup:     MachineOwner
    ---------

    2019年1月2日 5:08

答案

  • 您好,

    感谢您的回复。

    根据mini dump 的分析,可能是tcpip.sys 导致的。BugCheck D1常常是使用了不正确地址的驱动程序引起的。

    由于Microsoft 在2015 7 月14 号停止对Windows 2003 的支持,无法找到补丁来解决这个问题。

    我们可以更新network driver。

    请问您有查看event log 里有什么重启的报错吗?

    Best regards,



    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • 已标记为答案 Kay Ma 2019年1月7日 14:27
    2019年1月3日 6:32
    版主

全部回复

  • 您好,

    感谢您的回复。

    1. 由于您的symbol path 没有设置正确,您贴出的dump无法分析,请您把dump 文件上传到OneDrive。

    2. 请问问题发生前有做过什么改变吗?

    Best regards,


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2019年1月2日 9:31
    版主
  • 您好,连接如下:

    https://1drv.ms/u/s!ApGbZjjqZGZLmWA8MPcUir-6S0IH

    之前有过一个意外重启,但是这几个月来一直没有什么问题。

    2019年1月3日 1:33
  • 您好,

    感谢您的回复。

    根据mini dump 的分析,可能是tcpip.sys 导致的。BugCheck D1常常是使用了不正确地址的驱动程序引起的。

    由于Microsoft 在2015 7 月14 号停止对Windows 2003 的支持,无法找到补丁来解决这个问题。

    我们可以更新network driver。

    请问您有查看event log 里有什么重启的报错吗?

    Best regards,



    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • 已标记为答案 Kay Ma 2019年1月7日 14:27
    2019年1月3日 6:32
    版主
  • 您好,

    请问您的问题进展的怎么样了?

    我十分乐意帮助解决您的问题,希望您能及时给我一个反馈。

    Best regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2019年1月7日 1:39
    版主
  • event log 在重启之前没有什么错误,然后重启完有个KVM驱动报错,估计是之前物理机的时候安装的,现在是P2V虚拟机了,我看了下vmware tools提示过期,我更新了下,在观察看下。感谢!!
    2019年1月7日 14:27