none
系统异常蓝屏重启 RRS feed

  • 问题

  • 您好,最近服务器异常蓝屏重启过,以下是相关的dump信息,如果还需要其他的信息请让我知道,非常感谢。


    Loading Dump File [D:\020415-39889-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (48 procs) Free x64
    Product: Server, suite: Enterprise TerminalServer SingleUserTS
    Built by: 7601.18113.amd64fre.win7sp1_gdr.130318-1533
    Machine Name:
    Kernel base = 0xfffff800`01851000 PsLoadedModuleList = 0xfffff800`01a94670
    Debug session time: Wed Feb  4 00:49:12.339 2015 (UTC + 8:00)
    System Uptime: 78 days 7:20:12.896
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ..........
    Loading User Symbols
    Loading unloaded module list
    ..................................................
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 1A, {41790, fffffa80000c0390, ffff, 0}

    Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+35084 )

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    MEMORY_MANAGEMENT (1a)
        # Any other values for parameter 1 must be individually examined.
    Arguments:
    Arg1: 0000000000041790, The subtype of the bugcheck.
    Arg2: fffffa80000c0390
    Arg3: 000000000000ffff
    Arg4: 0000000000000000

    Debugging Details:
    ------------------


    BUGCHECK_STR:  0x1a_41790

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP

    PROCESS_NAME:  emdctl.exe

    CURRENT_IRQL:  0

    LAST_CONTROL_TRANSFER:  from fffff80001937d40 to fffff800018c6c00

    STACK_TEXT:  
    fffff880`08dde9a8 fffff800`01937d40 : 00000000`0000001a 00000000`00041790 fffffa80`000c0390 00000000`0000ffff : nt!KeBugCheckEx
    fffff880`08dde9b0 fffff800`018f97d9 : fffffa80`00000000 00000001`40012fff 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x35084
    fffff880`08ddeb70 fffff800`01897a04 : ffffffff`ffffffff 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiRemoveMappedView+0xd9
    fffff880`08ddec90 fffff800`01b80665 : fffffa80`50e97b30 00000000`00000001 fffffa80`31bb5850 00000000`00000000 : nt!MmCleanProcessAddressSpace+0x228
    fffff880`08ddece0 fffff800`018cfe44 : 00000000`00000000 fffff880`08ddfca0 fffffa80`50e97b00 fffff880`08ddedf8 : nt!PspProcessDelete+0x165
    fffff880`08dded40 fffff800`01b72a5b : fffff880`08ddfca0 00000000`0000002a 00000000`00000000 fffff8a0`082e9060 : nt!ObfDereferenceObject+0xd4
    fffff880`08ddeda0 fffff800`01b734e4 : 00000000`00000000 00000000`00270fa0 fffff880`08ddf6f0 fffffa80`332bbc10 : nt!PspAllocateProcess+0x13eb
    fffff880`08ddf080 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtCreateUserProcess+0x4a3


    STACK_COMMAND:  kb

    FOLLOWUP_IP: 
    nt! ?? ::FNODOBFM::`string'+35084
    fffff800`01937d40 cc              int     3

    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+35084

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: nt

    IMAGE_NAME:  ntkrnlmp.exe

    DEBUG_FLR_IMAGE_TIMESTAMP:  5147d9c6

    FAILURE_BUCKET_ID:  X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+35084

    BUCKET_ID:  X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+35084

    Followup: MachineOwner
    ---------

    0: kd> lmvm nt
    start             end                 module name
    fffff800`01851000 fffff800`01e37000   nt         (pdb symbols)          c:\symbols\ntkrnlmp.pdb\4406EA3F2CE044878BDFDEF95E07708E2\ntkrnlmp.pdb
        Loaded symbol image file: ntkrnlmp.exe
        Mapped memory image file: c:\symbols\ntoskrnl.exe\5147D9C65e6000\ntoskrnl.exe
        Image path: ntkrnlmp.exe
        Image name: ntkrnlmp.exe
        Timestamp:        Tue Mar 19 11:21:42 2013 (5147D9C6)
        CheckSum:         00552B17
        ImageSize:        005E6000
        File version:     6.1.7601.18113
        Product version:  6.1.7601.18113
        File flags:       0 (Mask 3F)
        File OS:          40004 NT Win32
        File type:        1.0 App
        File date:        00000000.00000000
        Translations:     0409.04b0
        CompanyName:      Microsoft Corporation
        ProductName:      Microsoft® Windows® Operating System
        InternalName:     ntkrnlmp.exe
        OriginalFilename: ntkrnlmp.exe
        ProductVersion:   6.1.7601.18113
        FileVersion:      6.1.7601.18113 (win7sp1_gdr.130318-1533)
        FileDescription:  NT Kernel & System
        LegalCopyright:   © Microsoft Corporation. All rights reserved.

    2015年3月3日 8:45

答案

  • 你好,

    能否让我知道下出现问题的server的具体版本信息?

    关于Bug Check 0x1A,这表明出现了一个严重的内存管理错误。请参考下面的文档,检查是否对你有帮助。(需要提醒的是,这是个英文版本文档。)

    Bug Check 0x1A: MEMORY_MANAGEMENT

    检查下server是不是有相关的内存问题。使用sfc /scannow命令来扫描下系统保护文件。安装所有必须的Windows Updates。此外,能否让我知道是否在这个有问题的server上安装了Oracle的软件?或其他的三方的安全防护软件?请执行下Clean Boot并检查是否问题仍然存在。

    正如你所知,对于这种内核崩溃的排错,我们需要分析dump file来找到根本原因。但在论坛上对dump file进行分析并不是很有效率的。如果这个问题对你来说比较紧急,请通过电话联系 Microsoft 客户服务和支持 (CSS)以便专用的支持专业人员可以帮助您。

    关于如何获得特定的技术支持的电话号码,请参阅下面列出的 web 站点:

    http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607

    希望这对你有帮助。

    Best regards,

    Justin Gu


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    2015年3月5日 9:46
    版主