none
求助:服务器server 2008蓝屏,代码7E,dump文件如下! RRS feed

  • 问题

  • Microsoft (R) Windows Debugger Version 6.10.0003.233 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Users\zhuqianliang\Desktop\Mini032618-02.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: *** Invalid ***
    ****************************************************************************
    * Symbol loading may be unreliable without a symbol search path.           *
    * Use .symfix to have the debugger choose a symbol path.                   *
    * After setting your symbol path, use .reload to refresh symbol locations. *
    ****************************************************************************
    Executable search path is:
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    *                                                                   *
    * The Symbol Path can be set by:                                    *
    *   using the _NT_SYMBOL_PATH environment variable.                 *
    *   using the -y <symbol_path> argument when starting the debugger. *
    *   using .sympath and .sympath+                                    *
    *********************************************************************
    Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
    *** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
    Windows Server 2008/Windows Vista SP1 Kernel Version 6001 (Service Pack 1) MP (4 procs) Free x86 compatible
    Product: Server, suite: TerminalServer SingleUserTS
    Machine Name:
    Kernel base = 0x81a03000 PsLoadedModuleList = 0x81b1ac70
    Debug session time: Mon Mar 26 14:25:04.841 2018 (GMT+8)
    System Uptime: 0 days 2:55:15.744
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    *                                                                   *
    * The Symbol Path can be set by:                                    *
    *   using the _NT_SYMBOL_PATH environment variable.                 *
    *   using the -y <symbol_path> argument when starting the debugger. *
    *   using .sympath and .sympath+                                    *
    *********************************************************************
    Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
    *** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ........
    Loading User Symbols
    Loading unloaded module list
    ......
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 1000007E, {c0000005, 880c0413, 9137caa0, 9137c79c}

    *** WARNING: Unable to verify timestamp for afd.sys
    *** ERROR: Module load completed but symbols could not be loaded for afd.sys
    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!KPRCB                                      ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!KPRCB                                      ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    *                                                                   *
    * The Symbol Path can be set by:                                    *
    *   using the _NT_SYMBOL_PATH environment variable.                 *
    *   using the -y <symbol_path> argument when starting the debugger. *
    *   using .sympath and .sympath+                                    *
    *********************************************************************
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    *                                                                   *
    * The Symbol Path can be set by:                                    *
    *   using the _NT_SYMBOL_PATH environment variable.                 *
    *   using the -y <symbol_path> argument when starting the debugger. *
    *   using .sympath and .sympath+                                    *
    *********************************************************************
    Probably caused by : ntkrnlpa.exe ( nt+ed39f )

    Followup: MachineOwner
    ---------
    2018年3月27日 2:41

全部回复

  • 您好!

    感谢您的提问。

    根据代码“Your debugger is not using the correct symbols  ” 显示没有配置正确的symbol, 因此DUMP文件无法正确查看。

    请参阅以下关于Debugging with Symbol 链接对Symbol 进行设置。

    https://msdn.microsoft.com/en-us/library/windows/desktop/ee416588(v=vs.85).aspx

    https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/


    如果您还有什么需要帮助的地方请告诉我,我很乐意为您提供服务。

    感谢您的支持和理解,祝您工作愉快!

    Best regards, 

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    2018年3月28日 2:20
    版主
  • 您好,

    请问您的这个事件进展如何?有解决吗?

    如果您还有什么需要帮助的地方请告诉我,我很乐意为您提供服务。 

    感谢您的支持和理解,祝您周末愉快!

    Best regards,

    Michael



    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    2018年3月30日 12:27
    版主
  • 你好,已重新配置symbol,目前新的DUMP文件如下:

    Loading User Symbols
    Loading unloaded module list
    ......
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 1000007E, {c0000005, 88307413, 9d221aa0, 9d22179c}

    Probably caused by : afd.sys ( afd!AfdWskDispatchInternalDeviceControl+21 )

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
    This is a very common bugcheck.  Usually the exception address pinpoints
    the driver/function that caused the problem.  Always note this address
    as well as the link date of the driver/image that contains this address.
    Some common problems are exception code 0x80000003.  This means a hard
    coded breakpoint or assertion was hit, but this system was booted
    /NODEBUG.  This is not supposed to happen as developers should never have
    hardcoded breakpoints in retail code, but ...
    If this happens, make sure a debugger gets connected, and the
    system is booted /DEBUG.  This will let us see why this breakpoint is
    happening.
    Arguments:
    Arg1: c0000005, The exception code that was not handled
    Arg2: 88307413, The address that the exception occurred at
    Arg3: 9d221aa0, Exception Record Address
    Arg4: 9d22179c, Context Record Address

    Debugging Details:
    ------------------


    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx

    FAULTING_IP:
    +16
    88307413 8b36            mov     esi,dword ptr [esi]

    EXCEPTION_RECORD:  9d221aa0 -- (.exr 0xffffffff9d221aa0)
    ExceptionAddress: 88307413
       ExceptionCode: c0000005 (Access violation)
      ExceptionFlags: 00000000
    NumberParameters: 2
       Parameter[0]: 00000000
       Parameter[1]: 00000000
    Attempt to read from address 00000000

    CONTEXT:  9d22179c -- (.cxr 0xffffffff9d22179c)
    eax=88008570 ebx=81a50000 ecx=8539f6b0 edx=00507308 esi=00000000 edi=9d221b8c
    eip=88307413 esp=9d221b68 ebp=88307000 iopl=0         nv up ei ng nz na po nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010282
    88307413 8b36            mov     esi,dword ptr [esi]  ds:0023:00000000=????????
    Resetting default scope

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  NULL_DEREFERENCE

    PROCESS_NAME:  System

    CURRENT_IRQL:  0

    ERROR_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx

    EXCEPTION_PARAMETER1:  00000000

    EXCEPTION_PARAMETER2:  00000000

    READ_ADDRESS: GetPointerFromAddress: unable to read from 81b87868
    Unable to read MiSystemVaType memory at 81b67420
     00000000

    FOLLOWUP_IP:
    afd!AfdWskDispatchInternalDeviceControl+21
    9135f3b3 eb18            jmp     afd!AfdWskDispatchInternalDeviceControl+0x3b (9135f3cd)

    FAILED_INSTRUCTION_ADDRESS:
    +21
    88307413 8b36            mov     esi,dword ptr [esi]

    BUGCHECK_STR:  0x7E

    LAST_CONTROL_TRANSFER:  from 9135f3b3 to 88307413

    STACK_TEXT:  
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    9d221bd8 9135f3b3 9d221bf8 81b0c053 8644f2f8 0x88307413
    9d221be0 81b0c053 8644f2f8 86ce6ff0 86ce7400 afd!AfdWskDispatchInternalDeviceControl+0x21
    9d221bf8 91361bba 9d221c30 86ce7400 86d76e70 nt!IofCallDriver+0x63
    9d221c00 86ce7400 86d76e70 9d221c30 9174c785 afd!WskProAPISend+0x67
    9d221ca4 9a446bad 86ceda40 86ceda40 81aa2cf0 0x86ce7400
    9d221cb8 9a447575 9a41569c 86ceda40 00000000 srv!ExecuteTransaction+0x101
    9d221d30 9a41190e 86a76058 86a76020 86ceda48 srv!SrvSmbTransaction+0x76f
    9d221d54 9a421d30 00000000 88008570 00000000 srv!SrvProcessSmb+0x151
    9d221d7c 81c25a1c 00a76020 2f7bd678 00000000 srv!WorkerThread+0x132
    9d221dc0 81a7ea3e 9a421bfe 86a76020 00000000 nt!PspSystemThreadStartup+0x9d
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  afd!AfdWskDispatchInternalDeviceControl+21

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: afd

    IMAGE_NAME:  afd.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  4791912c

    STACK_COMMAND:  .cxr 0xffffffff9d22179c ; kb

    FAILURE_BUCKET_ID:  0x7E_BAD_IP_afd!AfdWskDispatchInternalDeviceControl+21

    BUCKET_ID:  0x7E_BAD_IP_afd!AfdWskDispatchInternalDeviceControl+21

    Followup: MachineOwner
    ---------

    0: kd> .exr 0xffffffff9d221aa0
    ExceptionAddress: 88307413
       ExceptionCode: c0000005 (Access violation)
      ExceptionFlags: 00000000
    NumberParameters: 2
       Parameter[0]: 00000000
       Parameter[1]: 00000000
    Attempt to read from address 00000000
    0: kd> lmvm afd
    start    end        module name
    9135c000 913a4000   afd        (pdb symbols)          c:\symbols\afd.pdb\7F1FAF0F8EA44BD8AAA9574367F26F892\afd.pdb
        Loaded symbol image file: afd.sys
        Mapped memory image file: c:\symbols\afd.sys\4791912C48000\afd.sys
        Image path: \SystemRoot\system32\drivers\afd.sys
        Image name: afd.sys
        Timestamp:        Sat Jan 19 13:57:00 2008 (4791912C)
        CheckSum:         0004A925
        ImageSize:        00048000
        File version:     6.0.6001.18000
        Product version:  6.0.6001.18000
        File flags:       0 (Mask 3F)
        File OS:          40004 NT Win32
        File type:        3.7 Driver
        File date:        00000000.00000000
        Translations:     0409.04b0
        CompanyName:      Microsoft Corporation
        ProductName:      Microsoft® Windows® Operating System
        InternalName:     afd.sys
        OriginalFilename: afd.sys
        ProductVersion:   6.0.6001.18000
        FileVersion:      6.0.6001.18000 (longhorn_rtm.080118-1840)
        FileDescription:  Ancillary Function Driver for WinSock
        LegalCopyright:   © Microsoft Corporation. All rights reserved.

    2018年5月8日 0:31
  • 你好,此前替换过系统ntkrnlpa文件,有半个月左右未蓝屏,但是最近又开始出现相同问题。
    2018年5月8日 0:33
  • 您好,

    感谢您的回复。

    请您理解本论坛主要针对的是排错问题和部署问题,对于这种蓝屏处理的问题,可能需要比较多dump的综合分析以及一些调试,我们论坛并不是处理这类问题合适的支持渠道,因此我们建议您向微软寻求企业咨询服务,以便您可以得到更快速的回应。

    https://support.microsoft.com/zh-cn/gp/support-options-for-business 

    感谢您的理解与支持,祝您工作顺利!

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    2018年5月8日 1:30
    版主