none
系统异常关机重启,求分析原因 RRS feed

  • 问题

  • 已从异常关机中恢复,请帮忙分析下异常关机原因

    dmp文件链接如下:链接:https://pan.baidu.com/s/1Ihe5s2zfH4V2pIf-rvXh0A 提取码:wtkw

    No .natvis files found at C:\WINDOWS\SYSTEM32\Visualizers.

    No .natvis files found at C:\Users\LiuRuyi\AppData\Local\Dbg\Visualizers.

    Microsoft (R) Windows Debugger Version 10.0.19041.1 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Users\Ruyi\Desktop\20210117服务器异常关机\011721-37143-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: srv*
    Executable search path is: 
    Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Either you specified an unqualified symbol, or your debugger   ***
    ***    doesn't have full symbol information.  Unqualified symbol      ***
    ***    resolution is turned off by default. Please either specify a   ***
    ***    fully qualified symbol module!symbolname, or enable resolution ***
    ***    of unqualified symbols by typing ".symopt- 100". Note that     ***
    ***    enabling unqualified symbol resolution with network symbol     ***
    ***    server shares in the symbol path may cause the debugger to     ***
    ***    appear to hang for long periods of time when an incorrect      ***
    ***    symbol name is typed or the network symbol server is down.     ***
    ***                                                                   ***
    ***    For some commands to work properly, your symbol path           ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_MMPTE_TRANSITION                          ***
    ***                                                                   ***
    *************************************************************************
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (12 procs) Free x64
    Product: Server, suite: TerminalServer SingleUserTS
    Built by: 7601.23677.amd64fre.win7sp1_ldr.170209-0600
    Machine Name:
    Kernel base = 0xfffff800`01a65000 PsLoadedModuleList = 0xfffff800`01ca7730
    Debug session time: Sun Jan 17 13:54:44.158 2021 (UTC + 8:00)
    System Uptime: 130 days 13:43:12.461
    Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Either you specified an unqualified symbol, or your debugger   ***
    ***    doesn't have full symbol information.  Unqualified symbol      ***
    ***    resolution is turned off by default. Please either specify a   ***
    ***    fully qualified symbol module!symbolname, or enable resolution ***
    ***    of unqualified symbols by typing ".symopt- 100". Note that     ***
    ***    enabling unqualified symbol resolution with network symbol     ***
    ***    server shares in the symbol path may cause the debugger to     ***
    ***    appear to hang for long periods of time when an incorrect      ***
    ***    symbol name is typed or the network symbol server is down.     ***
    ***                                                                   ***
    ***    For some commands to work properly, your symbol path           ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_MMPTE_TRANSITION                          ***
    ***                                                                   ***
    *************************************************************************
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ..........
    Loading User Symbols
    Loading unloaded module list
    ..................................................

    ************* Symbol Loading Error Summary **************
    Module name            Error
    ntoskrnl               The system cannot find the file specified

    You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
    You should also verify that your symbol search path (.sympath) is correct.
    Unable to add extension DLL: kdexts
    Unable to add extension DLL: kext
    Unable to add extension DLL: exts
    SECURE: File not allowed to be loaded - C:\WINDOWS\SYSTEM32\dbghelp.dll
    Error code: Win32 error 0n5
    The call to LoadLibrary(ext) failed, Win32 error 0n2
        "系统找不到指定的文件。"
    Please check your debugger configuration and/or network access.
    For analysis of this file, run !analyze -v

    • 已编辑 Ruyi66 2021年1月18日 9:36
    2021年1月18日 7:34

全部回复

  • 你好,

    看您给出的dump信息,这似乎和您本身的IIS有关。,

    PAGE_FAULT_IN_NONPAGED_AREA (50)
    Invalid system memory was referenced.

    因为memory_corruption,文件没有特别有效的信息记录。但是根据出现的信息来看。w3wp.exe和栈中出现的http的信息,应该和IIS有关。

    PROCESS_NAME: w3wp.exe

    还是请检查以下IIS的设置,例如IIS的性能选项,IIS pool中什么程序占用了大量的CPU,内存,或者是网页访问出现的问题。

    同时建议您检查更新,如果有安全更新需要安装请先进行安装,看问题是否还会出现。

    如果回答是有帮助的请将其标记为答案可以帮助其他有相同问题的社区成员并快速找到有用的答复。


    针对Windows 2008/2008R2的扩展支持将于2020年结束,之后微软将不再为其提供安全更新。点击此处或扫描二维码获取《在 Azure 上运行 Windows Server 的终极指南》,把握良机完成云迁移并实现业务现代化。

    2021年1月18日 10:15