none
WINDOWS SERVER 2016突然无故重启系统 RRS feed

  • 问题

  • WINDOWS SERVER 2016突然无故重启系统,每次mini目录都Dump文件错误,但是事件查看器里面又没有错误。请帮忙分析一下是什么问题

    033121-113156-01.dmp

    故障代码是:0x00000133

    导致崩溃的代码地址是:hal.dll +4f760

    崩溃地址是:ntoskrnl.exe+15d2e0

    2021年4月1日 5:26

全部回复

  • 你好,

    如果出现重启,且生成了dump文件,需要看一下dump中是否记录了可能触发的相关信息。

    您现在给出的信息只说明了这是一个内核的错误,同时调用hal.dll文件出现问题,导致重启。

    根据0x00000133这个错误来说,可能是本身的驱动程序,系统文件,或者磁盘出现问题,可以进行的操作:

    1.在厂商的官网下载主板芯片组,显卡驱动重新安装。同时您可以打开设备管理器看一下是否有黄色感叹号驱动不工作,也更新安装一下。

    2.检查更新,如果有月度安全更新可以被检测到,请先安装更新,这会更新系统文件。

    3.打开cmd命令框,右键管理员输入命令

    chkdsk c: /f 

    如果回答是有帮助的请将其标记为答案可以帮助其他有相同问题的社区成员并快速找到有用的答复。


    针对Windows 2008/2008R2的扩展支持将于2020年结束,之后微软将不再为其提供安全更新。点击此处或扫描二维码获取《在 Azure 上运行 Windows Server 的终极指南》,把握良机完成云迁移并实现业务现代化。

    2021年4月2日 6:48
  • 你好,

    我已经把所有的驱动重新安装了一遍,每个月的月度更新都有安装,但是今天又重新启动了。我发不了图片,错误仍然是相同的,有生成Dump文件,

    Dump文件:040621-76000-01.dmp

    崩溃时间:2021/4/6 14:34:39

    故障检查代码:0x00000133

    参数1:00000000‘00000000

    参数2:00000000’00000501

    参数3:00000000‘00000500

    参数4:fffff801`a5035540

    导到处崩溃的驱动程序:hal.dll

    产生崩溃的代码地址:hal.dll+4f760

    文件描述:Hardware Abstraction Layer DLL

    产品名称:Microsoft® Windows® Operating System

    公司:Microsoft Corporation

    文件版本:10.0.14393.3297 (rs1_release_1.191001-1045)

    处理器:x64

    崩溃地址:ntoskrnl.exe+15d2e0


    2021年4月6日 7:43
  • 你好,

    感谢您的回复信息。

    最新的版本应该是4月份,April 13, 2021—KB5001347 (OS Build 14393.4350),似乎您的版本好像是14393.3297,您可以在开始搜索框输入winver看一下是否是这个版本号。

    看到您上传的信息还只是有关于ntoskrnl.exe内核的错误,并没有特别有效的信息有关于某个driver或者程序。

    只生成了一个mini dump么,而且看您这个分析似乎使用的是bluescreen软件,请尝试用windDbg previewer这个工具分析下。

    如果回答是有帮助的请将其标记为答案可以帮助其他有相同问题的社区成员并快速找到有用的答复。


    针对Windows 2008/2008R2的扩展支持将于2020年结束,之后微软将不再为其提供安全更新。点击此处或扫描二维码获取《在 Azure 上运行 Windows Server 的终极指南》,把握良机完成云迁移并实现业务现代化。

    2021年4月14日 6:32
  • ************* Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       srv*
    Symbol search path is: srv*
    Executable search path is: 
    Windows 10 Kernel Version 14393 MP (8 procs) Free x64
    Product: Server, suite: TerminalServer SingleUserTS
    Built by: 14393.4104.amd64fre.rs1_release.201202-1742
    Machine Name:
    Kernel base = 0xfffff801`5dc9b000 PsLoadedModuleList = 0xfffff801`5df9f0a0
    Debug session time: Mon Apr 12 13:14:24.077 2021 (UTC + 8:00)
    System Uptime: 4 days 18:32:23.717
    Loading Kernel Symbols
    ..
    
    Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
    Run !sym noisy before .reload to track down problems loading symbols.
    
    .............................................................
    ................................................................
    ..............................................
    Loading User Symbols
    Loading unloaded module list
    ...............
    For analysis of this file, run !analyze -v
    nt!KeBugCheckEx:
    fffff801`5ddf82e0 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:ffffb301`ab93dd90=0000000000000133
    4: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    DPC_WATCHDOG_VIOLATION (133)
    The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL
    or above.
    Arguments:
    Arg1: 0000000000000000, A single DPC or ISR exceeded its time allotment. The offending
    	component can usually be identified with a stack trace.
    Arg2: 0000000000000501, The DPC time count (in ticks).
    Arg3: 0000000000000500, The DPC time allotment (in ticks).
    Arg4: fffff8015e041540, cast to nt!DPC_WATCHDOG_GLOBAL_TRIAGE_BLOCK, which contains
    	additional information regarding this single DPC timeout
    
    Debugging Details:
    ------------------
    
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Either you specified an unqualified symbol, or your debugger   ***
    ***    doesn't have full symbol information.  Unqualified symbol      ***
    ***    resolution is turned off by default. Please either specify a   ***
    ***    fully qualified symbol module!symbolname, or enable resolution ***
    ***    of unqualified symbols by typing ".symopt- 100". Note that     ***
    ***    enabling unqualified symbol resolution with network symbol     ***
    ***    server shares in the symbol path may cause the debugger to     ***
    ***    appear to hang for long periods of time when an incorrect      ***
    ***    symbol name is typed or the network symbol server is down.     ***
    ***                                                                   ***
    ***    For some commands to work properly, your symbol path           ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: TickPeriods                                   ***
    ***                                                                   ***
    *************************************************************************
    
    KEY_VALUES_STRING: 1
    
        Key  : Analysis.CPU.Sec
        Value: 1
    
        Key  : Analysis.DebugAnalysisProvider.CPP
        Value: Create: 8007007e on KCNDGD-703
    
        Key  : Analysis.DebugData
        Value: CreateObject
    
        Key  : Analysis.DebugModel
        Value: CreateObject
    
        Key  : Analysis.Elapsed.Sec
        Value: 1
    
        Key  : Analysis.Memory.CommitPeak.Mb
        Value: 67
    
        Key  : Analysis.System
        Value: CreateObject
    
    
    DUMP_FILE_ATTRIBUTES: 0x8
      Kernel Generated Triage Dump
    
    BUGCHECK_CODE:  133
    
    BUGCHECK_P1: 0
    
    BUGCHECK_P2: 501
    
    BUGCHECK_P3: 500
    
    BUGCHECK_P4: fffff8015e041540
    
    DPC_TIMEOUT_TYPE:  SINGLE_DPC_TIMEOUT_EXCEEDED
    
    CUSTOMER_CRASH_COUNT:  1
    
    PROCESS_NAME:  System
    
    STACK_TEXT:  
    ffffb301`ab93dd88 fffff801`5dcce507 : 00000000`00000133 00000000`00000000 00000000`00000501 00000000`00000500 : nt!KeBugCheckEx
    ffffb301`ab93dd90 fffff801`5dccb778 : 0003e98b`e8d81585 00000000`00000000 00000000`00000006 fffff780`00000320 : nt!KeAccumulateTicks+0x407
    ffffb301`ab93ddf0 fffff801`5dc224e5 : ffffc388`e54c3000 ffffc388`e54c3000 00000000`00000001 ffffb301`ad40b8c0 : nt!KeClockInterruptNotify+0xb8
    ffffb301`ab93df40 fffff801`5dd463f6 : ffff878e`ca084d04 00000000`00000001 00000000`00000006 00000000`00000004 : hal!HalpTimerClockIpiRoutine+0x15
    ffffb301`ab93df70 fffff801`5ddf9ada : ffffb301`abe6e9f0 00000000`00000000 00000000`00000004 ffffc388`e6a88980 : nt!KiCallInterruptServiceRoutine+0x106
    ffffb301`ab93dfb0 fffff801`5ddf9fc7 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiInterruptSubDispatchNoLockNoEtw+0xea
    ffffb301`abe6e970 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiInterruptDispatchNoLockNoEtw+0x37
    
    
    SYMBOL_NAME:  nt!KeAccumulateTicks+407
    
    MODULE_NAME: nt
    
    IMAGE_NAME:  ntkrnlmp.exe
    
    IMAGE_VERSION:  10.0.14393.4104
    
    STACK_COMMAND:  .thread ; .cxr ; kb
    
    BUCKET_ID_FUNC_OFFSET:  407
    
    FAILURE_BUCKET_ID:  0x133_DPC_nt!KeAccumulateTicks
    
    OS_VERSION:  10.0.14393.4104
    
    BUILDLAB_STR:  rs1_release
    
    OSPLATFORM_TYPE:  x64
    
    OSNAME:  Windows 10
    
    FAILURE_ID_HASH:  {88dc98ce-f842-4daa-98d0-858621db6b0f}
    
    Followup:     MachineOwner
    2021年4月14日 14:28
  • 上面是windDbg软件分析的结果,我是在一台win10打开的dump文件。

    通过WindDbg软件看以前的Dump文件,大部份蓝屏都是这个SISIPSNetFilter.sys引起的。

    2021年4月14日 14:29
  • Loading User Symbols Loading unloaded module list ........... For analysis of this file, run !analyze -v nt!KeBugCheckEx: fffff801`42d622e0 48894c2408 mov qword ptr [rsp+8],rcx ss:fffff801`44e02d90=0000000000000133 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DPC_WATCHDOG_VIOLATION (133) The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL or above. Arguments: Arg1: 0000000000000000, A single DPC or ISR exceeded its time allotment. The offending component can usually be identified with a stack trace. Arg2: 0000000000000501, The DPC time count (in ticks). Arg3: 0000000000000500, The DPC time allotment (in ticks). Arg4: fffff80142fab540, cast to nt!DPC_WATCHDOG_GLOBAL_TRIAGE_BLOCK, which contains additional information regarding this single DPC timeout Debugging Details: ------------------ *** WARNING: Unable to verify timestamp for SISIPSNetFilter.sys ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: TickPeriods *** *** *** ************************************************************************* Debugger extension ext.analyze execution is cancelled. PC: 00007ffa`03bb4b59 VA: 000000fb`0787ac30 R/W: 9 Parameter: 00000000`00000000 NatVis script unloaded from 'C:\Users\Administrator\Downloads\WinDbg Preview1.1910.3003.0\Microsoft.WinDbg_1.1910.3003.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\atlmfc.natvis' NatVis script unloaded from 'C:\Users\Administrator\Downloads\WinDbg Preview1.1910.3003.0\Microsoft.WinDbg_1.1910.3003.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\concurrency.natvis' NatVis script unloaded from 'C:\Users\Administrator\Downloads\WinDbg Preview1.1910.3003.0\Microsoft.WinDbg_1.1910.3003.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\cpp_rest.natvis' NatVis script unloaded from 'C:\Users\Administrator\Downloads\WinDbg Preview1.1910.3003.0\Microsoft.WinDbg_1.1910.3003.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\stl.natvis' NatVis script unloaded from 'C:\Users\Administrator\Downloads\WinDbg Preview1.1910.3003.0\Microsoft.WinDbg_1.1910.3003.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\Windows.Data.Json.natvis' NatVis script unloaded from 'C:\Users\Administrator\Downloads\WinDbg Preview1.1910.3003.0\Microsoft.WinDbg_1.1910.3003.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\Windows.Devices.Geolocation.natvis' NatVis script unloaded from 'C:\Users\Administrator\Downloads\WinDbg Preview1.1910.3003.0\Microsoft.WinDbg_1.1910.3003.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\Windows.Devices.Sensors.natvis' NatVis script unloaded from 'C:\Users\Administrator\Downloads\WinDbg Preview1.1910.3003.0\Microsoft.WinDbg_1.1910.3003.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\Windows.Media.natvis' NatVis script unloaded from 'C:\Users\Administrator\Downloads\WinDbg Preview1.1910.3003.0\Microsoft.WinDbg_1.1910.3003.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\windows.natvis' NatVis script unloaded from 'C:\Users\Administrator\Downloads\WinDbg Preview1.1910.3003.0\Microsoft.WinDbg_1.1910.3003.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\winrt.natvis' NatVis script unloaded from 'C:\Users\Administrator\Downloads\WinDbg Preview1.1910.3003.0\Microsoft.WinDbg_1.1910.3003.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\Kernel.natvis' Microsoft (R) Windows Debugger Version 10.0.19494.1001 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\Administrator\Desktop\031521-146937-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available ************* Path validation summary ************** Response Time (ms) Location Deferred srv* Symbol search path is: srv* Executable search path is: Windows 10 Kernel Version 14393 MP (8 procs) Free x64 Product: Server, suite: TerminalServer SingleUserTS Built by: 14393.4104.amd64fre.rs1_release.201202-1742 Machine Name: Kernel base = 0xfffff803`33285000 PsLoadedModuleList = 0xfffff803`335890a0 Debug session time: Mon Mar 15 12:19:38.659 2021 (UTC + 8:00) System Uptime: 5 days 2:02:42.862 Loading Kernel Symbols ............................................................... ................................................................ .................................................. Loading User Symbols Loading unloaded module list ............. For analysis of this file, run !analyze -v nt!KeBugCheckEx: fffff803`333e22e0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffbf01`af806d90=0000000000000133 5: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DPC_WATCHDOG_VIOLATION (133) The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL or above. Arguments: Arg1: 0000000000000000, A single DPC or ISR exceeded its time allotment. The offending component can usually be identified with a stack trace. Arg2: 0000000000000501, The DPC time count (in ticks). Arg3: 0000000000000500, The DPC time allotment (in ticks). Arg4: fffff8033362b540, cast to nt!DPC_WATCHDOG_GLOBAL_TRIAGE_BLOCK, which contains additional information regarding this single DPC timeout Debugging Details: ------------------ *** WARNING: Unable to verify timestamp for SISIPSNetFilter.sys ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: TickPeriods *** *** *** ************************************************************************* KEY_VALUES_STRING: 1 Key : Analysis.CPU.Sec Value: 1 Key : Analysis.DebugAnalysisProvider.CPP Value: Create: 8007007e on KCNDGD-703 Key : Analysis.DebugData Value: CreateObject Key : Analysis.DebugModel Value: CreateObject Key : Analysis.Elapsed.Sec Value: 198 Key : Analysis.Memory.CommitPeak.Mb Value: 67 Key : Analysis.System Value: CreateObject BUGCHECK_CODE: 133 BUGCHECK_P1: 0 BUGCHECK_P2: 501 BUGCHECK_P3: 500 BUGCHECK_P4: fffff8033362b540 DPC_TIMEOUT_TYPE: SINGLE_DPC_TIMEOUT_EXCEEDED CUSTOMER_CRASH_COUNT: 1 PROCESS_NAME: System STACK_TEXT: ffffbf01`af806d88 fffff803`332b8507 : 00000000`00000133 00000000`00000000 00000000`00000501 00000000`00000500 : nt!KeBugCheckEx ffffbf01`af806d90 fffff803`332b5778 : 00053fc1`2c84e4ff 00000000`00000000 00000000`00000006 fffff780`00000320 : nt!KeAccumulateTicks+0x407 ffffbf01`af806df0 fffff803`3320c4e5 : ffff8586`b12c3a00 ffff8586`b12c3a00 ffffbf01`af9a7d30 ffffbf01`af9a7c80 : nt!KeClockInterruptNotify+0xb8 ffffbf01`af806f40 fffff803`333303f6 : ffff1014`a8c4c411 00000000`00000001 00000000`00000006 00000000`00000004 : hal!HalpTimerClockIpiRoutine+0x15 ffffbf01`af806f70 fffff803`333e3ada : ffffbf01`af10d5a0 00000000`00000000 00000000`00000004 ffff8586`b290c980 : nt!KiCallInterruptServiceRoutine+0x106 ffffbf01`af806fb0 fffff803`333e3fc7 : 00000000`00000000 fffff807`6a361564 00000000`00000001 00000001`00000020 : nt!KiInterruptSubDispatchNoLockNoEtw+0xea ffffbf01`af10d520 fffff807`6a3639aa : fffff807`6a363940 ffff8586`c8a2b830 ffff8586`b2c24948 ffffbf01`af10d900 : nt!KiInterruptDispatchNoLockNoEtw+0x37 ffffbf01`af10d6b8 fffff807`6a363940 : ffff8586`c8a2b830 ffff8586`b2c24948 ffffbf01`af10d900 00000000`00000000 : SISIPSNetFilter+0x39aa ffffbf01`af10d6c0 ffff8586`c8a2b830 : ffff8586`b2c24948 ffffbf01`af10d900 00000000`00000000 00000000`00000006 : SISIPSNetFilter+0x3940 ffffbf01`af10d6c8 ffff8586`b2c24948 : ffffbf01`af10d900 00000000`00000000 00000000`00000006 ffffbf01`af10d820 : 0xffff8586`c8a2b830 ffffbf01`af10d6d0 ffffbf01`af10d900 : 00000000`00000000 00000000`00000006 ffffbf01`af10d820 ffffbf01`af67a610 : 0xffff8586`b2c24948 ffffbf01`af10d6d8 00000000`00000000 : 00000000`00000006 ffffbf01`af10d820 ffffbf01`af67a610 ffff8586`b1d55cb8 : 0xffffbf01`af10d900 SYMBOL_NAME: SISIPSNetFilter+39aa MODULE_NAME: SISIPSNetFilter IMAGE_NAME: SISIPSNetFilter.sys STACK_COMMAND: .thread ; .cxr ; kb BUCKET_ID_FUNC_OFFSET: 39aa FAILURE_BUCKET_ID: 0x133_DPC_SISIPSNetFilter!unknown_function OS_VERSION: 10.0.14393.4104 BUILDLAB_STR: rs1_release OSPLATFORM_TYPE: x64 OSNAME: Windows 10 FAILURE_ID_HASH: {6c1ab56e-4b2b-7255-c20f-b0b77806115b} Followup: MachineOwner ---------

    2021年4月14日 15:05