询问者
WINDOWS SERVER 2016突然无故重启系统
问题
全部回复
-
你好,
如果出现重启,且生成了dump文件,需要看一下dump中是否记录了可能触发的相关信息。
您现在给出的信息只说明了这是一个内核的错误,同时调用hal.dll文件出现问题,导致重启。
根据0x00000133这个错误来说,可能是本身的驱动程序,系统文件,或者磁盘出现问题,可以进行的操作:
1.在厂商的官网下载主板芯片组,显卡驱动重新安装。同时您可以打开设备管理器看一下是否有黄色感叹号驱动不工作,也更新安装一下。
2.检查更新,如果有月度安全更新可以被检测到,请先安装更新,这会更新系统文件。
3.打开cmd命令框,右键管理员输入命令
chkdsk c: /f
如果回答是有帮助的, 请将其标记为答案, 可以帮助其他有相同问题的社区成员, 并快速找到有用的答复。
针对Windows 2008/2008R2的扩展支持将于2020年结束,之后微软将不再为其提供安全更新。点击此处或扫描二维码获取《在 Azure 上运行 Windows Server 的终极指南》,把握良机完成云迁移并实现业务现代化。
-
你好,
我已经把所有的驱动重新安装了一遍,每个月的月度更新都有安装,但是今天又重新启动了。我发不了图片,错误仍然是相同的,有生成Dump文件,
Dump文件:040621-76000-01.dmp
崩溃时间:2021/4/6 14:34:39
故障检查代码:0x00000133
参数1:00000000‘00000000
参数2:00000000’00000501
参数3:00000000‘00000500
参数4:fffff801`a5035540
导到处崩溃的驱动程序:hal.dll
产生崩溃的代码地址:hal.dll+4f760
文件描述:Hardware Abstraction Layer DLL
产品名称:Microsoft® Windows® Operating System
公司:Microsoft Corporation
文件版本:10.0.14393.3297 (rs1_release_1.191001-1045)
处理器:x64
崩溃地址:ntoskrnl.exe+15d2e0
- 已编辑 Robert lXG 2021年4月6日 8:04
-
你好,
感谢您的回复信息。
最新的版本应该是4月份,April 13, 2021—KB5001347 (OS Build 14393.4350),似乎您的版本好像是14393.3297,您可以在开始搜索框输入winver看一下是否是这个版本号。
看到您上传的信息还只是有关于ntoskrnl.exe内核的错误,并没有特别有效的信息有关于某个driver或者程序。
只生成了一个mini dump么,而且看您这个分析似乎使用的是bluescreen软件,请尝试用windDbg previewer这个工具分析下。
如果回答是有帮助的, 请将其标记为答案, 可以帮助其他有相同问题的社区成员, 并快速找到有用的答复。
针对Windows 2008/2008R2的扩展支持将于2020年结束,之后微软将不再为其提供安全更新。点击此处或扫描二维码获取《在 Azure 上运行 Windows Server 的终极指南》,把握良机完成云迁移并实现业务现代化。
-
************* Path validation summary ************** Response Time (ms) Location Deferred srv* Symbol search path is: srv* Executable search path is: Windows 10 Kernel Version 14393 MP (8 procs) Free x64 Product: Server, suite: TerminalServer SingleUserTS Built by: 14393.4104.amd64fre.rs1_release.201202-1742 Machine Name: Kernel base = 0xfffff801`5dc9b000 PsLoadedModuleList = 0xfffff801`5df9f0a0 Debug session time: Mon Apr 12 13:14:24.077 2021 (UTC + 8:00) System Uptime: 4 days 18:32:23.717 Loading Kernel Symbols .. Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long. Run !sym noisy before .reload to track down problems loading symbols. ............................................................. ................................................................ .............................................. Loading User Symbols Loading unloaded module list ............... For analysis of this file, run !analyze -v nt!KeBugCheckEx: fffff801`5ddf82e0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffb301`ab93dd90=0000000000000133 4: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DPC_WATCHDOG_VIOLATION (133) The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL or above. Arguments: Arg1: 0000000000000000, A single DPC or ISR exceeded its time allotment. The offending component can usually be identified with a stack trace. Arg2: 0000000000000501, The DPC time count (in ticks). Arg3: 0000000000000500, The DPC time allotment (in ticks). Arg4: fffff8015e041540, cast to nt!DPC_WATCHDOG_GLOBAL_TRIAGE_BLOCK, which contains additional information regarding this single DPC timeout Debugging Details: ------------------ ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: TickPeriods *** *** *** ************************************************************************* KEY_VALUES_STRING: 1 Key : Analysis.CPU.Sec Value: 1 Key : Analysis.DebugAnalysisProvider.CPP Value: Create: 8007007e on KCNDGD-703 Key : Analysis.DebugData Value: CreateObject Key : Analysis.DebugModel Value: CreateObject Key : Analysis.Elapsed.Sec Value: 1 Key : Analysis.Memory.CommitPeak.Mb Value: 67 Key : Analysis.System Value: CreateObject DUMP_FILE_ATTRIBUTES: 0x8 Kernel Generated Triage Dump BUGCHECK_CODE: 133 BUGCHECK_P1: 0 BUGCHECK_P2: 501 BUGCHECK_P3: 500 BUGCHECK_P4: fffff8015e041540 DPC_TIMEOUT_TYPE: SINGLE_DPC_TIMEOUT_EXCEEDED CUSTOMER_CRASH_COUNT: 1 PROCESS_NAME: System STACK_TEXT: ffffb301`ab93dd88 fffff801`5dcce507 : 00000000`00000133 00000000`00000000 00000000`00000501 00000000`00000500 : nt!KeBugCheckEx ffffb301`ab93dd90 fffff801`5dccb778 : 0003e98b`e8d81585 00000000`00000000 00000000`00000006 fffff780`00000320 : nt!KeAccumulateTicks+0x407 ffffb301`ab93ddf0 fffff801`5dc224e5 : ffffc388`e54c3000 ffffc388`e54c3000 00000000`00000001 ffffb301`ad40b8c0 : nt!KeClockInterruptNotify+0xb8 ffffb301`ab93df40 fffff801`5dd463f6 : ffff878e`ca084d04 00000000`00000001 00000000`00000006 00000000`00000004 : hal!HalpTimerClockIpiRoutine+0x15 ffffb301`ab93df70 fffff801`5ddf9ada : ffffb301`abe6e9f0 00000000`00000000 00000000`00000004 ffffc388`e6a88980 : nt!KiCallInterruptServiceRoutine+0x106 ffffb301`ab93dfb0 fffff801`5ddf9fc7 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiInterruptSubDispatchNoLockNoEtw+0xea ffffb301`abe6e970 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiInterruptDispatchNoLockNoEtw+0x37 SYMBOL_NAME: nt!KeAccumulateTicks+407 MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe IMAGE_VERSION: 10.0.14393.4104 STACK_COMMAND: .thread ; .cxr ; kb BUCKET_ID_FUNC_OFFSET: 407 FAILURE_BUCKET_ID: 0x133_DPC_nt!KeAccumulateTicks OS_VERSION: 10.0.14393.4104 BUILDLAB_STR: rs1_release OSPLATFORM_TYPE: x64 OSNAME: Windows 10 FAILURE_ID_HASH: {88dc98ce-f842-4daa-98d0-858621db6b0f} Followup: MachineOwner
-
上面是windDbg软件分析的结果,我是在一台win10打开的dump文件。
通过WindDbg软件看以前的Dump文件,大部份蓝屏都是这个SISIPSNetFilter.sys引起的。
- 已编辑 Robert lXG 2021年4月14日 15:03
-
Loading User Symbols Loading unloaded module list ........... For analysis of this file, run !analyze -v nt!KeBugCheckEx: fffff801`42d622e0 48894c2408 mov qword ptr [rsp+8],rcx ss:fffff801`44e02d90=0000000000000133 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DPC_WATCHDOG_VIOLATION (133) The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL or above. Arguments: Arg1: 0000000000000000, A single DPC or ISR exceeded its time allotment. The offending component can usually be identified with a stack trace. Arg2: 0000000000000501, The DPC time count (in ticks). Arg3: 0000000000000500, The DPC time allotment (in ticks). Arg4: fffff80142fab540, cast to nt!DPC_WATCHDOG_GLOBAL_TRIAGE_BLOCK, which contains additional information regarding this single DPC timeout Debugging Details: ------------------ *** WARNING: Unable to verify timestamp for SISIPSNetFilter.sys ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: TickPeriods *** *** *** ************************************************************************* Debugger extension ext.analyze execution is cancelled. PC: 00007ffa`03bb4b59 VA: 000000fb`0787ac30 R/W: 9 Parameter: 00000000`00000000 NatVis script unloaded from 'C:\Users\Administrator\Downloads\WinDbg Preview1.1910.3003.0\Microsoft.WinDbg_1.1910.3003.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\atlmfc.natvis' NatVis script unloaded from 'C:\Users\Administrator\Downloads\WinDbg Preview1.1910.3003.0\Microsoft.WinDbg_1.1910.3003.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\concurrency.natvis' NatVis script unloaded from 'C:\Users\Administrator\Downloads\WinDbg Preview1.1910.3003.0\Microsoft.WinDbg_1.1910.3003.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\cpp_rest.natvis' NatVis script unloaded from 'C:\Users\Administrator\Downloads\WinDbg Preview1.1910.3003.0\Microsoft.WinDbg_1.1910.3003.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\stl.natvis' NatVis script unloaded from 'C:\Users\Administrator\Downloads\WinDbg Preview1.1910.3003.0\Microsoft.WinDbg_1.1910.3003.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\Windows.Data.Json.natvis' NatVis script unloaded from 'C:\Users\Administrator\Downloads\WinDbg Preview1.1910.3003.0\Microsoft.WinDbg_1.1910.3003.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\Windows.Devices.Geolocation.natvis' NatVis script unloaded from 'C:\Users\Administrator\Downloads\WinDbg Preview1.1910.3003.0\Microsoft.WinDbg_1.1910.3003.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\Windows.Devices.Sensors.natvis' NatVis script unloaded from 'C:\Users\Administrator\Downloads\WinDbg Preview1.1910.3003.0\Microsoft.WinDbg_1.1910.3003.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\Windows.Media.natvis' NatVis script unloaded from 'C:\Users\Administrator\Downloads\WinDbg Preview1.1910.3003.0\Microsoft.WinDbg_1.1910.3003.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\windows.natvis' NatVis script unloaded from 'C:\Users\Administrator\Downloads\WinDbg Preview1.1910.3003.0\Microsoft.WinDbg_1.1910.3003.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\winrt.natvis' NatVis script unloaded from 'C:\Users\Administrator\Downloads\WinDbg Preview1.1910.3003.0\Microsoft.WinDbg_1.1910.3003.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\Kernel.natvis' Microsoft (R) Windows Debugger Version 10.0.19494.1001 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\Administrator\Desktop\031521-146937-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available ************* Path validation summary ************** Response Time (ms) Location Deferred srv* Symbol search path is: srv* Executable search path is: Windows 10 Kernel Version 14393 MP (8 procs) Free x64 Product: Server, suite: TerminalServer SingleUserTS Built by: 14393.4104.amd64fre.rs1_release.201202-1742 Machine Name: Kernel base = 0xfffff803`33285000 PsLoadedModuleList = 0xfffff803`335890a0 Debug session time: Mon Mar 15 12:19:38.659 2021 (UTC + 8:00) System Uptime: 5 days 2:02:42.862 Loading Kernel Symbols ............................................................... ................................................................ .................................................. Loading User Symbols Loading unloaded module list ............. For analysis of this file, run !analyze -v nt!KeBugCheckEx: fffff803`333e22e0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffbf01`af806d90=0000000000000133 5: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DPC_WATCHDOG_VIOLATION (133) The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL or above. Arguments: Arg1: 0000000000000000, A single DPC or ISR exceeded its time allotment. The offending component can usually be identified with a stack trace. Arg2: 0000000000000501, The DPC time count (in ticks). Arg3: 0000000000000500, The DPC time allotment (in ticks). Arg4: fffff8033362b540, cast to nt!DPC_WATCHDOG_GLOBAL_TRIAGE_BLOCK, which contains additional information regarding this single DPC timeout Debugging Details: ------------------ *** WARNING: Unable to verify timestamp for SISIPSNetFilter.sys ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: TickPeriods *** *** *** ************************************************************************* KEY_VALUES_STRING: 1 Key : Analysis.CPU.Sec Value: 1 Key : Analysis.DebugAnalysisProvider.CPP Value: Create: 8007007e on KCNDGD-703 Key : Analysis.DebugData Value: CreateObject Key : Analysis.DebugModel Value: CreateObject Key : Analysis.Elapsed.Sec Value: 198 Key : Analysis.Memory.CommitPeak.Mb Value: 67 Key : Analysis.System Value: CreateObject BUGCHECK_CODE: 133 BUGCHECK_P1: 0 BUGCHECK_P2: 501 BUGCHECK_P3: 500 BUGCHECK_P4: fffff8033362b540 DPC_TIMEOUT_TYPE: SINGLE_DPC_TIMEOUT_EXCEEDED CUSTOMER_CRASH_COUNT: 1 PROCESS_NAME: System STACK_TEXT: ffffbf01`af806d88 fffff803`332b8507 : 00000000`00000133 00000000`00000000 00000000`00000501 00000000`00000500 : nt!KeBugCheckEx ffffbf01`af806d90 fffff803`332b5778 : 00053fc1`2c84e4ff 00000000`00000000 00000000`00000006 fffff780`00000320 : nt!KeAccumulateTicks+0x407 ffffbf01`af806df0 fffff803`3320c4e5 : ffff8586`b12c3a00 ffff8586`b12c3a00 ffffbf01`af9a7d30 ffffbf01`af9a7c80 : nt!KeClockInterruptNotify+0xb8 ffffbf01`af806f40 fffff803`333303f6 : ffff1014`a8c4c411 00000000`00000001 00000000`00000006 00000000`00000004 : hal!HalpTimerClockIpiRoutine+0x15 ffffbf01`af806f70 fffff803`333e3ada : ffffbf01`af10d5a0 00000000`00000000 00000000`00000004 ffff8586`b290c980 : nt!KiCallInterruptServiceRoutine+0x106 ffffbf01`af806fb0 fffff803`333e3fc7 : 00000000`00000000 fffff807`6a361564 00000000`00000001 00000001`00000020 : nt!KiInterruptSubDispatchNoLockNoEtw+0xea ffffbf01`af10d520 fffff807`6a3639aa : fffff807`6a363940 ffff8586`c8a2b830 ffff8586`b2c24948 ffffbf01`af10d900 : nt!KiInterruptDispatchNoLockNoEtw+0x37 ffffbf01`af10d6b8 fffff807`6a363940 : ffff8586`c8a2b830 ffff8586`b2c24948 ffffbf01`af10d900 00000000`00000000 : SISIPSNetFilter+0x39aa ffffbf01`af10d6c0 ffff8586`c8a2b830 : ffff8586`b2c24948 ffffbf01`af10d900 00000000`00000000 00000000`00000006 : SISIPSNetFilter+0x3940 ffffbf01`af10d6c8 ffff8586`b2c24948 : ffffbf01`af10d900 00000000`00000000 00000000`00000006 ffffbf01`af10d820 : 0xffff8586`c8a2b830 ffffbf01`af10d6d0 ffffbf01`af10d900 : 00000000`00000000 00000000`00000006 ffffbf01`af10d820 ffffbf01`af67a610 : 0xffff8586`b2c24948 ffffbf01`af10d6d8 00000000`00000000 : 00000000`00000006 ffffbf01`af10d820 ffffbf01`af67a610 ffff8586`b1d55cb8 : 0xffffbf01`af10d900 SYMBOL_NAME: SISIPSNetFilter+39aa MODULE_NAME: SISIPSNetFilter IMAGE_NAME: SISIPSNetFilter.sys STACK_COMMAND: .thread ; .cxr ; kb BUCKET_ID_FUNC_OFFSET: 39aa FAILURE_BUCKET_ID: 0x133_DPC_SISIPSNetFilter!unknown_function OS_VERSION: 10.0.14393.4104 BUILDLAB_STR: rs1_release OSPLATFORM_TYPE: x64 OSNAME: Windows 10 FAILURE_ID_HASH: {6c1ab56e-4b2b-7255-c20f-b0b77806115b} Followup: MachineOwner ---------
