询问者
分析DMP文件,引起系统蓝屏的原因
问题
-
有两台服务器,之前做过ROSE软件的系统文件热备操作。因为有一台服务器有蓝屏重启的故障,导致现在备机和主机都出现蓝屏重启的故障。
一以下是minidmp和MEMORY.DMP的文件内容,请大家帮忙分析一下是什么原因导致的;应该不是硬件问题。
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Administrator\Desktop\新建文件夹\071517-33009-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 7 Kernel Version 7600 MP (64 procs) Free x64
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 7600.21179.amd64fre.win7_ldr.120330-1504
Machine Name:
Kernel base = 0xfffff800`02464000 PsLoadedModuleList = 0xfffff800`02698eb0
Debug session time: Sat Jul 15 07:15:18.422 2017 (GMT+8)
System Uptime: 3 days 3:03:28.000
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
................................................................
...............
Loading User Symbols
Loading unloaded module list
............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {4, 2, 1, fffff800024dbdfd}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Probably caused by : ntoskrnl.exe ( nt+77dfd )
Followup: MachineOwner
---------
翻译如下:
Microsoft(R)Windows调试器版本6.11.0001.404 X86
版权所有(c)微软公司。版权所有。
加载转储文件[C:\ Users \ Administrator \ Desktop \新建文件夹\ 071517-33009-01.dmp]
迷你内核转储文件:只有寄存器和堆栈跟踪可用
符号搜索路径是:***无效***
************************************************** **************************
*符号加载可能不可靠,没有符号搜索路径。 *
*使用.symfix让调试器选择符号路径。 *
*设置符号路径后,使用.reload刷新符号位置。 *
************************************************** **************************
可执行搜索路径是:
************************************************** *******************
*符号路径未初始化时无法加载符号。 *
* *
*符号路径可以通过以下设置:*
*使用_NT_SYMBOL_PATH环境变量。 *
*启动调试器时使用-y <symbol_path>参数。 *
*使用.sympath和.sympath + *
************************************************** *******************
无法加载image \ SystemRoot \ system32 \ ntoskrnl.exe,Win32错误0n2
***警告:无法验证ntoskrnl.exe的时间戳
***错误:模块加载完成,但无法为ntoskrnl.exe加载符号
Windows 7内核版本7600 MP(64 procs)免费x64
产品:服务器,套件:Enterprise TerminalServer SingleUserTS
建于:7600.21179.amd64fre.win7_ldr.120330-1504
机名:
内核基数= 0xfffff800`02464000 PsLoadedModuleList = 0xfffff800`02698eb0
调试时间:星期六7月15日07:15:18.422 2017(GMT + 8)
系统正常运行时间:3天3:03:28.000
************************************************** *******************
*符号路径未初始化时无法加载符号。 *
* *
*符号路径可以通过以下设置:*
*使用_NT_SYMBOL_PATH环境变量。 *
*启动调试器时使用-y <symbol_path>参数。 *
*使用.sympath和.sympath + *
************************************************** *******************
无法加载image \ SystemRoot \ system32 \ ntoskrnl.exe,Win32错误0n2
***警告:无法验证ntoskrnl.exe的时间戳
***错误:模块加载完成,但无法为ntoskrnl.exe加载符号
加载内核符号
.................................................. .............
.................................................. ..............
...............
加载用户符号
加载卸载模块列表
............
************************************************** *****************************
* *
*错误检查分析*
* *
************************************************** *****************************
使用!analyze -v获取详细的调试信息。
BugCheck A,{4,2,1,fffff800024dbdfd}
*****内核符号错误。请修改符号进行分析。
************************************************** ***********************
*** ***
*** ***
***你的调试器没有使用正确的符号***
*** ***
***为了使此命令正常工作,您的符号路径***
***必须指向具有完整类型信息的.pdb文件。 ***
*** ***
***某些.pdb文件(如公共OS符号)不***
***包含所需的信息。联系小组***
***为您提供这些符号,如果你需要这个命令***
***工作。 ***
*** ***
***类型参考:nt!_KPRCB ***
*** ***
************************************************** ***********************
************************************************** ***********************
*** ***
*** ***
************************************************** *******************
*符号路径未初始化时无法加载符号。 *
* *
*符号路径可以通过以下设置:*
*使用_NT_SYMBOL_PATH环境变量。 *
*启动调试器时使用-y <symbol_path>参数。 *
*使用.sympath和.sympath + *
************************************************** *******************
************************************************** *******************
*符号路径未初始化时无法加载符号。 *
* *
*符号路径可以通过以下设置:*
*使用_NT_SYMBOL_PATH环境变量。 *
*启动调试器时使用-y <symbol_path>参数。 *
*使用.sympath和.sympath + *
************************************************** *******************
可能是由:ntoskrnl.exe(nt + 77dfd)
跟随:MachineOwnerMEMORY.DMP的文件内容如下:
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
*********************************************************************
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Administrator\Desktop\新建文件夹\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Windows 7 Kernel Version 7600 MP (64 procs) Free x64
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 7600.21179.amd64fre.win7_ldr.120330-1504
Machine Name:
Kernel base = 0xfffff800`02464000 PsLoadedModuleList = 0xfffff800`02698eb0
Debug session time: Sat Jul 15 07:15:18.422 2017 (GMT+8)
System Uptime: 3 days 3:03:28.000
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Loading Kernel Symbols
...............................................................
................................................................
...............
Loading User Symbols
Loading unloaded module list
............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {4, 2, 1, fffff800024dbdfd}
*** ERROR: Module load completed but symbols could not be loaded for msiscsi.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Probably caused by : msiscsi.sys ( msiscsi+72b6 )
Followup: MachineOwner翻译如下:
Microsoft(R)Windows调试器版本6.11.0001.404 X86
*符号路径未初始化时无法加载符号。 *
版权所有(c)微软公司。版权所有。
加载转储文件[C:\ Users \ Administrator \ Desktop \新建文件夹\ MEMORY.DMP]
内核摘要转储文件:只有内核地址空间可用
符号搜索路径是:***无效***
************************************************** **************************
*符号加载可能不可靠,没有符号搜索路径。 *
*使用.symfix让调试器选择符号路径。 *
*设置符号路径后,使用.reload刷新符号位置。 *
************************************************** **************************
可执行搜索路径是:
************************************************** *******************
*符号路径未初始化时无法加载符号。 *
* *
*符号路径可以通过以下设置:*
*使用_NT_SYMBOL_PATH环境变量。 *
*启动调试器时使用-y <symbol_path>参数。 *
*使用.sympath和.sympath + *
************************************************** *******************
***错误:找不到符号文件。默认为导出ntkrnlmp.exe的符号 -
Windows 7内核版本7600 MP(64 procs)免费x64
产品:服务器,套件:Enterprise TerminalServer SingleUserTS
建于:7600.21179.amd64fre.win7_ldr.120330-1504
机名:
内核基数= 0xfffff800`02464000 PsLoadedModuleList = 0xfffff800`02698eb0
调试时间:星期六7月15日07:15:18.422 2017(GMT + 8)
系统正常运行时间:3天3:03:28.000
************************************************** *******************
*符号路径未初始化时无法加载符号。 *
* *
*符号路径可以通过以下设置:*
*使用_NT_SYMBOL_PATH环境变量。 *
*启动调试器时使用-y <symbol_path>参数。 *
*使用.sympath和.sympath + *
************************************************** *******************
***错误:找不到符号文件。默认为导出ntkrnlmp.exe的符号 -
加载内核符号
.................................................. .............
.................................................. ..............
...............
加载用户符号
加载卸载模块列表
............
************************************************** *****************************
* *
*错误检查分析*
* *
************************************************** *****************************
使用!analyze -v获取详细的调试信息。
BugCheck A,{4,2,1,fffff800024dbdfd}
***错误:模块加载完成,但无法加载msiscsi.sys的符号
*****内核符号错误。请修改符号进行分析。
************************************************** ***********************
*** ***
*** ***
***你的调试器没有使用正确的符号***
*** ***
***为了使此命令正常工作,您的符号路径***
***必须指向具有完整类型信息的.pdb文件。 ***
*** ***
***某些.pdb文件(如公共OS符号)不***
***包含所需的信息。联系小组***
***为您提供这些符号,如果你需要这个命令***
***工作。 ***
*** ***
***类型参考:nt!_KPRCB ***
*** ***
************************************************** ***********************
************************************************** ***********************
* *
*符号路径可以通过以下设置:*
*使用_NT_SYMBOL_PATH环境变量。 *
*启动调试器时使用-y <symbol_path>参数。 *
*使用.sympath和.sympath + *
************************************************** *******************
************************************************** *******************
*符号路径未初始化时无法加载符号。 *
* *
*符号路径可以通过以下设置:*
*使用_NT_SYMBOL_PATH环境变量。 *
*启动调试器时使用-y <symbol_path>参数。 *
*使用.sympath和.sympath + *
************************************************** *******************
可能造成:msiscsi.sys(msiscsi + 72b6)
跟随:MachineOwner请大家帮忙分析,感谢!
全部回复
-
Hi,
>BugCheck A, {4, 2, 1, fffff800024dbdfd}, Probably caused by : ntoskrnl.exe ( nt+77dfd ), 可能造成:msiscsi.sys(msiscsi + 72b6)
在出现问题的server上,打开运行,输入“msinfo32”并回车。提供系统名称及版本。
建议您先尝试以下方法,以便于对问题做进一步的排查:
1. 打开CMD,输入“sfc /scannow”并回车,检查/修复系统文件。
2. 打开CMD,输入“chkdsk /r /f”并回车,检查/修复磁盘。
3. 检查并且安装Windows Update/Hotfix.
4. 确保BIOS和固件已经更新到最新版本。
更多建议可以参考“一般故障诊断步骤”:
https://support.microsoft.com/zh-cn/help/3106831/troubleshooting-stop-error-problems-for-it-pros
>三台服务器连接着一个爱数存储
请问是以什么方式连接到该存储呢? 建议您可以直接联系该硬件供应商/官方技术支持,确认下相关驱动的更新及版本。
Best Regards,
Eve WangPlease remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com. -
Hi,
>BugCheck A, {4, 2, 1, fffff800024dbdfd}, Probably caused by : ntoskrnl.exe ( nt+77dfd ), 可能造成:msiscsi.sys(msiscsi + 72b6)
在出现问题的server上,打开运行,输入“msinfo32”并回车。提供系统名称及版本。
建议您先尝试以下方法,以便于对问题做进一步的排查:
1. 打开CMD,输入“sfc /scannow”并回车,检查/修复系统文件。
2. 打开CMD,输入“chkdsk /r /f”并回车,检查/修复磁盘。
3. 检查并且安装Windows Update/Hotfix.
4. 确保BIOS和固件已经更新到最新版本。
更多建议可以参考“一般故障诊断步骤”:
https://support.microsoft.com/zh-cn/help/3106831/troubleshooting-stop-error-problems-for-it-pros
>三台服务器连接着一个爱数存储
请问是以什么方式连接到该存储呢? 建议您可以直接联系该硬件供应商/官方技术支持,确认下相关驱动的更新及版本。
Best Regards,
Eve Wang
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.1.爱数厂家的存储设备,是通过光纤网口传输,用服务器上的iscsi程序来连接。不过蓝屏故障出现前就不用了,长期关机状态
2.“sfc /scannow”和“chkdsk /r /f”命令都试过了,故障依旧。
3.已经用Windows Update更新了最新补丁。(Hotfix.没试过)
4.bios没有动过,因为之前一直很稳定。
