Server crashed trying to find the cause

Home Forums Server Operating Systems Windows Server 2012 / 2012 R2 Server crashed trying to find the cause

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    jason0923
    Member
    #164676

    I’m trying to find the cause of our server crashing. It creates a memory.dmp file. I used a tool to look at it and the below is the output. But I can’t find the cause in here can anyone else read these?

    Microsoft (R) Windows Debugger Version 6.3.9600.16384 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.

    Loading Dump File [C:User DataMEMORY.DMP]
    Kernel Bitmap Dump File: Only kernel address space is available

    ************* Symbol Path validation summary **************
    Response Time (ms) Location
    Deferred SRV*C:Windowssymbol_cache*http://msdl.microsoft.com/download/symbols
    Symbol search path is: SRV*C:Windowssymbol_cache*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows 8 Kernel Version 9600 MP (2 procs) Free x64
    Product: Server, suite: TerminalServer SingleUserTS
    Built by: 9600.17041.amd64fre.winblue_gdr.140305-1710
    Machine Name:
    Kernel base = 0xfffff80323272000 PsLoadedModuleList = 0xfffff8032353c2d0
    Debug session time: Thu Dec 18 13:05:51.341 2014 (UTC – 6:00)
    System Uptime: 22 days 5:21:12.521
    Loading Kernel Symbols
    ………………………………………………………
    ……………………………………Page 1219dd not present in the dump file. Type “.hh dbgerr004” for details
    ………………….
    ….
    Loading User Symbols
    …………………………………………………….
    Loading unloaded module list
    ……………………………………………………………..
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck EF, {ffffe001e3a74080, 0, 0, 0}

    Page 1219dd not present in the dump file. Type “.hh dbgerr004” for details
    Probably caused by : wininit.exe

    Followup: MachineOwner



    0: kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    CRITICAL_PROCESS_DIED (ef)
    A critical system process died
    Arguments:
    Arg1: ffffe001e3a74080, Process object or thread object
    Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
    Arg3: 0000000000000000
    Arg4: 0000000000000000

    Debugging Details:



    Page 1219dd not present in the dump file. Type “.hh dbgerr004” for details

    PROCESS_OBJECT: ffffe001e3a74080

    IMAGE_NAME: wininit.exe

    DEBUG_FLR_IMAGE_TIMESTAMP: 0

    MODULE_NAME: wininit

    FAULTING_MODULE: 0000000000000000

    PROCESS_NAME: WmiPrvSE.exe

    BUGCHECK_STR: 0xEF_WmiPrvSE.exe

    DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

    CURRENT_IRQL: 0

    ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre

    LAST_CONTROL_TRANSFER: from fffff80323881dbc to fffff803233c5fa0

    STACK_TEXT:
    ffffd0003ca7fae8 fffff80323881dbc : 00000000000000ef ffffe001e3a74080 0000000000000000 0000000000000000 : nt!KeBugCheckEx
    ffffd0003ca7faf0 fffff803237a42ae : ffffe001e3a74080 0000000000000000 0000000000000000 0000000000000000 : nt!PspCatchCriticalBreak+0xa4
    ffffd0003ca7fb30 fffff803236010e9 : ffffe001e3a74080 ffffe001ef20a900 ffffe001e3a74080 ffffe001e3a74080 : nt! ?? ::NNGAKEGL::string’+0x7bce
    ffffd000
    3ca7fb90 fffff80323600e76 : ffffffffffffffff ffffe001ef20a900 ffffe001e3a74080 ffffe001efc3c080 : nt!PspTerminateProcess+0xe5
    ffffd000
    3ca7fbd0 fffff803233d17b3 : ffffe001e3a74080 ffffe001efc3c080 ffffd0003ca7fcc0 0000000100c3a7d0 : nt!NtTerminateProcess+0x9e
    ffffd000
    3ca7fc40 00007ffd5629ae4a : 00007ffd5388c1f9 0000000000000000 0000000100000000 0000000000000444 : nt!KiSystemServiceCopyEnd+0x13
    00000001
    00ded7d8 00007ffd5388c1f9 : 0000000000000000 0000000100000000 0000000000000444 0000000000000000 : ntdll!NtTerminateProcess+0xa
    00000001
    00ded7e0 00007ffd4e886ae2 : 0000000000000000 00007ffd4e83ffd8 0000000100ded890 0000000000000444 : KERNELBASE!TerminateProcess+0x25
    00000001
    00ded810 00007ffd4e88282c : 0000000000000003 0000000100c3a260 000000010000019c 0000000100c045a0 : cimwin32!Process::ExecTerminate+0x12e
    00000001
    00ded880 00007ffd502b76f2 : 0000000100c3a650 0000000000000000 00007ffd4e9b8930 0000000101e210f0 : cimwin32!CSecureKernelObj::AllAccessMask+0x110be
    00000001
    00ded8c0 00007ffd502b7456 : 0000000100c3a650 0000000000000000 0000000000000000 0000000100c3a7d0 : framedynos!Provider::ExecMethod+0x9a
    00000001
    00ded940 00007ff766c7a1c7 : 0000000101e3bdf0 0000000100118630 0000000100118620 0000000101e7d3e0 : framedynos!CWbemProviderGlue::ExecMethodAsync+0x3ca
    00000001
    00dedf50 00007ff766c79e24 : 0000000000000000 0000000000000000 0000000100dee091 0000000000000000 : wmiprvse!CInterceptor_IWbemSyncProvider::Helper_ExecMethodAsync+0x2f7
    00000001
    00dee010 00007ffd55cf2385 : 0000000100000000 0000000101d34828 0000000101e51468 0000000000000000 : wmiprvse!CInterceptor_IWbemSyncProvider::ExecMethodAsync+0x134
    00000001
    00dee0e0 00007ffd55cfae16 : 0000000100dee590 00007ffd49ef1a42 0000000100143768 000000010017f9b0 : RPCRT4!Invoke+0x65
    00000001
    00dee160 00007ffd54084bd2 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : RPCRT4!NdrStubCall2+0x38b
    00000001
    00dee7e0 00007ffd54080f13 : 0000000000000001 000000010013f120 0000000000000000 00007ffd54083eb1 : combase!CStdStubBuffer_Invoke+0x99 [d:blue_gdrcomcombasendrndrolestub.cxx @ 1582]
    00000001
    00dee810 00007ffd53f13efc : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : combase!SyncStubInvoke+0x300 [d:blue_gdrcomcombasedcomremchannelb.cxx @ 1664]
    00000001
    00dee9b0 00007ffd540811ed : 0000000000000000 0000000000000000 000083ad95b58220 0000000000000000 : combase!CCtxComChnl::ContextInvoke+0x27c [d:blue_gdrcomcombasedcomremctxchnl.cxx @ 1377]
    00000001
    00deebc0 00007ffd5408096b : 000000010013f120 00007ffd53fb3fd8 0000000100def130 00007ffd54080791 : combase!AppInvoke+0x18d [d:blue_gdrcomcombasedcomremchannelb.cxx @ 1481]
    00000001
    00deecf0 00007ffd5408182a : 0000000000000000 0000000000070005 0000000100124220 0000000000000000 : combase!ComInvokeWithLockAndIPID+0x661 [d:blue_gdrcomcombasedcomremchannelb.cxx @ 2314]
    00000001
    00deef30 00007ffd55cf2614 : 0000000000000000 0000000000000000 00007ffd53fb3460 00000001015edb20 : combase!ThreadInvoke+0x488 [d:blue_gdrcomcombasedcomremchannelb.cxx @ 5488]
    00000001
    00def000 00007ffd55cf2517 : 0000000200000002 00000fb000001000 0000000100def1b8 000000008b0c1a26 : RPCRT4!DispatchToStubInCNoAvrf+0x14
    00000001
    00def050 00007ffd55d06ebf : 0000000100142fb0 0000000000000000 0000000100000000 00000001001318a0 : RPCRT4!RPC_INTERFACE::DispatchToStubWorker+0x177
    00000001
    00def150 00007ffd55cf2cc1 : 000000008b0c1a26 00000001001318a0 0000000000000000 00000001001318a0 : RPCRT4!LRPC_SCALL::DispatchRequest+0x531
    00000001
    00def250 00007ffd55cf2a97 : 0000159d00000000 0000000000000001 0000000100000000 0000000000000000 : RPCRT4!LRPC_SCALL::HandleRequest+0x201
    00000001
    00def300 00007ffd55cf1d04 : 0000000100120c80 0000000000000002 00007ffd55d49b24 0000000000000000 : RPCRT4!LRPC_SASSOCIATION::HandleRequest+0x237
    00000001
    00def390 00007ffd55cf1afe : 0000000100def758 0000000000000000 ffffffffffffffff 00007ffd55d49b24 : RPCRT4!LRPC_ADDRESS::ProcessIO+0x36d
    00000001
    00def4d0 00007ffd5622af76 : 0000000000000001 0000000000000000 000000007ffe03b0 0000000100def588 : RPCRT4!LrpcIoComplete+0xae
    00000001
    00def570 00007ffd562291e3 : 0000000000000000 0000000000000000 0000000000000000 00000001001eeb80 : ntdll!TppAlpcpExecuteCallback+0x1d6
    00000001
    00def5e0 00007ffd559716ad : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : ntdll!TppWorkerThread+0x3b3
    00000001
    00def9d0 00007ffd56274629 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : KERNEL32!BaseThreadInitThunk+0xd
    00000001
    00defa00 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d

    STACK_COMMAND: kb

    FOLLOWUP_NAME: MachineOwner

    IMAGE_VERSION:

    FAILURE_BUCKET_ID: 0xEF_WmiPrvSE.exe_IMAGE_wininit.exe

    BUCKET_ID: 0xEF_WmiPrvSE.exe_IMAGE_wininit.exe

    ANALYSIS_SOURCE: KM

    FAILURE_ID_HASH_STRING: km:0xef_wmiprvse.exe_image_wininit.exe

    FAILURE_ID_HASH: {dd961e7f-9fb2-75de-5c19-5602ba5ccdd2}

    Followup: MachineOwner


    Jason

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.