Random BSOD's on SMB Protocol Packets

-

hello technet's,

i'm receiving random bsods while , decided get's rather irritating. i've tried reading memory.dmp (which not created every time bsod happens) can't figure out problem is.

i see possible error hardware related issue, i've checked drivers , seem up2date.

could take @ memory,dmp analysis , point me right direction?

microsoft (r) windows debugger version 6.3.9600.17336 amd64 copyright (c) microsoft corporation. rights reserved.   loading dump file [c:\windows\memory.dmp] kernel bitmap dump file: kernel address space available   ************* symbol path validation summary ************** response                         time (ms)     location deferred                                       srv*c:\windows\symbol_cache*http://msdl.microsoft.com/download/symbols symbol search path is: srv*c:\windows\symbol_cache*http://msdl.microsoft.com/download/symbols executable search path is: windows 8 kernel version 9600 mp (8 procs) free x64 product: server, suite: terminalserver singleuserts built by: 9600.17936.amd64fre.winblue_ltsb.150715-0840 machine name: kernel base = 0xfffff801`a207b000 psloadedmodulelist = 0xfffff801`a23507b0 debug session time: tue aug 25 23:44:47.838 2015 (utc + 2:00) system uptime: 4 days 9:34:11.660 loading kernel symbols ............................................................... ................................................................ ............... loading user symbols  loading unloaded module list ...... ******************************************************************************* *                                                                             * *                        bugcheck analysis                                    * *                                                                             * *******************************************************************************  use !analyze -v detailed debugging information.  bugcheck 1e, {ffffffffc0000005, fffff80073b0a142, 0, 302}  caused : hardware ( srv2!smb2validateprovidercallback+142 )  followup: machineowner ---------  1: kd> !analyze -v ******************************************************************************* *                                                                             * *                        bugcheck analysis                                    * *                                                                             * *******************************************************************************  kmode_exception_not_handled (1e) common bugcheck.  exception address pinpoints driver/function caused problem.  note address link date of driver/image contains address. arguments: arg1: ffffffffc0000005, exception code not handled arg2: fffff80073b0a142, address exception occurred @ arg3: 0000000000000000, parameter 0 of exception arg4: 0000000000000302, parameter 1 of exception  debugging details: ------------------   read_address: unable nt!mmnonpagedpoolstart unable nt!mmsizeofnonpagedpoolinbytes  0000000000000302  exception_code: (ntstatus) 0xc0000005 - instruction @ 0x%08lx referenced memory @ 0x%08lx. memory not %s.  faulting_ip: srv2!smb2validateprovidercallback+142 fffff800`73b0a142 0300            add     eax,dword ptr [rax]  exception_parameter2:  0000000000000302  bugcheck_str:  0x1e_c0000005_r  default_bucket_id:  win8_driver_fault  process_name:  system  current_irql:  0  analysis_version: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre  trap_frame:  ffffd0002ba23ba0 -- (.trap 0xffffd0002ba23ba0) note: trap frame not contain registers. register values may zeroed or incorrect. rax=0000000000000302 rbx=0000000000000000 rcx=0000000000000006 rdx=000000000000ffff rsi=0000000000000000 rdi=0000000000000000 rip=fffff80073b0a142 rsp=ffffd0002ba23d30 rbp=ffffd0002ba23dc0  r8=ffffe001512546f0  r9=fffff80073b01010 r10=fffff80073b01800 r11=00000000000002ff r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0         nv ei pl nz na po nc srv2!smb2validateprovidercallback+0x142: fffff800`73b0a142 0300            add     eax,dword ptr [rax] ds:00000000`00000302=???????? resetting default scope  misaligned_ip: srv2!smb2validateprovidercallback+142 fffff800`73b0a142 0300            add     eax,dword ptr [rax]  last_control_transfer:  fffff801a21f8141 fffff801a21ca9a0  stack_text:   ffffd000`2ba232c8 fffff801`a21f8141 : 00000000`0000001e ffffffff`c0000005 fffff800`73b0a142 00000000`00000000 : nt!kebugcheckex ffffd000`2ba232d0 fffff801`a21d65c2 : ffffe001`50e1b300 ffffd000`2ba23a40 ffffe001`4dcc2900 fffff801`a20ce077 : nt! ?? ::fnodobfm::`string'+0x1d281 ffffd000`2ba239c0 fffff801`a21d4d14 : 00000000`00000000 ffffe001`50f2e588 79e263cb`ad559f00 dfb3c531`75c9fae0 : nt!kiexceptiondispatch+0xc2 ffffd000`2ba23ba0 fffff800`73b0a142 : ffffe001`50e1b400 00000000`0000000c 00000000`00000000 00000000`000000ff : nt!kipagefault+0x214 ffffd000`2ba23d30 fffff800`73b0a607 : ffffe001`50f35010 ffffe001`50f2e010 ffffe001`512546f0 ffffe001`50f2e010 : srv2!smb2validateprovidercallback+0x142 ffffd000`2ba23e20 fffff800`73b0819f : ffffe001`512a9900 ffffe001`512a9900 00000000`00000000 ffffe001`50f2e010 : srv2!srvprocesspacket+0xed ffffd000`2ba23ee0 fffff801`a21ce2f7 : ffffe001`512a9900 ffffe001`00000001 ffffe001`0000000f b041493c`0000001e : srv2!srvprocpworkerthreadprocessworkitems+0x18f ffffd000`2ba23f80 fffff801`a21ce2bd : fffff800`73b09f01 00000000`0000c000 00000000`00000003 fffff801`a21361ad : nt!kxswitchkernelstackcallout+0x27 ffffd000`2bbccb40 fffff801`a21361ad : 00000000`00000012 fffff800`73b09f01 00000000`00000006 ffffe001`50e1b300 : nt!kiswitchkernelstackcontinue ffffd000`2bbccb60 fffff800`73ac8926 : fffff800`73b08010 ffffe001`512a9900 00000000`00000000 00000000`00000000 : nt!keexpandkernelstackandcalloutinternal+0x2fd ffffd000`2bbccc50 fffff801`a21001cf : fffff800`73b09fdc ffffe001`50e1b300 ffffe001`512a9958 fffff800`72361de0 : srv2!srvprocworkerthreadcommon+0x66 ffffd000`2bbccc90 fffff801`a21790a8 : 00000000`00000000 ffffe001`50e1b300 00000000`00000080 ffffe001`50e1b300 : nt!expworkerthread+0x69f ffffd000`2bbccd40 fffff801`a21d0fc6 : ffffd000`20940180 ffffe001`50e1b300 ffffd000`2094c3c0 00000000`00000000 : nt!pspsystemthreadstartup+0x58 ffffd000`2bbccda0 00000000`00000000 : ffffd000`2bbcd000 ffffd000`2bbc7000 00000000`00000000 00000000`00000000 : nt!kistartsystemthread+0x16   stack_command:  kb  followup_ip: srv2!smb2validateprovidercallback+142 fffff800`73b0a142 0300            add     eax,dword ptr [rax]  symbol_stack_index:  4  symbol_name:  srv2!smb2validateprovidercallback+142  followup_name:  machineowner  image_name:  hardware  debug_flr_image_timestamp:  0  module_name: hardware  failure_bucket_id:  ip_misaligned_srv2.sys  bucket_id:  ip_misaligned_srv2.sys  analysis_source:  km  failure_id_hash_string:  km:ip_misaligned_srv2.sys  failure_id_hash:  {e70e9d87-56a4-db40-e8b4-2f99601cdfd3}  followup: machineowner --------


i >>think<< issue smb , network adapter, knowledge of subject partial.

thanks in advance,

alex


hi alexb,

since dump file indicates issue may caused ip_misaligned_srv2.sys. may check following things:

  1. install windows updates , verify again device drivers date.
  2. check if there’s malware in system damage, corrupt, or delete sys related files.
  3. check windows system files use command sfc/scannow
  4. use command chkdsk scan hard disk.

here detailed information command chkdsk:

https://technet.microsoft.com/en-us/library/cc730714.aspx

best regards,

anne he

please remember mark replies answers if , unmark them if provide no help. if have feedback technet support, contact tnmff@microsoft.com.





Windows Server  >  Platform Networking



Comments

Post a Comment

Popular posts from this blog

WIMMount (HSM) causing cluster storage to go redirected (2012r2 DC)

-
looking options resolve error , prevent in future. thanks help. hardware: 2 node dell hv cluster running2012r2 dc 8 nic/ea in multiplex mode 4x hyper-v 4x hosts storage: 2x synology nas, accessed through iscsi hosts , cluster relevant logs: log name:      microsoft-windows-failoverclustering/diagnostic source:        microsoft-windows-failoverclustering date:          event id:      2050 task category: none level:         warning keywords:       user:          system computer:      l description: [dcm] filter wimmount found @ unsafe altitude 180700 log name:      system source:        microsoft-windows-failoverclustering date:         event id:      5125 task category: cluster shared volume level:         warning keywords:       user:          system computer: description: cluster shared volume 'volume1' ('cluster disk 1') has identified 1 or more active filter drivers on device stack interfere csv operatio
Read more

Failed to delete the test record dcdiag-test-record in zone test.com

-
ps c:\users\administrator.test> dcdiag /test:dns directory server diagnosis performing initial setup:    trying find home server...    home server = dc02    * identified ad forest.    done gathering initial info. doing initial required tests    testing server: default-first-site-name\dc02       starting test: connectivity          ......................... dc02 passed test connectivity doing primary tests    testing server: default-first-site-name\dc02       starting test: dns          dns tests running , not hung. please wait few minutes...          ......................... dc02 passed test dns    running partition tests on : forestdnszones    running partition tests on : domaindnszones    running partition tests on : schema    running partition tests on : configuration    running partition tests on : test    running enterprise tests on : test.com       starting test: dns          test results domain
Read more

Azure MFA with Azure AD and RDS

-
i have setup following lab in azure , need help. a server (domain controller) , remote desktop services. and server multi factor authentication server. i have setup following one http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/ and when im connecting got following error. the user "domain\username", on client computer "xxx.xxx.xxx.xxx", did not meet connection authorization policy requirements , therefore not authorized access rd gateway server. authentication method used was: "ntlm" , connection protocol used: "rpc-http". following error occurred: "23003". also on security log i've got following authentication details: connection request policy name: ts gateway authorization policy network policy name: - authentication provider: radius proxy authentication server: test.test.local authentication type: - eap t
Read more