@nutter39
Peter Line replied to the topic BSOD events – help to identify the cause in IT Administration Forum 1 year, 8 months ago
Hi Ingmar, yes I agree with that statement RE: Hard to determine cause from the output!
And yes, I did go through device manager and manually request latest updates for each individual driver requirement. Also ran a manual firmware update on the server to ensure latest installed.
I’m wondering if it could a (lack of) memory issue? It’s got only 8GB installed and it’s running everything – it’s a DC, file and print, back ups (storage craft). Seems to sit frequently on 85-90% used memory.
Peter Line replied to the topic BSOD events – help to identify the cause in IT Administration Forum 1 year, 8 months ago
I can’t seem to upload a zipped version of the dump so here are a couple of outputs:
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff8033938492d). A dump was saved in: C:WindowsMEMORY.DMP. Report Id: 197615de-f68d-4666-bb51-040224f50ef5.rn
Microsoft (R) Windows Debugger Version 10.0.18362.1 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.Loading Dump File [C:WindowsMinidump�80620-26484-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available************* Path validation summary **************
Response Time (ms) Location
Deferred SRV*C:Windowssymbol_cache*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*C:Windowssymbol_cache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Unable to load image SystemRootsystem32ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn’t have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing “.symopt- 100”. Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_MMPTE_TRANSITION ***
*** ***
*************************************************************************
Windows 10 Kernel Version 14393 MP (2 procs) Free x64
Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS
Built by: 14393.3808.amd64fre.rs1_release.200707-2105
Machine Name:
Kernel base = 0xfffff8033928b000 PsLoadedModuleList = 0xfffff803
3958f0a0
Debug session time: Thu Aug 6 06:06:27.523 2020 (UTC + 10:00)
System Uptime: 9 days 20:49:09.685
Unable to load image SystemRootsystem32ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn’t have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing “.symopt- 100”. Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_MMPTE_TRANSITION ***
*** ***
*************************************************************************
Loading Kernel Symbols
.Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.……………………………………………………..
……………………………………………………….
……………………
Loading User Symbols
Loading unloaded module list
………….************* Symbol Loading Error Summary **************
Module name Error
ntoskrnl The system cannot find the file specifiedYou can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
You should also verify that your symbol search path (.sympath) is correct.
For analysis of this file, run !analyze -v
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000008, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff8033938492d, address which referenced memoryDebugging Details:
——————***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn’t have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing “.symopt- 100”. Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_EPROCESS ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn’t have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing “.symopt- 100”. Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn’t have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing “.symopt- 100”. Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn’t have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing “.symopt- 100”. Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn’t have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing “.symopt- 100”. Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn’t have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing “.symopt- 100”. Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KTHREAD ***
*** ***
*************************************************************************Peter Line started the topic BSOD events – help to identify the cause in IT Administration Forum 1 year, 8 months ago
Hi, I have some BSOD events occurring on a Windows Server 2016, HP Microserver Gen 10 that I need some help to identify the cause of. Normally using Win DBG you can see the ‘probably caused by’ at the bottom of the dump output, but for some reason that does not happen.
Can someone please help me to identify what could be the cause of these intermittent BSOD crashes? I will attach the latest for help.
Hi, I need to find a specific AD user account's logged in activity over past 30 days or so into a TS cluster of 3 x Terminal Servers. I've tried a couple of scripts but can't seem to get it to work how I want it, anyone ever done this before and know how to create a PS script like this?
Thanks!
Peter Line started the topic PowerShell script for finding AD user last log on times via RDP to a TS cluster in
PowerShell Forum 1 year, 8 months agoHi,
I’ve been tasked with checking a specific AD user account for it’s last logged on times over past 30 days into a TS cluster of three terminal servers. I’ve tried trawling multiple event logs and filtering but every time the specific user filter is applied, the results come back with zero.
Is there a PowerShell script that could be slightly adjusted with the required details to find what I am after?
Thanks!
Peter Line joined the group
PowerShell 1 year, 8 months ago
Peter Line started the topic Printers not connecting on Windows Server 2012 R2 Terminal Server in IT Administration Forum 2 years ago
Having an ongoing issue with a Windows Server 2012 R2 Terminal Server I’m hoping someone can help with as it’s starting to really tear my hair out.
I have 2 x Windows Server 2012 R2 Terminal Servers. One is completely fine, whilst the other is having a lot of issues including printers, missing mapped drives and slow boot times, which seem to have come about since the Terminal Server crashed a month or two ago & had to be brought back with a ‘last known good configuration’ boot.
It has GPO deployed printers courtesy of a File & Print Server (also domain controller) where the printers are mapping to the terminal server, but appearing as disconnected or greyed out. If you hover over them they come up as status ‘not connected’ and if you try to add any additional printers, an error occurs (as attached).
A work around to resolve this issue temporarily appears to be renaming the registry key on the problematic terminal server: HKLMSoftwareMicrosoftWindows NTCurrentVersionPrintProvidersClient Side Rendering Print Provider
However after around 1 day the issue then returns again where printers become greyed out or in a disconnected state.
I know GPO deployed printers in a terminal server environment is not an ideal method to use however I must note that the 2nd Terminal Server is operating fine with absolutely no issues.
I’ve googled the attached error relentlessly and found that there is not a lot of useful info that matches to a fix.
If anyone has encountered the issues reported before, particularly with printers, please let me know as I would be ever so grateful.
Peter Line became a registered member 2 years, 6 months ago
