Sign in with
Sign up | Sign in
Your question

Windows Server shutsdown

Tags:
  • Windows Server
  • Computers
  • Business Computing
  • Servers
Last response: in Business Computing
Share
March 16, 2014 7:45:00 PM

Hi everyone,

A customer of my company I work for has a server that is shutting down frequently.
It created a dump file but the customer cannot send the file because its 89mb big.

He did send me the event logs.

But the only thing I see is this:
The computer has been rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0x000000000000ffff, 0xfffff8805d3f9a8, 0xfffff88005d3f200). A dump file was saved in c:\windows\MEMORY.DUMP

Now before I need to request for remote access to look into the dump file. Is there anything else I can do. I googled the 0x0000007e (0xffffffffc0000005, 0x000000000000ffff, 0xfffff8805d3f9a8, 0xfffff88005d3f200) numbers but I cannot find anything that helps me out.

PS: The customer of my company is like on the other side of the world for me, also the server I cannot shut down, because it is attached to a plant. So I cannot simply just reboot and run some tests in DOS.

Can anyone provide me some more information on what to do before I request a remote connection to the server that is having these issues.

More about : windows server shutsdown

March 17, 2014 7:54:35 AM

unfortunately the 0x0000007e has a general use.
you can use sites like bigmail and such to send the dump file.
there is a utility that might help you read the dump file i came across googling : http://www.nirsoft.net/utils/blue_screen_view.html

as a plan of action you need either schedule down time for this computer or replace it while you try fix.

try this checks :

changed software (also av)
any windows updates
drivers updated recently
run chkdsk /f
check registry for corruptions
memory
HD for bad sectors
try scan for viruses
run sfc

basically you cant avoid downtime :heink: 

good luck
m
0
l
March 17, 2014 7:14:38 PM

Thanks for your reply. I kinda knew it would come down to have to take the server down.
Anyways I got the memory.dmp file from the server, debugged it on my computer at the office.

The debugger said this:
Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP:
+16
00000000`0000ffff ?? ???

EXCEPTION_RECORD: fffff88005d3f9a8 -- (.exr 0xfffff88005d3f9a8)
ExceptionAddress: 000000000000ffff
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000008
Parameter[1]: 000000000000ffff
Attempt to execute non-executable address 000000000000ffff

CONTEXT: fffff88005d3f200 -- (.cxr 0xfffff88005d3f200)
rax=0000000000000020 rbx=fffffa800a103b60 rcx=0000000000000000
rdx=fffff88018741b20 rsi=fffffa8006c9bb30 rdi=0000000000000001
rip=000000000000ffff rsp=fffff88005d3fbe8 rbp=0000000000000080
r8=fffff88005d3fc48 r9=fffff88005d3fc44 r10=0000000000000000
r11=fffff880009c6180 r12=fffffa800a1021b0 r13=fffff88018732820
r14=0000000000000000 r15=fffff88001fb5040
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
00000000`0000ffff ?? ???
Resetting default scope

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1: 0000000000000008

EXCEPTION_PARAMETER2: 000000000000ffff

WRITE_ADDRESS: 000000000000ffff

FOLLOWUP_IP:
sntie+5db9
fffff880`18708db9 6689442420 mov word ptr [rsp+20h],ax

FAILED_INSTRUCTION_ADDRESS:
+55542faf02e3d91c
00000000`0000ffff ?? ???

BUGCHECK_STR: 0x7E

LAST_CONTROL_TRANSFER: from fffff88018708db9 to 000000000000ffff

STACK_TEXT:
fffff880`05d3fbe8 fffff880`18708db9 : 00000000`00000000 fffff880`18709db9 fffffa80`0a1021b0 00000000`00000001 : 0xffff
fffff880`05d3fbf0 fffff880`18709ad3 : 00000000`0a100000 00000000`00000000 fffff880`009c6100 00000000`00000080 : sntie+0x5db9
fffff880`05d3fc40 fffff880`18732d97 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : sntie+0x6ad3
fffff880`05d3fc70 fffff800`01f28166 : fffffa80`0a1021b0 00000000`00000000 00000000`00000000 00000000`00000000 : sntie+0x2fd97
fffff880`05d3fd00 fffff800`01c63486 : fffff880`01fb0180 fffffa80`0a103b60 fffff880`01fbb0c0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`05d3fd40 00000000`00000000 : fffff880`05d40000 fffff880`05d3a000 fffff880`05d3f9c0 00000000`00000000 : nt!KxStartSystemThread+0x16


SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: sntie+5db9

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: sntie

IMAGE_NAME: sntie.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 50487671

STACK_COMMAND: .cxr 0xfffff88005d3f200 ; kb

FAILURE_BUCKET_ID: X64_0x7E_BAD_IP_sntie+5db9

BUCKET_ID: X64_0x7E_BAD_IP_sntie+5db9

Followup: MachineOwner
---------

1: kd> lmvm sntie
start end module name
fffff880`18703000 fffff880`187ae000 sntie (no symbols)
Loaded symbol image file: sntie.sys
Image path: \SystemRoot\system32\DRIVERS\sntie.sys
Image name: sntie.sys
Timestamp: Thu Sep 06 18:09:53 2012 (50487671)
CheckSum: 000545E7
ImageSize: 000AB000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
1: kd> lmvm sntie
start end module name
fffff880`18703000 fffff880`187ae000 sntie (no symbols)
Loaded symbol image file: sntie.sys
Image path: \SystemRoot\system32\DRIVERS\sntie.sys
Image name: sntie.sys
Timestamp: Thu Sep 06 18:09:53 2012 (50487671)
CheckSum: 000545E7
ImageSize: 000AB000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

As you can see the file called: sntie.sys caused the crash. This is Siemens Automation software.
So something went wrong with the Siemens software. I think I will go contact Siemens now.

If anyone has more feedback etc. Feel free to post
m
0
l
!