Hi All,
I am facing a problem with my domain controller it gives me blue screen, tcpip.sys.
I've attached thye mini dump files.
There server is Dell PowerEdge R170, with Windown Server 2008 Standered .
Thanks,
haitham
Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
Hi All,
I am facing a problem with my domain controller it gives me blue screen, tcpip.sys.
I've attached thye mini dump files.
There server is Dell PowerEdge R170, with Windown Server 2008 Standered .
Thanks,
haitham
You'll be glad to know this is a pretty simple error and should be very easy to resolve.
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 00000000000000ff, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, value 0 = read operation, 1 = write operation Arg4: fffffa60010287f0, address which referenced memory
So an attempt to read invalid memory (0xff) at an IRQL of 2 (DPC/Dispatch level) had occurred.
4: kd> .trap 0xfffffa6001a5a410 NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=00000000000000ff rbx=0000000000000000 rcx=0000000000004440 rdx=fffffa800c954010 rsi=0000000000000000 rdi=0000000000000000 rip=fffffa60010287f0 rsp=fffffa6001a5a5a0 rbp=0000000000000000 r8=0000000000000000 r9=fffffa800c954010 r10=0000000000000000 r11=fffffa6001a5a580 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc tcpip! ?? ::FNODOBFM::`string'+0x29057: fffffa60`010287f0 8b08 mov ecx,dword ptr [rax] ds:00000000`000000ff=????????
So an attempt to copy the address which was stored as a pointer in the rax registers was copied to the ecx register which resulted in a memory write to 0xff.
This address is invalid, although the page table entries aren't saved the first usable address I believe is 0x10000 but even this is reserved for user mode boot processes.
fffffa60`01a5a2c8 fffff800`01abd1ee : 00000000`0000000a 00000000`000000ff 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffffa60`01a5a2d0 fffff800`01abc0cb : 00000000`00000000 fffffa60`0114d050 00000000`00000002 fffffa80`08c3b870 : nt!KiBugCheckDispatch+0x6e fffffa60`01a5a410 fffffa60`010287f0 : 00000000`00000000 fffffa80`08c3b870 00000000`00000000 fffffa80`046ea400 : nt!KiPageFault+0x20b fffffa60`01a5a5a0 fffffa60`010534dd : fffffa60`011463e8 00000000`00000020 fffffa80`0468e000 fffffa80`07834030 : tcpip! ?? ::FNODOBFM::`string'+0x29057 fffffa60`01a5a680 fffffa60`01063921 : fffffa80`0c7fa3e0 00000000`00000000 00000000`00000001 00000000`00000001 : tcpip!IpFlcReceivePackets+0x8ad fffffa60`01a5a880 fffffa60`01062ccb : fffffa80`0c7fa3e0 00000000`00000000 00000000`00000011 fffffa80`046d2080 : tcpip!IpFlcReceivePreValidatedPackets+0x831 fffffa60`01a5a9e0 fffffa60`009b20bc : fffffa80`0c969aa0 00000000`00000000 fffffa80`0c969a00 fffffa80`048151a0 : tcpip!FlReceiveNetBufferListChain+0x9b fffffa60`01a5aa30 fffffa60`0097aa5c : fffffa80`0c969aa0 00000000`00000000 fffffa80`0c7c7620 00000000`00000000 : NDIS!ndisMIndicateNetBufferListsToOpen+0xac fffffa60`01a5aa80 fffffa60`0085985e : fffffa80`048151a0 00000000`00000000 fffffa80`08dea6d0 fffffa60`02a094c5 : NDIS!ndisMDispatchReceiveNetBufferLists+0x36c fffffa60`01a5af00 fffffa60`0080f6f7 : 00000000`00000000 fffffa80`08c3b870 00001306`00000000 ffff0000`03045c5e : NDIS!ndisMDispatchReceiveNetBufferListsWithLock+0xde fffffa60`01a5af70 fffffa60`02a1a6db : 00000000`00000000 00000000`00000000 fffffa80`08c3b870 fffffa80`08dc3000 : NDIS!NdisMIndicateReceiveNetBufferLists+0x67 fffffa60`01a5afb0 00000000`00000000 : 00000000`00000000 fffffa80`08c3b870 fffffa80`08dc3000 00000000`00000001 : basp+0x126db
In the callstack we can see basp calling ndis (Network Driver Interface Specification) processing net buffer lists over a network, tcpip (Transmission Control Protocol/Internet Protocol) receives the data and probably tries to save it, it uses a bad instruction pointer and therefore accesses the wrong address.
basp is the Broadcom Advanced Server Program driver which is making bad calls.
4: kd> lmvm basp start end module name fffffa60`02a08000 fffffa60`02a25000 basp T (no symbols) Loaded symbol image file: basp.sys Image path: \SystemRoot\system32\DRIVERS\basp.sys Image name: basp.sys Timestamp: Mon May 10 23:10:49 2010 (4BE88469) CheckSum: 0002377F ImageSize: 0001D000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
With this driver being over four years old I'm not surprised it's causing problems.
You should be able to update it here.
http://www.broadcom....loaddrivers.php
Any other problems let me know.
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.