Hi,

users complain that one server is performing slow randomly. I would need to collect data when CPU load is above 80%. In this data I would need to find out how much different porcesses are using CPU. Is this possible to do with Performance monitor or other free software? I tried to look at pefrom, but I cannot find where to set the trigger and logging actions.

Dear All,

I am new admin.

I have created a Virtual Server and I have configured an IP address provided to me by the NW admin.

So now I have to request the NW admin to allow this IP to be remotely connected through remote desktop connection.

If this IP is allowed for the Remote Desktop connection then can I enter the same IP address in the Browser's address bar and access this virtual server on theLocal Network.

If Yes, then I am very happy to know this info.

If no, then please provide me steps to make this IP accessible through the browser's address bar (on the Local Network).

Please provide me necessary info as I have to make this task completed as Instructed by the client.

Best Regards,

Ahmed

Hi, I have enabled archive option for my windows logs in the event viewer. The archive logs are growing very fast and is taking up a lot of disk space. Anyone knows is there a way to delete the archive logs automatically so that only a few days are retain?

I tried to create a batch file but it cannot move or delete any files from that folder. Somehow that folder permissions are different from the rest.

Is it possible?

Hello,

I'm experiencing problem with Page Table memory leak on Server 2008 R2 Standard. This servers is a Terminal Services server, users connects to it on daily basis and everything is working fine till server suddenly stops accepting new connections until hard rebooted. I identified that reason for this is Page Table grown over time, see screenshots captured on different days: just after reboot (http://i57.tinypic.com/10seiz7.png), on third day of working (http://i57.tinypic.com/2mcbp8j.png), after a week (http://i58.tinypic.com/sllouh.png). I've also found the reason for Page Table grown, it is caused by RDP connections DOS from different Internet hosts causing system processes (csrss.exe, LogonUI.exe, smss.exe, winlogon.exe) to allocate memory in Page Table and doesn't return it after usage. Unfortunately, for different reasons there is not possible to implement whitelist filtering on rdp port, so my question is: is problem with Page Table leak because of RDP connections is known? Maybe, some hotfix available?

Thanks in advance.

how to create user profile?

 How to copy and paste NTUSER.DAT file?

Iam not getting as per copy&paste, not getting rename.

I recently purchased an still-shrinked box of Windows Server 2008 Standard.

I am upgrading a server from 2003 to 2008 (hardware and tools here are all 32-bit).

It Installed in a snap (on a nice big clean drive). Then I realized the clock was ticking on activation.

I have tried two options concerning activation.

[ACTIVATE WINDOWS ONLINE]

Click the button, wait 1 minute and I receive,

Windows Activation Error   Code 0x8007232B

  Description:   DNS name does not exist

(my research finds lots of talk about KMS Host servers, but I'm unsure if/how that might apply to a lone machine in my office used to run vmware)

So, the other choice is,

[CHANGE PRODUCT KEY]

I enter the key taken from the nice plastic box, 25 chars, and after about a minute it tells me,

"The Product key you have entered does not appear to be valid"

Damn, they have me coming and going.

Is there someone out there that can shed light on this, please?

tonyM

Hi, I have a small domain spanned across two different subnets. Each subnet has its own domain controller, and the two networks are linked via IP routing.

Network connectivity between the two subnets is good - replication between the two DCs is happening smoothly, and every workstation can access every other workstation regardless of which subnet they're on.

The problem is that network browsing doesn't seem to work across the subnets. If a user knows the name of the machine they're connecting to, then they can enter that name into Explorer's address bar and it will connect fine. But when they go to "Network" or "My Network Places", only the machines from their own subnet appear there. When a user goes to "My Network Places" (or just "Network" in Win7's Explorer) then I would like them to see all the machines on both subnets, not just their own subnet.

Both DCs are running Server 2008 R2. What do I need to do to get network/computer browsing to work across the two subnets?

Hey all,

So I've been working on storing TPM and Bitlocker info into AD DS, now I know there was an addition you could add to RSAT snap-in to get a display box.. I didn't install this add on and instead I just setup a new 2012 R2 DC, which when adding the AD DS role runs AD-prep and extends the schema to hold and store TPM and bitlocker info for Windows 8 machines and up..

Now, I'm testing with a Windows 7 machine, I find that the msTPM-OwnerInformation under the Computer object in question does indeed store the TPM info... that's nice... and when I'm in the AD UC snap-in for MMC on my windows 8 machine I find that after the ad-prep that the server 2012 did, it added the "Bit-Locker" tab you'd expect to find the bitlocker key, but it instead shows no data... mmmm and states to use the find bitlocker sub command from right clicking the domain in AD UC and selecting find Bit-locker key by entering the first 8 strings of the bitlocker ID...

Alright awesome, I set the required GPO to enforce bitlocker to enable only if it can contact AD, test and working great!

When I enter the first 8 characters of the bitlocker ID, it reports back that it doesn't find any associated keys...

What am I doing wrong?!

I am in a unique and difficult situation.

I am the Network Administrator for a medical clinic, however, the original network designer has remote admin access to the entire network who seldom returns my calls, emails, and texts.

A couple of weeks ago (1/14/2015), he updated the Group Policy to open up some ports (did not tell me which ones) and had me do a GPUPDATE /FORCE on all of the machines.  He also renewed the license and pushed for the network install or update for our antivirus software ESET.

The following day, most of our workstations had a black screen that lasted anywhere from 3-10 minutes after Windows login.

See the video here: https://www.youtube.com/watch?v=YvG0mMETQSc

This login issue is now the standard and even applies when I (an administrator) try to log in to all of our servers remotely or locally at the terminal.  One of our file servers will only log into Safe Mode now.

Can anybody here point me in the direction of where I should be looking?  I am in the lose/lose situation of not knowing the configuration of the network beyond what is visible and obvious -- that is, I am completely familiar with the physical set up, but the logical set up still remains a mystery in many aspects.

Thank You!

Hi Friends,

I need your help in one of the Windows server unexpected reboot. Please find the below details.

We have an Windows Cluster 2008 R2 servers (N1 & N2). All of sudden, N2 node is getting unexpected reboots from past couple of weeks. We found that PSP and NIC drivers were old versions. Performed the change to update the PSP, NIC drivers, Firmware and HP NCU. We can able to update successfully all components except NCU driver. When we try to upgrade this driver getting BSOD while server reboot. During the server we got memory dump. Here are technical information for further understood.

I am very sorry it is not correct Forum for this issue but please help me

OS version: Windows Server 2008 R2

Cluster: Yes

Network Cards Model: hp ethernet 1gb 4-port 331flr adapter

Current CPQTEAM.SYS version: 10.65.0.0

Upgrading to : 10.90.0.0 (B)

Please find the below Memory dump to understand the issue. 

Need resolution Who can i update the cpqteam.sys without BSOD update.

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86

Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [D:\Users\a076901x\Desktop\MEMORY.DMP]

Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

Executable search path is:

Windows 7 Kernel Version 7601 (Service Pack 1) MP (16 procs) Free x64

Product: Server, suite: Enterprise TerminalServer SingleUserTS

Built by: 7601.22908.amd64fre.win7sp1_ldr.141211-1743

Machine Name:

Kernel base = 0xfffff800`0181a000 PsLoadedModuleList = 0xfffff800`01a5d890

Debug session time: Thu Jan 29 03:00:56.188 2015 (GMT+1)

System Uptime: 4 days 16:43:20.962

Loading Kernel Symbols

...............................................................

................................................................

...................................

Loading User Symbols

PEB is paged out (Peb.Ldr = 000007ff`fffd9018).  Type ".hh dbgerr001" for details

Loading unloaded module list

........................................

*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C5, {ffffffff3bbc8128, 2, 1, fffff800019c3fad}

*** ERROR: Module load completed but symbols could not be loaded for cpqteam.sys

*** ERROR: Module load completed but symbols could not be loaded for b57nd60a.sys

PEB is paged out (Peb.Ldr = 000007ff`fffd9018).  Type ".hh dbgerr001" for details

PEB is paged out (Peb.Ldr = 000007ff`fffd9018).  Type ".hh dbgerr001" for details

Probably caused by : hardware ( cpqteam+8168 )

Followup: MachineOwner

---------

4: kd> !analyze -v

*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)

An attempt was made to access a pageable (or completely invalid) address at an

interrupt request level (IRQL) that is too high.  This is

caused by drivers that have corrupted the system pool.  Run the driver

verifier against any new (or suspect) drivers, and if that doesn't turn up

the culprit, then use gflags to enable special pool.

Arguments:

Arg1: ffffffff3bbc8128, memory referenced

Arg2: 0000000000000002, IRQL

Arg3: 0000000000000001, value 0 = read operation, 1 = write operation

Arg4: fffff800019c3fad, address which referenced memory

Debugging Details:

------------------

PEB is paged out (Peb.Ldr = 000007ff`fffd9018).  Type ".hh dbgerr001" for details

PEB is paged out (Peb.Ldr = 000007ff`fffd9018).  Type ".hh dbgerr001" for details

BUGCHECK_STR:  0xC5_2

CURRENT_IRQL:  2

FAULTING_IP:

nt!ExFreePoolWithTag+20d

fffff800`019c3fad 1080080000ff    adc     byte ptr [rax-0FFFFF8h],al

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  Volvo.PLS.Prep

TRAP_FRAME:  fffff880023843a0 -- (.trap 0xfffff880023843a0)

NOTE: The trap frame does not contain all registers.

Some register values may be zeroed or incorrect.

rax=ffffffff3cbc8120 rbx=0000000000000000 rcx=0000000000002224

rdx=fffff88002363000 rsi=0000000000000000 rdi=0000000000000000

rip=fffff800019c3fad rsp=fffff88002384530 rbp=0000000000000000

r8=0000000000011120  r9=0000000000000050 r10=fffff8000181a000

r11=00000000000006d4 r12=0000000000000000 r13=0000000000000000

r14=0000000000000000 r15=0000000000000000

iopl=0         nv up ei ng nz na pe cy

nt!ExFreePoolWithTag+0x20d:

fffff800`019c3fad 1080080000ff    adc     byte ptr [rax-0FFFFF8h],al ds:0050:ffffffff`3bbc8128=??

Resetting default scope

MISALIGNED_IP:

nt!ExFreePoolWithTag+20d

fffff800`019c3fad 1080080000ff    adc     byte ptr [rax-0FFFFF8h],al

LAST_CONTROL_TRANSFER:  from fffff8000188c769 to fffff8000188d1c0

STACK_TEXT: 

fffff880`02384258 fffff800`0188c769 : 00000000`0000000a ffffffff`3bbc8128 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx

fffff880`02384260 fffff800`0188b3e0 : fffffa80`285cf020 fffff880`01c16dd7 00000000`00000000 fffffa80`217a5510 : nt!KiBugCheckDispatch+0x69

fffff880`023843a0 fffff800`019c3fad : fffffa80`217a5510 00000000`00000050 00000000`00000002 00000000`00000000 : nt!KiPageFault+0x260

fffff880`02384530 fffff880`00edf568 : fffffa80`1b5b8370 fffffa80`28481000 fffffa80`4449544e fffffa80`000006cc : nt!ExFreePoolWithTag+0x20d

fffff880`023845e0 fffff880`04b29168 : fffffa80`1b77e790 fffffa80`1b6afd50 00000000`00000000 fffff880`00802008 : NDIS!NdisFreeNetBufferListContext+0x58

fffff880`02384610 fffff880`00f5b8d4 : fffffa80`1b52f1a0 00000000`00000000 00000000`00000001 00000000`000005d0 : cpqteam+0x8168

fffff880`02384660 fffff880`00f9217b : fffffa80`1b641ba0 fffffa80`1b52f1a0 00000000`00000001 fffff880`00ed61a7 : NDIS!ndisReturnNetBufferListsInternal+0x94

fffff880`023846a0 fffff880`01c520c6 : 00000000`00000000 00000000`00000001 00000000`00000000 fffffa80`21295b90 : NDIS!NdisReturnNetBufferLists+0x3b

fffff880`023846e0 fffff880`00e60c58 : fffffa80`20db4e20 00000000`0000000d 00000000`0000000f fffff8a0`108c2000 : tcpip!FlpReturnNetBufferListChain+0x96

fffff880`02384730 fffff880`01c8998f : 00000000`00000000 fffff880`02384a01 fffff880`02384700 fffffa80`00000014 : NETIO!NetioDereferenceNetBufferListChain+0x518

fffff880`02384800 fffff880`01c5dde5 : fffff880`049bbe00 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!TcpFlushDelay+0x13f

fffff880`023848e0 fffff880`01c56137 : fffffa80`1a977510 fffffa80`1a910910 fffffa80`00007af4 00000000`0000001d : tcpip!TcpPreValidatedReceive+0x3e5

fffff880`023849b0 fffff880`01c55caa : 00000000`00000000 fffff880`01d6ca10 fffff880`02384b70 fffff8a0`03953000 : tcpip!IppDeliverListToProtocol+0x97

fffff880`02384a70 fffff880`01c55261 : 00000000`00009918 00000000`00000002 00000000`0000000d fffff880`02384b60 : tcpip!IppProcessDeliverList+0x5a

fffff880`02384b10 fffff880`01c52eef : 00000000`bb3e7099 fffff880`01d6ca10 00000000`00000000 00000000`00000000 : tcpip!IppReceiveHeaderBatch+0x232

fffff880`02384c10 fffff880`01c524c2 : fffffa80`1b5f8a40 00000000`00000000 fffffa80`1b641b01 fffff800`0000001e : tcpip!IpFlcReceivePackets+0x64f

fffff880`02384e10 fffff880`01c518ea : fffffa80`1b641ba0 fffff880`02384f40 fffffa80`1b641ba0 00000000`00000000 : tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x2b2

fffff880`02384ef0 fffff800`01899ad8 : fffffa80`1b5c6c10 00000000`00004800 fffffa80`223ecb50 00000000`00000000 : tcpip!FlReceiveNetBufferListChainCalloutRoutine+0xda

fffff880`02384f40 fffff880`01c51fe2 : fffff880`01c51810 00000000`00000000 fffffa80`1b4bc102 fffff880`02386000 : nt!KeExpandKernelStackAndCalloutEx+0xd8

fffff880`02385020 fffff880`00f920eb : fffffa80`1b645010 00000000`00000000 fffffa80`1b52f1a0 fffff880`02386001 : tcpip!FlReceiveNetBufferListChain+0xb2

fffff880`02385090 fffff880`00f5bad6 : fffff880`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : NDIS!ndisMIndicateNetBufferListsToOpen+0xdb

fffff880`02385100 fffff880`00ed5ac1 : fffffa80`1b52f1a0 00000000`00000002 00000000`0000001e fffff800`01d2a37c : NDIS!ndisMDispatchReceiveNetBufferLists+0x1d6

fffff880`02385580 fffff880`04b2a746 : fffffa80`224da9b0 fffffa80`1b5c6c10 fffffa80`1b7c6000 00000000`00000001 : NDIS!NdisMIndicateReceiveNetBufferLists+0xc1

fffff880`023855d0 fffff880`04b2a64e : 00000000`00000000 00000000`00000000 fffffa80`00000000 fffff800`00000001 : cpqteam+0x9746

fffff880`02385640 fffff880`00f920eb : 00000000`0000000d fffff800`0195334b 00000000`00000003 fffffa80`1b6518d0 : cpqteam+0x964e

fffff880`02385720 fffff880`00f5bc75 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`1b641ba0 : NDIS!ndisMIndicateNetBufferListsToOpen+0xdb

fffff880`02385790 fffff880`00ed5ac1 : fffffa80`1b4bc1a0 00001f80`00380200 00000000`00000200 fffff880`04a2b499 : NDIS!ndisMDispatchReceiveNetBufferLists+0x375

fffff880`02385c10 fffff880`04a5ff34 : fffffa80`1b653000 fffff880`02385d00 00000000`0000001e fffffa80`1b5c6c10 : NDIS!NdisMIndicateReceiveNetBufferLists+0xc1

fffff880`02385c60 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : b57nd60a+0x48f34

STACK_COMMAND:  kb

FOLLOWUP_IP:

cpqteam+8168

fffff880`04b29168 4d85e4          test    r12,r12

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  cpqteam+8168

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  hardware

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MODULE_NAME: hardware

FAILURE_BUCKET_ID:  X64_IP_MISALIGNED

BUCKET_ID:  X64_IP_MISALIGNED

Followup: MachineOwner

---------

4: kd> !analyze -v

*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)

An attempt was made to access a pageable (or completely invalid) address at an

interrupt request level (IRQL) that is too high.  This is

caused by drivers that have corrupted the system pool.  Run the driver

verifier against any new (or suspect) drivers, and if that doesn't turn up

the culprit, then use gflags to enable special pool.

Arguments:

Arg1: ffffffff3bbc8128, memory referenced

Arg2: 0000000000000002, IRQL

Arg3: 0000000000000001, value 0 = read operation, 1 = write operation

Arg4: fffff800019c3fad, address which referenced memory

Debugging Details:

------------------

PEB is paged out (Peb.Ldr = 000007ff`fffd9018).  Type ".hh dbgerr001" for details

PEB is paged out (Peb.Ldr = 000007ff`fffd9018).  Type ".hh dbgerr001" for details

BUGCHECK_STR:  0xC5_2

CURRENT_IRQL:  2

FAULTING_IP:

nt!ExFreePoolWithTag+20d

fffff800`019c3fad 1080080000ff    adc     byte ptr [rax-0FFFFF8h],al

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  Volvo.PLS.Prep

TRAP_FRAME:  fffff880023843a0 -- (.trap 0xfffff880023843a0)

NOTE: The trap frame does not contain all registers.

Some register values may be zeroed or incorrect.

rax=ffffffff3cbc8120 rbx=0000000000000000 rcx=0000000000002224

rdx=fffff88002363000 rsi=0000000000000000 rdi=0000000000000000

rip=fffff800019c3fad rsp=fffff88002384530 rbp=0000000000000000

r8=0000000000011120  r9=0000000000000050 r10=fffff8000181a000

r11=00000000000006d4 r12=0000000000000000 r13=0000000000000000

r14=0000000000000000 r15=0000000000000000

iopl=0         nv up ei ng nz na pe cy

nt!ExFreePoolWithTag+0x20d:

fffff800`019c3fad 1080080000ff    adc     byte ptr [rax-0FFFFF8h],al ds:0050:ffffffff`3bbc8128=??

Resetting default scope

MISALIGNED_IP:

nt!ExFreePoolWithTag+20d

fffff800`019c3fad 1080080000ff    adc     byte ptr [rax-0FFFFF8h],al

LAST_CONTROL_TRANSFER:  from fffff8000188c769 to fffff8000188d1c0

STACK_TEXT: 

fffff880`02384258 fffff800`0188c769 : 00000000`0000000a ffffffff`3bbc8128 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx

fffff880`02384260 fffff800`0188b3e0 : fffffa80`285cf020 fffff880`01c16dd7 00000000`00000000 fffffa80`217a5510 : nt!KiBugCheckDispatch+0x69

fffff880`023843a0 fffff800`019c3fad : fffffa80`217a5510 00000000`00000050 00000000`00000002 00000000`00000000 : nt!KiPageFault+0x260

fffff880`02384530 fffff880`00edf568 : fffffa80`1b5b8370 fffffa80`28481000 fffffa80`4449544e fffffa80`000006cc : nt!ExFreePoolWithTag+0x20d

fffff880`023845e0 fffff880`04b29168 : fffffa80`1b77e790 fffffa80`1b6afd50 00000000`00000000 fffff880`00802008 : NDIS!NdisFreeNetBufferListContext+0x58

fffff880`02384610 fffff880`00f5b8d4 : fffffa80`1b52f1a0 00000000`00000000 00000000`00000001 00000000`000005d0 : cpqteam+0x8168

fffff880`02384660 fffff880`00f9217b : fffffa80`1b641ba0 fffffa80`1b52f1a0 00000000`00000001 fffff880`00ed61a7 : NDIS!ndisReturnNetBufferListsInternal+0x94

fffff880`023846a0 fffff880`01c520c6 : 00000000`00000000 00000000`00000001 00000000`00000000 fffffa80`21295b90 : NDIS!NdisReturnNetBufferLists+0x3b

fffff880`023846e0 fffff880`00e60c58 : fffffa80`20db4e20 00000000`0000000d 00000000`0000000f fffff8a0`108c2000 : tcpip!FlpReturnNetBufferListChain+0x96

fffff880`02384730 fffff880`01c8998f : 00000000`00000000 fffff880`02384a01 fffff880`02384700 fffffa80`00000014 : NETIO!NetioDereferenceNetBufferListChain+0x518

fffff880`02384800 fffff880`01c5dde5 : fffff880`049bbe00 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!TcpFlushDelay+0x13f

fffff880`023848e0 fffff880`01c56137 : fffffa80`1a977510 fffffa80`1a910910 fffffa80`00007af4 00000000`0000001d : tcpip!TcpPreValidatedReceive+0x3e5

fffff880`023849b0 fffff880`01c55caa : 00000000`00000000 fffff880`01d6ca10 fffff880`02384b70 fffff8a0`03953000 : tcpip!IppDeliverListToProtocol+0x97

fffff880`02384a70 fffff880`01c55261 : 00000000`00009918 00000000`00000002 00000000`0000000d fffff880`02384b60 : tcpip!IppProcessDeliverList+0x5a

fffff880`02384b10 fffff880`01c52eef : 00000000`bb3e7099 fffff880`01d6ca10 00000000`00000000 00000000`00000000 : tcpip!IppReceiveHeaderBatch+0x232

fffff880`02384c10 fffff880`01c524c2 : fffffa80`1b5f8a40 00000000`00000000 fffffa80`1b641b01 fffff800`0000001e : tcpip!IpFlcReceivePackets+0x64f

fffff880`02384e10 fffff880`01c518ea : fffffa80`1b641ba0 fffff880`02384f40 fffffa80`1b641ba0 00000000`00000000 : tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x2b2

fffff880`02384ef0 fffff800`01899ad8 : fffffa80`1b5c6c10 00000000`00004800 fffffa80`223ecb50 00000000`00000000 : tcpip!FlReceiveNetBufferListChainCalloutRoutine+0xda

fffff880`02384f40 fffff880`01c51fe2 : fffff880`01c51810 00000000`00000000 fffffa80`1b4bc102 fffff880`02386000 : nt!KeExpandKernelStackAndCalloutEx+0xd8

fffff880`02385020 fffff880`00f920eb : fffffa80`1b645010 00000000`00000000 fffffa80`1b52f1a0 fffff880`02386001 : tcpip!FlReceiveNetBufferListChain+0xb2

fffff880`02385090 fffff880`00f5bad6 : fffff880`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : NDIS!ndisMIndicateNetBufferListsToOpen+0xdb

fffff880`02385100 fffff880`00ed5ac1 : fffffa80`1b52f1a0 00000000`00000002 00000000`0000001e fffff800`01d2a37c : NDIS!ndisMDispatchReceiveNetBufferLists+0x1d6

fffff880`02385580 fffff880`04b2a746 : fffffa80`224da9b0 fffffa80`1b5c6c10 fffffa80`1b7c6000 00000000`00000001 : NDIS!NdisMIndicateReceiveNetBufferLists+0xc1

fffff880`023855d0 fffff880`04b2a64e : 00000000`00000000 00000000`00000000 fffffa80`00000000 fffff800`00000001 : cpqteam+0x9746

fffff880`02385640 fffff880`00f920eb : 00000000`0000000d fffff800`0195334b 00000000`00000003 fffffa80`1b6518d0 : cpqteam+0x964e

fffff880`02385720 fffff880`00f5bc75 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`1b641ba0 : NDIS!ndisMIndicateNetBufferListsToOpen+0xdb

fffff880`02385790 fffff880`00ed5ac1 : fffffa80`1b4bc1a0 00001f80`00380200 00000000`00000200 fffff880`04a2b499 : NDIS!ndisMDispatchReceiveNetBufferLists+0x375

fffff880`02385c10 fffff880`04a5ff34 : fffffa80`1b653000 fffff880`02385d00 00000000`0000001e fffffa80`1b5c6c10 : NDIS!NdisMIndicateReceiveNetBufferLists+0xc1

fffff880`02385c60 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : b57nd60a+0x48f34

STACK_COMMAND:  kb

FOLLOWUP_IP:

cpqteam+8168

fffff880`04b29168 4d85e4          test    r12,r12

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  cpqteam+8168

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  hardware

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MODULE_NAME: hardware

FAILURE_BUCKET_ID:  X64_IP_MISALIGNED

BUCKET_ID:  X64_IP_MISALIGNED

Followup: MachineOwner

---------

4: kd> lmvm hardware

start             end                 module name

Please let me know if you need any other information on this

Hello,

Well like the title says I recently migrated my two AD controllers to 2012 R2. It went well but for the next couple of months I'm still using another Windows 2003 Server for RRAS. Every since the migration its given me all sorta of issues though. I can log onto just fine, lets VPN users log into the network, pulls down an DHCP address from the new AD controller, etc...but some of my users get errors when trying to log on. Most notably "there are no logon servers available"...etc.

In addition I can no longer see my VPN server on the network. I can ping it, resolve the computer name, but I just can't see it. In addition it cannot browse the domain in network neighborhood so I'm thinking this might be part of the problem.

NetBIOS is enabled and NSlookup shows the current AD controller as well.

Thanks,

Craig

Dear All,

I have MAC address of machineA. I need to know the IP of the machineA which is in a network. How to resolve the IP? Anyone please help me. Mail me at jayakumar.rajendran@hotmail.com

Reg,

Jay

Hello everyone, and thank you in advance for any possible support.

Note:  All identifying server/domain names have been replaced with "CORP" "Sub" and "Sibling" where appropriate.  Our forest consists of 3 domains - two which are 'siblings' at the top, CORP and Sibling, (corp being the primarily used one), and one which is a 'child' of Corp (Sub).

Today we identified that on one of my domain controllers (named for this post, CORP-DC6) we are unable to open ADUC. This is only one of our 8 DC's, and it does not hold any FSMO roles; the only two important pieces on this server is that it's where we manage our OCS from (we use ADUC on this system to enable a user for OCS, create SIP addresses, etc) and that Certification Authority is installed on the system.

Attempting to open ADUC gives error "Naming information cannot be located because: The target principal name is incorrect."

Web searches for this prompted me to check DNS for issues.  In looking into DNS, I found that the system was somehow assigned a different IP address than it should have (it was now at 192.168.1.124 instead of 192.168.1.290 where it should have been). I moved the IP address back to the correct IP, and rebooted.  

The issue was still there, so I continued searching; which lead me to a suggestion to check out my netlogon service.  I found that the Netlogon service was NOT running.   When attempting to start the service, it fails and I am presented wih the following error in the System event log:

Log Name:      System
Source:        Service Control Manager
Date:          7/24/2013 10:54:59 AM
Event ID:      7023
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      CORP-DC6.corp.com
Description:
The Netlogon service terminated with the following error:
%%-1073741724
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" /><EventID Qualifiers="49152">7023</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime="2013-07-24T14:54:59.175664400Z" /><EventRecordID>850085</EventRecordID><Correlation /><Execution ProcessID="496" ThreadID="584" /><Channel>System</Channel><Computer>CORP-DC6.corp.om</Computer><Security /></System><EventData><Data Name="param1">Netlogon</Data><Data Name="param2">%%-1073741724</Data></EventData></Event>

Additionally, there is also this error:

Log Name:      System
Source:        NETLOGON
Date:          7/24/2013 10:54:59 AM
Event ID:      5602
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      CORP-DC6.corp.com
Description:
An internal error occurred while accessing the computer's local or network security database.
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="NETLOGON" /><EventID Qualifiers="0">5602</EventID><Level>2</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime="2013-07-24T14:54:59.000000000Z" /><EventRecordID>850083</EventRecordID><Channel>System</Channel><Computer>CORP-DC6.corp.com</Computer><Security /></System><EventData><Data>%%1317</Data><Binary>640000C0</Binary></EventData></Event>

At this point, I've read a bunch of stuff online and not really found anything that has helped nor seemed completely relevant.

Additional Info that may help out:

• When I open Server Manager, it seems to think the local system's name is WIN-3OL3DIFK4S instead of CORP-DC6; similarly opening Device Manager from w/in Server manger gives a message about managing a remote system; even though I am managing the local system.
• There are additional errors in the System and Application log which are certainly issues, but I do not know if they pertain to the main issue at hand here or not.

Log Name:      System
Source:        Microsoft-Windows-GroupPolicy
Date:          7/24/2013 10:55:04 AM
Event ID:      1055
Task Category: None
Level:         Error
Keywords:
User:          SYSTEM
Computer:      CORP-DC6.corp.com
Description:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" /><EventID>1055</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>1</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime="2013-07-24T14:55:04.448473700Z" /><EventRecordID>850088</EventRecordID><Correlation ActivityID="{582C2637-5A99-47AE-B50C-C1A063DDABDC}" /><Execution ProcessID="888" ThreadID="1056" /><Channel>System</Channel><Computer>CORP-DC6.corp.com</Computer><Security UserID="S-1-5-18" /></System><EventData><Data Name="SupportInfo1">1</Data><Data Name="SupportInfo2">1632</Data><Data Name="ProcessingMode">1</Data><Data Name="ProcessingTimeInMilliseconds">11762</Data><Data Name="ErrorCode">5</Data><Data Name="ErrorDescription">Access is denied. </Data></EventData></Event>

Log Name:      System
Source:        LsaSrv
Date:          7/24/2013 10:55:13 AM
Event ID:      40961
Task Category: None
Level:         Warning
Keywords:
User:          SYSTEM
Computer:      CORP-DC6.corp.com
Description:
The Security System could not establish a secured connection with the server ldap/corp-dc1.corp.com/corp.com@CORP.COM. No authentication protocol was available.
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="LsaSrv" Guid="{199FE037-2B82-40A9-82AC-E1D46C792B99}" /><EventID>40961</EventID><Version>0</Version><Level>3</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime="2013-07-24T14:55:13.262489200Z" /><EventRecordID>850092</EventRecordID><Correlation /><Execution ProcessID="504" ThreadID="1332" /><Channel>System</Channel><Computer>CORP-DC6.corp.com</Computer><Security UserID="S-1-5-18" /></System><EventData><Data Name="Target">ldap/CORP-dc1.corp.com/corp.com@OCORP.COM</Data></EventData></Event>

Log Name:      System
Source:        Microsoft-Windows-DfsSvc
Date:          7/24/2013 10:55:24 AM
Event ID:      14548
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      CORP-DC6.corp.com
Description:
The DFS Namespace service could not initialize the trusted domain information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-DfsSvc" Guid="{7DA4FE0E-FD42-4708-9AA5-89B77A224885}" EventSourceName="DfsSvc" /><EventID Qualifiers="49152">14548</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime="2013-07-24T14:55:24.000000000Z" /><EventRecordID>850102</EventRecordID><Correlation /><Execution ProcessID="0" ThreadID="0" /><Channel>System</Channel><Computer>CORP-DC6.corp.com</Computer><Security /></System><EventData Name="DfsNoTrustedDomainInfo"><Binary>B5060000</Binary></EventData></Event>

Log Name:      System
Source:        Microsoft-Windows-Security-Kerberos
Date:          7/24/2013 10:57:44 AM
Event ID:      4
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      CORP-DC6.corp.com
Description:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/corp-dc1.corp.com. The target name used was cifs/corp-dc1.corp.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (CORP.COM) is different from the client domain (CORP.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-Security-Kerberos" Guid="{98E6CFCB-EE0A-41E0-A57B-622D4E1B30B1}" EventSourceName="Kerberos" /><EventID Qualifiers="16384">4</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime="2013-07-24T14:57:44.000000000Z" /><EventRecordID>850163</EventRecordID><Correlation /><Execution ProcessID="0" ThreadID="0" /><Channel>System</Channel><Computer>CORP-DC6.CORP.com</Computer><Security /></System><EventData><Data Name="Server">host/corp-dc1.corp.com</Data><Data Name="TargetRealm">CORP.COM</Data><Data Name="Targetname">cifs/corp-dc1.corp.com</Data><Data Name="ClientRealm">CORP.COM</Data><Binary></Binary></EventData></Event>

• There are also the following errors in the Application event log

Log Name:      Application
Source:        Microsoft-Windows-CertificationAuthority
Date:          7/24/2013 10:55:13 AM
Event ID:      91
Task Category: None
Level:         Error
Keywords:      Classic
User:          SYSTEM
Computer:      CORP-DC6.corp.com
Description:
Could not connect to the Active Directory.  Active Directory Certificate Services will retry when processing requires Active Directory access.
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-CertificationAuthority" Guid="{6A71D062-9AFE-4F35-AD08-52134F85DFB9}" EventSourceName="CertSvc" /><EventID Qualifiers="49754">91</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime="2013-07-24T14:55:13.000000000Z" /><EventRecordID>254767</EventRecordID><Correlation /><Execution ProcessID="0" ThreadID="0" /><Channel>Application</Channel><Computer>CORP-DC6.corp.com</Computer><Security UserID="S-1-5-18" /></System><EventData Name="MSG_E_DS_RETRY"></EventData></Event>

Log Name:      Application
Source:        Microsoft-Windows-CertificationAuthority
Date:          7/24/2013 10:55:30 AM
Event ID:      44
Task Category: None
Level:         Error
Keywords:      Classic
User:          SYSTEM
Computer:      CORP-DC6.corp.com
Description:
The "Windows default" Policy Module "Initialize" method returned an error. Logon failure: unknown user name or bad password. The returned status code is 0x8007052e (1326).  The Active Directory containing the Certification Authority could not be contacted.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-CertificationAuthority" Guid="{6A71D062-9AFE-4F35-AD08-52134F85DFB9}" EventSourceName="CertSvc" /><EventID Qualifiers="49754">44</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime="2013-07-24T14:55:30.000000000Z" /><EventRecordID>254773</EventRecordID><Correlation /><Execution ProcessID="0" ThreadID="0" /><Channel>Application</Channel><Computer>CORP-DC6.corp.com</Computer><Security UserID="S-1-5-18" /></System><EventData Name="MSG_E_POLICY_ERROR"><Data Name="PolicyModuleDescription">Windows default</Data><Data Name="MethodName">Initialize</Data><Data Name="ErrorCode">0x8007052e (1326)</Data><Data Name="param4">The Active Directory containing the Certification Authority could not be contacted.</Data><Data Name="ErrorString">Logon failure: unknown user name or bad password.</Data></EventData></Event>

Log Name:      Application
Source:        Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Date:          7/24/2013 10:55:31 AM
Event ID:      6
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      CORP-DC6.corp.com
Description:
Automatic certificate enrollment for local system failed (0x8007052e) Logon failure: unknown user name or bad password.
.
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-CertificateServicesClient-AutoEnrollment" Guid="{F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43}" EventSourceName="AutoEnrollment" /><EventID Qualifiers="16384">6</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime="2013-07-24T14:55:31.000000000Z" /><EventRecordID>254775</EventRecordID><Correlation /><Execution ProcessID="0" ThreadID="0" /><Channel>Application</Channel><Computer>CORP-DC6.corp.com</Computer><Security /></System><EventData><Data Name="Context">local system</Data><Data Name="ErrorCode">0x8007052e</Data><Data Name="ErrorMsg">Logon failure: unknown user name or bad password.</Data></EventData></Event>

Link to output of DCDiag on pastebin: http://pastebin.com/VFPTcEGT

Smply based on a quick look through of the dcdiag and the various event log messages, It seems to me that the NetLogon service not starting up is causing most of the errors; but I am not aware of how to get it to start up.

I just had an epic Windows failure. Overnighted RAID config to Kroll and waiting to see if they can recover data. In the mean time I bought new hard drives for the server and am just starting over with a fresh install of Server 2008. This machine is the only domain controller on our network. The guy that set it up originally, used our website address as the domain and it causes DNS issues here and there and I prefer not to have the issues at all.

If I name the domain on the new server something different, is it going to trigger new user profiles for users as I join those work stations to the new DC?

tagremotehelp

Hello:

We currently use VMWare linked clones. The name of the template is EXAMPLE01. When the guest VM is created, it runs through sysprep and joins the VM to the domain. The VM shows in Active Directory and is displayed correctly in the system information screen.

If I run RSOP or GPRESULT, in the "Computers Settings" section of the results, it lists the name of the VM template (not the guest VM name). In "User Settings", it displays the name correctly (listed as REALVMNAME). This is preventing our group policy from reaching the guest VM.

Can you help me determine what is causing this?

I have already tried this: https://social.technet.microsoft.com/Forums/windowsserver/en-US/f842852f-2257-4f9f-b574-4c08a65f6c04/gpresult-return-different-domain-type-for-computer-user

and this: http://serverfault.com/questions/571907/rsop-resolves-wrong-computer-name

Hey guys,

For a checksur repair, i'm in need for a few files. My other server 2008 r2 doesn't have these files.

Is anyone able to send me a copy? 

Thanks you very much!

Roy

Hi All,

Recently we built a physical Windows 2012 R2 server, since last month we see repeated number of Error Events in Application Log :

Error ID 2001 - Source : Usbperf

Unable to read the "First Counter" value under the usbperf\Performance Key. Status codes returned in data.

On running Perfmon the usbperf counter is missing from it

We already tried lodctr /r for System32 and SysWOW64 to rebuild the counters but still errors are getting generated.

Could you please let me know what else could be done to troubleshoot this error?

I already went through and tried rebuilding the counters 

https://social.technet.microsoft.com/Forums/windows/en-US/eff5eeb6-e173-446e-9c79-841918087274/perflib-event-id-1008-1001-1023-2001-on-net-asp-bits-dns-esent-usbperf?forum=winservergen

Thanks

Hi,

I have one computer running Windows 7 and Virtual PC 2010 installed on this machine. And on the Virtual PC 2010, Windows 7 is running. But the physical machine have been crashed a few times due to the BSOD. I have pasted two results of BSOD.

First result (12/24/14-13:88)

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff880063ade54, fffff88007003be0, 0}

Probably caused by : rdpdr.sys ( rdpdr!CTransportVC::CloseChannels+18 )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff880063ade54, Address of the instruction which caused the bugcheck
Arg3: fffff88007003be0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP:
rdpdr!CTransportVC::CloseChannels+18
fffff880`063ade54 488b4148        mov     rax,qword ptr [rcx+48h]

CONTEXT:  fffff88007003be0 -- (.cxr 0xfffff88007003be0)
rax=0000000000000001 rbx=00000000c000010a rcx=0000000000000000
rdx=0000000000000000 rsi=fffffa8003af6de0 rdi=fffffa8003af6de0
rip=fffff880063ade54 rsp=fffff880070045c0 rbp=0000000000000000
 r8=0000000000000000  r9=0000000000000510 r10=fffff80002e56000
r11=00000000000001ee r12=0000000000000001 r13=0000000000000b7c
r14=0000000000000003 r15=fffffa800737dd90
iopl=0         nv up ei ng nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010286
rdpdr!CTransportVC::CloseChannels+0x18:
fffff880`063ade54 488b4148        mov     rax,qword ptr [rcx+48h] ds:002b:00000000`00000048=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  svchost.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff880063aad7b to fffff880063ade54

STACK_TEXT:  
fffff880`070045c0 fffff880`063aad7b : 00000000`c000010a 00000000`00000000 fffffa80`03af6de0 fffff800`02eed682 : rdpdr!CTransportVC::CloseChannels+0x18
fffff880`07004600 fffff880`063aacd8 : 00000000`c000010a fffff880`070047c0 fffffa80`03af6de0 fffff880`070047c0 : rdpdr!CVCSession::Disconnect+0x7b
fffff880`07004650 fffff880`063aa4ed : 00000000`00000000 fffff880`070047c0 fffffa80`07387db0 fffffa80`0737dd90 : rdpdr!CVCSession::Connect+0x2cc
fffff880`07004720 fffff880`063ac0fc : 00000000`00000b7c fffffa80`0737dd90 00000000`05f3e3d0 00000000`00000040 : rdpdr!CDynVC::NotifySessionConnected+0xf9
fffff880`07004770 fffff880`063aa020 : fffff880`07004948 fffff800`02e56000 fffffa80`03d49220 fffff800`02edcb91 : rdpdr!CFileVC::DeviceIoControl+0x15c
fffff880`07004850 fffff880`06399a19 : fffffa80`03d49220 00000000`00000000 00000000`00000001 00000000`00000001 : rdpdr!DYNVC_Dispatch+0x70
fffff880`07004880 fffff800`031e8e67 : fffffa80`087ddb20 fffffa80`087ddb20 fffff880`07004b60 fffffa80`03d49220 : rdpdr!DrPeekDispatch+0x61
fffff880`070048d0 fffff800`031e96c6 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x607
fffff880`07004a00 fffff800`02ecae53 : 00000000`00000018 00000000`05f3eba0 00000000`05f3e8c0 00000000`02ff1a70 : nt!NtDeviceIoControlFile+0x56
fffff880`07004a70 00000000`77cd132a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`05f3e248 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77cd132a


FOLLOWUP_IP:
rdpdr!CTransportVC::CloseChannels+18
fffff880`063ade54 488b4148        mov     rax,qword ptr [rcx+48h]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  rdpdr!CTransportVC::CloseChannels+18

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: rdpdr

IMAGE_NAME:  rdpdr.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4ce7abc1

STACK_COMMAND:  .cxr 0xfffff88007003be0 ; kb

FAILURE_BUCKET_ID:  X64_0x3B_rdpdr!CTransportVC::CloseChannels+18

BUCKET_ID:  X64_0x3B_rdpdr!CTransportVC::CloseChannels+18

Followup: MachineOwner
---------

Second result (12/29/14-12:18)

Use !analyze -v to get detailed debugging information.

BugCheck 101, {31, 0, fffff880031d7180, 3}

Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

CLOCK_WATCHDOG_TIMEOUT (101)
An expected clock interrupt was not received on a secondary processor in an
MP system within the allocated interval. This indicates that the specified
processor is hung and not processing interrupts.
Arguments:
Arg1: 0000000000000031, Clock interrupt time out interval in nominal clock ticks.
Arg2: 0000000000000000, 0.
Arg3: fffff880031d7180, The PRCB address of the hung processor.
Arg4: 0000000000000003, 0.

Debugging Details:
------------------


BUGCHECK_STR:  CLOCK_WATCHDOG_TIMEOUT_4_PROC

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  rundll32.exe

CURRENT_IRQL:  d

STACK_TEXT:  
fffff880`0684d0c8 fffff800`02f24a4a : 00000000`00000101 00000000`00000031 00000000`00000000 fffff880`031d7180 : nt!KeBugCheckEx
fffff880`0684d0d0 fffff800`02ed76f7 : fffff880`00000000 fffff800`00000003 00000000`00002711 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x4e3e
fffff880`0684d160 fffff800`02e19895 : fffff800`02e3f460 fffff880`0684d310 fffff800`02e3f460 fffffa80`00000000 : nt!KeUpdateSystemTime+0x377
fffff880`0684d260 fffff800`02eca113 : 00000000`3ca0ff6e fffff800`03048e80 fa8003eb`01380420 fffffa80`090d48e0 : hal!HalpHpetClockInterrupt+0x8d
fffff880`0684d290 fffff800`02ed29f6 : fffff800`03048e80 fffff800`00000001 00000000`00000000 fffff880`0684d548 : nt!KiInterruptDispatchNoLock+0x163
fffff880`0684d420 fffff800`02ea78e6 : 00000000`00000002 fffffa80`03eb0010 fffff6fc`c00b03c0 fffffa80`095d3600 : nt!KeFlushMultipleRangeTb+0x266
fffff880`0684d4f0 fffff800`0318f688 : fffff980`16078000 fffff980`00000000 fffffa80`03eb0010 fffffa80`03eb0000 : nt!MiRemoveMappedPtes+0x532
fffff880`0684d640 fffff800`0318e260 : fffff980`00000000 fffff6fc`c00b03c0 00000000`0000000c 00000000`00000004 : nt!MiUnmapImageInSystemCache+0x2c
fffff880`0684d680 fffff800`031cc01c : fffff8a0`03b2fbb0 fffff880`0684d878 00000000`000000b5 00000000`00000000 : nt!MiRelocateImage+0x630
fffff880`0684d7f0 fffff800`031a8b2e : fffff880`0684da40 fffff880`0684db60 00000000`00000000 00000000`00000001 : nt!MmCreateSection+0x8bc
fffff880`0684d9f0 fffff800`02ecce53 : fffffa80`095d3600 00000000`000db188 fffff880`0684da88 00000000`00000000 : nt!NtCreateSection+0x171
fffff880`0684da70 00000000`776f175a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`000db168 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x776f175a


STACK_COMMAND:  kb

SYMBOL_NAME:  ANALYSIS_INCONCLUSIVE

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Unknown_Module

IMAGE_NAME:  Unknown_Image

DEBUG_FLR_IMAGE_TIMESTAMP:  0

FAILURE_BUCKET_ID:  X64_CLOCK_WATCHDOG_TIMEOUT_4_PROC_ANALYSIS_INCONCLUSIVE

BUCKET_ID:  X64_CLOCK_WATCHDOG_TIMEOUT_4_PROC_ANALYSIS_INCONCLUSIVE

Followup: MachineOwner
---------