Looks like the issue is in win32k.sys. Thanks for your help.
Kevin
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
The IO manager has caught a misbehaving driver.
Arguments:
Arg1: 0000000c, Invalid IOSB in IRP at APC IopCompleteRequest (appears to be on
stack that was unwound)
Arg2: b94f2784, IOSB address
Arg3: 00000000, IRP address
Arg4: 00000000, 0
Debugging Details:
------------------
BUGCHECK_STR: 0xc9_c
DRIVER_VERIFIER_IO_VIOLATION_TYPE: c
IOSB_ADDRESS: ffffffffb94f2784
IRP_ADDRESS: 8b136f68
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
PROCESS_NAME: explorer.exe
CURRENT_IRQL: 1
LAST_CONTROL_TRANSFER: from 809d6763 to 8087c4a0
STACK_TEXT:
b94f2b78 809d6763 000000c9 0000000c b94f2784 nt!KeBugCheckEx+0x1b
b94f2b94 8085a07f 8b136fa8 b94f2c30 b94f2c34 nt!IovpCompleteRequest+0x4e
b94f2bec 80840ac9 8b136fa8 b94f2c38 b94f2c2c nt!IopCompleteRequest+0x3a
b94f2c3c 80840ff5 00000000 00000000 00000000 nt!KiDeliverApc+0xbb
b94f2c4c 808662cb 00000300 00000001 00000000 nt!KiCheckForKernelApcDelivery+0x1c
b94f2cc0 8093ea21 01a5e000 00000300 00000002 nt!MiSecureVirtualMemory+0x6a8
b94f2cd8 bf85b06d 01a5cde8 00000300 00000002 nt!MmSecureVirtualMemory+0x15
b94f2d1c 80833bef 050101ea 00000000 00000000 win32k!NtGdiSetDIBitsToDeviceInternal+0x69
b94f2d1c 7c8285ec 050101ea 00000000 00000000 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0134ea8c 00000000 00000000 00000000 00000000 0x7c8285ec
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!NtGdiSetDIBitsToDeviceInternal+69
bf85b06d 8945e0 mov dword ptr [ebp-20h],eax
SYMBOL_STACK_INDEX: 7
SYMBOL_NAME: win32k!NtGdiSetDIBitsToDeviceInternal+69
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 48ce617a
FAILURE_BUCKET_ID: 0xc9_c_win32k!NtGdiSetDIBitsToDeviceInternal+69
BUCKET_ID: 0xc9_c_win32k!NtGdiSetDIBitsToDeviceInternal+69
Followup: MachineOwner
From: "Jeremy Saunders" [mailto:Jeremy.Saunders@datacom.com.au]
Sent: Monday, November 10, 2008 11:27 AM
To: thin
Subject: [THIN] Re: Interesting Problem
Hi Kevin,
Sounds like maybe an issue with the Citrix CDM.sys (Client Device Mapping) driver. Have you got a memory dump? http://www.jhouseconsulting.com/articles/analysing_and_debugging_memory_dumps.html
Cheers,
Jeremy.
From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Kevin Boatright
Sent: Tuesday, November 11, 2008 1:05 AM
To: thin@freelists.org
Subject: [THIN] Re: Interesting Problem
I used msconfig to disable everything I could on both the workstation and the server and still experience the same issue.
From: "Jim Kenzig http://thin.ms" [mailto:jkenzig@gmail.com]
Sent: Friday, November 07, 2008 3:28 PM
To: <thin@freelists.org>
Subject: [THIN] Re: Interesting Problem
We had this start start happening right after we installed an update to the HP management agents. Don't happen to have HP servers and have done that do you? Try going to msconfig and disabling all non microsoft sevices and see if the blue screen goes away at reboot.
Jim Kenzig
Blog: http://www.techblink.com
On Fri, Nov 7, 2008 at 1:36 PM, Kevin Boatright <boatrke1@memorialhealth.com> wrote:
We have had issues with our servers blue screening throughout the day. We have identified one device that has been causing the issue. There server blue screens whenever the client tries to access the local drive.
Current configuration:
Server:
Windows 2K3 SP3
PS 4.0 RO5
Client:
Windows 2K SP4
ICA Client 10.2
I have run process monitor on the Windows 2K client when the server blue screens. The ICA client (wfica32.exe) is trying to access a file on the client in the root of the C: drive called smitfraudfix.exe. I can move the smitfraudfix.exe file out of the root of C:\ and the issue is resolved. I have put other .exe files in the root of C: after moving the smitfraudfix.exe out and the issue does not occur. As soon as I put the smitfraud.exe file back into the root of C:\ on the local device, launch a Citrix session to a published desktop and access the client C: drive the server blue screens. Anyone ever experience this type of issue?
Thanks,
Kevin
Confidentiality and Privilege Notice
This document is intended solely for the named addressee. The information contained in the pages is confidential and contains legally privileged information. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone, and you should destroy this message and kindly notify the sender by reply email. Confidentiality and legal privilege are not waived or lost by reason of mistaken delivery to you.
No comments:
Post a Comment