[THIN] Re: Interesting Problem

• From: "Kevin Boatright" <boatrke1@xxxxxxxxxxxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Tue, 11 Nov 2008 12:39:29 -0500

Looks like the issue is in win32k.sys.  Thanks for your help.
 
Kevin
 
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
The IO manager has caught a misbehaving driver.
Arguments:
Arg1: 0000000c, Invalid IOSB in IRP at APC IopCompleteRequest (appears to be on
                stack that was unwound)
Arg2: b94f2784, IOSB address
Arg3: 00000000, IRP address
Arg4: 00000000, 0
Debugging Details:
------------------
BUGCHECK_STR:  0xc9_c
DRIVER_VERIFIER_IO_VIOLATION_TYPE:  c
IOSB_ADDRESS: ffffffffb94f2784
IRP_ADDRESS:  8b136f68
CUSTOMER_CRASH_COUNT:  2
DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP
PROCESS_NAME:  explorer.exe
CURRENT_IRQL:  1
LAST_CONTROL_TRANSFER:  from 809d6763 to 8087c4a0
STACK_TEXT:  
b94f2b78 809d6763 000000c9 0000000c b94f2784 nt!KeBugCheckEx+0x1b
b94f2b94 8085a07f 8b136fa8 b94f2c30 b94f2c34 nt!IovpCompleteRequest+0x4e
b94f2bec 80840ac9 8b136fa8 b94f2c38 b94f2c2c nt!IopCompleteRequest+0x3a
b94f2c3c 80840ff5 00000000 00000000 00000000 nt!KiDeliverApc+0xbb
b94f2c4c 808662cb 00000300 00000001 00000000 nt!KiCheckForKernelApcDelivery+0x1c
b94f2cc0 8093ea21 01a5e000 00000300 00000002 nt!MiSecureVirtualMemory+0x6a8
b94f2cd8 bf85b06d 01a5cde8 00000300 00000002 nt!MmSecureVirtualMemory+0x15
b94f2d1c 80833bef 050101ea 00000000 00000000 
win32k!NtGdiSetDIBitsToDeviceInternal+0x69
b94f2d1c 7c8285ec 050101ea 00000000 00000000 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0134ea8c 00000000 00000000 00000000 00000000 0x7c8285ec
STACK_COMMAND:  kb
FOLLOWUP_IP: 
win32k!NtGdiSetDIBitsToDeviceInternal+69
bf85b06d 8945e0          mov     dword ptr [ebp-20h],eax
SYMBOL_STACK_INDEX:  7
SYMBOL_NAME:  win32k!NtGdiSetDIBitsToDeviceInternal+69
FOLLOWUP_NAME:  MachineOwner
MODULE_NAME: win32k
IMAGE_NAME:  win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP:  48ce617a
FAILURE_BUCKET_ID:  0xc9_c_win32k!NtGdiSetDIBitsToDeviceInternal+69
BUCKET_ID:  0xc9_c_win32k!NtGdiSetDIBitsToDeviceInternal+69
Followup: MachineOwner
 
 
From: "Jeremy Saunders" [mailto:Jeremy.Saunders@xxxxxxxxxxxxxx] 
Sent: Monday, November 10, 2008 11:27 AM
To: thin
Subject: [THIN] Re: Interesting Problem
 
Hi Kevin,
 
Sounds like maybe an issue with the Citrix CDM.sys (Client Device Mapping) 
driver. Have you got a memory dump? 
http://www.jhouseconsulting.com/articles/analysing_and_debugging_memory_dumps.html
 
Cheers,
Jeremy.
 
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of 
Kevin Boatright
Sent: Tuesday, November 11, 2008 1:05 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Interesting Problem
 
I used msconfig to disable everything I could on both the workstation and the 
server and still experience the same issue.
 
From: "Jim Kenzig http://thin.ms"; [mailto:jkenzig@xxxxxxxxx] 
Sent: Friday, November 07, 2008 3:28 PM
To: <thin@xxxxxxxxxxxxx>
Subject: [THIN] Re: Interesting Problem
 
We had this start start happening right after we installed an update to the HP 
management agents.  Don't happen to have HP servers and have done that do you? 
Try going to msconfig and disabling all non microsoft sevices and see if the 
blue screen goes away at reboot.

Jim Kenzig 
Blog: http://www.techblink.com
On Fri, Nov 7, 2008 at 1:36 PM, Kevin Boatright <boatrke1@xxxxxxxxxxxxxxxxxx> 
wrote:
We have had issues with our servers blue screening throughout the day.  We have 
identified one device that has been causing the issue.  There server blue 
screens whenever the client tries to access the local drive.
 
Current configuration:
Server:
Windows 2K3 SP3
PS 4.0 RO5
 
Client:
Windows 2K SP4
ICA Client 10.2
 
I have run process monitor on the Windows 2K client when the server blue 
screens.  The ICA client (wfica32.exe) is trying to access a file on the client 
in the root of the C: drive  called smitfraudfix.exe.  I can move the 
smitfraudfix.exe file out of the root of C:\ and the issue is resolved.  I have 
put other .exe files in the root of C: after moving the smitfraudfix.exe out 
and the issue does not occur.  As soon as I put the smitfraud.exe file back 
into the root of C:\ on the local device, launch a Citrix session to a 
published desktop and access the client C: drive the server blue screens.  
Anyone ever experience this type of issue?
 
Thanks,
Kevin
 



Confidentiality and Privilege Notice 
This document is intended solely for the named addressee.  The information 
contained in the pages is confidential and contains legally privileged 
information. If you are not the addressee indicated in this message (or 
responsible for delivery of the message to such person), you may not copy or 
deliver this message to anyone, and you should destroy this message and kindly 
notify the sender by reply email. Confidentiality and legal privilege are not 
waived or lost by reason of mistaken delivery to you.

Other related posts:

• » [THIN] Interesting Problem
• » [THIN] Interesting Problem- Kevin Boatright
• » [THIN] Re: Interesting Problem- Raffensberger, Stephen D
• » [THIN] Re: Interesting Problem- Kevin Boatright
• » [THIN] Re: Interesting Problem- Jim Kenzig http://thin.ms
• » [THIN] Re: Interesting Problem- Kevin Boatright
• » [THIN] Re: Interesting Problem- Steve Snyder
• » [THIN] Re: Interesting Problem- Kevin Boatright
• » [THIN] Re: Interesting Problem- Jeremy Saunders
• » [THIN] Re: Interesting Problem - Kevin Boatright

1. Home
2. thin
3. Archive
4. 11-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---