Awesome choice...BSOD or Open season on viruses... Go Trend or Mcafee On Fri, 25 Mar 2005 17:01:01 -0600, Nick Gage <nickg@xxxxxxxxxxx> wrote: > All, > > This is NAV. I used to work for MS and we saw this all the time. If you > uninstall NAV, the BSOD will go away, but you will be vunerable. > > Thanks! > > Nick > > > -----Original Message----- > From: Rick Mack [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Rick Mack > Sent: Friday, March 25, 2005 4:50 PM > To: thin@xxxxxxxxxxxxx > Subject: RE: [THIN] Re: OT - debugging windows > > Hi Adam, > > Sorry, didn't state things at all clearly. > > I agree that it's definitely the TCP/IP stack. The whole thing is > sufficiently rare that chances are it could be a hardware/NIC driver issue. > > But, the Symantec driver is sitting there right in the middle of things. > Until it's out of the way you're not going to get a clear view of the > problem. And there's a possibility it could be part of the problem. > > regards, > > Rick > > Ulrich Mack > Volante Systems > Level 2, 30 Little Cribb Street > Coronation Drive Office Park > Milton Qld 4064 > tel: +61 7 32431847 > fax: +61 7 32431992 > rmack@xxxxxxxxxxxxxx > > _____ > > From: thin-bounce@xxxxxxxxxxxxx on behalf of Adam.Baum@xxxxxxxxxxxxxx > Sent: Sat 26/03/2005 1:17 AM > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Re: OT - debugging windows > > Hmm...I was reading the issue as being with the NIC or something since the > last few entries in the debug log point to TCP and N100325. The memory > referenced is in the 804xxxxxx range and the only thing I see in that range > are network calls. > > adam > > |---------+----------------------------> > | | "Rick Mack" | > | | <Rick.Mack@volant| > | | e.com.au> | > | | Sent by: | > | | thin-bounce@freel| > | | ists.org | > | | | > | | | > | | 03/25/2005 02:37 | > | | AM | > | | Please respond to| > | | thin | > | | | > |---------+----------------------------> > > >--------------------------------------------------------------------------- > ---------------------------------------------------| > | > | > | To: <thin@xxxxxxxxxxxxx> > | > | cc: > | > | Subject: [THIN] Re: OT - debugging windows > | > > >--------------------------------------------------------------------------- > ---------------------------------------------------| > > Hi Adam, > > Symtdi.sys is a component of symantec nortons antivirus. > > I'd be tempted to uninstall it but don't bother trying to do it via > add/remove programs because it won't uninstall properly. See Symantec > knowledgebase article Document ID:2004040815592148 for details. > > regards, > > Rick > > Ulrich Mack > Volante Systems > Level 2, 30 Little Cribb Street > Coronation Drive Office Park > Milton Qld 4064 > tel: +61 7 32431847 > fax: +61 7 32431992 > rmack@xxxxxxxxxxxxxx > > ________________________________ > > From: thin-bounce@xxxxxxxxxxxxx on behalf of Adam.Baum@xxxxxxxxxxxxxx > Sent: Fri 25/03/2005 6:07 AM > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Re: OT - debugging windows > > Output is: > > 1: kd> !analyze -v > **************************************************************************** > *** > > * > * > * Bugcheck Analysis > * > * > * > **************************************************************************** > *** > > IRQL_NOT_LESS_OR_EQUAL (a) > An attempt was made to access a pageable (or completely invalid) address at > an > interrupt request level (IRQL) that is too high. This is usually > caused by drivers using improper addresses. > If a kernel debugger is available get the stack backtrace. > Arguments: > Arg1: c0000000, memory referenced > Arg2: 00000002, IRQL > Arg3: 00000000, value 0 = read operation, 1 = write operation > Arg4: 804f9ce7, address which referenced memory > > Debugging Details: > ------------------ > > READ_ADDRESS: c0000000 Nonpaged pool > > CURRENT_IRQL: 2 > > FAULTING_IP: > nt!MmBuildMdlForNonPagedPool+7f > 804f9ce7 8b0c16 mov ecx,[esi+edx] > > DEFAULT_BUCKET_ID: DRIVER_FAULT > > BUGCHECK_STR: 0xA > > LAST_CONTROL_TRANSFER: from b9e9ea4a to 804f9ce7 > > TRAP_FRAME: f78ae74c -- (.trap fffffffff78ae74c) > ErrCode = 00000000 > eax=8897ede8 ebx=8897ee08 ecx=00000000 edx=8897ee04 esi=376811fc > edi=00000000 > eip=804f9ce7 esp=f78ae7c0 ebp=f78ae7cc iopl=0 nv up ei pl nz na po > cy > cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 > efl=00010207 > nt!MmBuildMdlForNonPagedPool+0x7f: > 804f9ce7 8b0c16 mov ecx,[esi+edx] > ds:0023:c0000000=???????? > Resetting default scope > > STACK_TEXT: > f78ae7cc b9e9ea4a 8897ede8 892710a8 8897ede8 > nt!MmBuildMdlForNonPagedPool+0x7f > WARNING: Stack unwind information not available. Following frames may be > wrong. > f78ae7e4 b9eb6e5d 00000000 00000080 f78ae828 > SYMTDI!ACMRegisterFilterModule+0x2332 > f78ae81c b9e90a36 876375e0 876373d8 00000000 > SYMTDI!DisconnectTCPSession+0x2f2 > f78ae84c b9eb3177 896b7a58 00000000 00000000 SYMTDI+0x5a36 > f78ae86c b9eb30e5 896b7a58 896b7a58 f78ae8ac SYMTDI!rHeapFree+0x180f > f78ae87c 804f0154 894ea758 8827e990 896b7a58 SYMTDI!rHeapFree+0x177d > f78ae8ac b9ecec54 886aa1d8 87636008 00000002 nt!IopfCompleteRequest+0xa0 > f78ae8c4 b9ed47df 8827e990 00000000 00000000 > tcpip!TCPDataRequestComplete+0xa4 > f78ae8d4 b9ed4882 8827e990 00000000 00000000 tcpip!TCPRequestComplete+0xf > f78ae8f0 b9ed7074 87636008 f78aea2c 00000000 tcpip!CompleteConnReq+0x86 > f78ae970 b9ecf63f 894dfa90 4264650a 4c05a8c0 tcpip!TCPRcv+0xd6d > f78ae9d0 b9ecf8dd 00000020 894dfa90 00000000 tcpip!DeliverToUser+0x17b > f78aea84 b9ecdf0f 894dfa90 893e74ac 0000001c tcpip!IPRcvPacket+0x66c > f78aeac4 b9ecdf81 00000000 893df058 893e748a > tcpip!ARPRcvIndicationNew+0x147 > f78aeb00 f7273540 893a3008 00000000 893fe580 tcpip!ARPRcvPacket+0x66 > f78aeb54 ba93a12e 89700ad0 f78aeb74 00000001 > NDIS!ethFilterDprIndicateReceivePacket+0x1cc > f78aecbc ba93a2ee 013fe008 00000000 89700ad0 n100325+0xa12e > f78aece4 f7264025 003fe008 f772f980 893fe3f8 n100325+0xa2ee > f78aecf8 804efd70 893fe3f8 893fe3e4 00000000 NDIS!ndisMDpcX+0x1d > f78aed50 804e61f7 00000000 0000000e 00000000 nt!KiRetireDpcList+0xc8 > > FOLLOWUP_IP: > SYMTDI!ACMRegisterFilterModule+2332 > b9e9ea4a b9a85eecb9 mov ecx,0xb9ec5ea8 > > SYMBOL_STACK_INDEX: 1 > > FOLLOWUP_NAME: MachineOwner > > SYMBOL_NAME: SYMTDI!ACMRegisterFilterModule+2332 > > MODULE_NAME: SYMTDI > > IMAGE_NAME: SYMTDI.SYS > > DEBUG_FLR_IMAGE_TIMESTAMP: 4050ed2d > > STACK_COMMAND: .trap fffffffff78ae74c ; kb > > FAILURE_BUCKET_ID: 0xA_SYMTDI!ACMRegisterFilterModule+2332 > > BUCKET_ID: 0xA_SYMTDI!ACMRegisterFilterModule+2332 > > Followup: MachineOwner > --------- > > Looks like something with the network aspects of this server, but I can't > tell if the problem is in tcpip or the nic driver. > > adam > > |---------+-----------------------------> > | | Berdt van der | > | | Lingen | > | | <berdtvanderlingen| > | | @gmail.com> | > | | Sent by: | > | | thin-bounce@freeli| > | | sts.org | > | | | > | | | > | | 03/24/2005 12:09 | > | | PM | > | | Please respond to | > | | thin | > | | | > |---------+-----------------------------> > > >--------------------------------------------------------------------------- > ---------------------------------------------------| > > | > | > | To: thin@xxxxxxxxxxxxx > | > | cc: > | > | Subject: [THIN] Re: OT - debugging windows > | > > >--------------------------------------------------------------------------- > ---------------------------------------------------| > > > Use !analyze -v to get detailed debugging information. > > > > BugCheck A, {c0000000, 2, 0, 804f9ce7} > > > > *** ERROR: Symbol file could not be found. Defaulted to export symbols > for > > SYMTDI.SYS - > > *** ERROR: Module load completed but symbols could not be loaded for > > n100325.sys > > Probably caused by : SYMTDI.SYS ( SYMTDI!ACMRegisterFilterModule+2332 ) > > What's the output of analyze -v? > Are you running Norton / Symantec software? > > regards, > > Berdt > ******************************************************** > This Weeks Sponsor: RTO Software TScale > TScale provides a cost-effective way to improve performance, capacity and > stability for thin-client servers like Citrix MetaFrame or Microsoft > Terminal Services running Windows NT, 2000 or 2003. > http://www.rtosoft.com/enter.asp?id=296 > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thin.net/links.cfm > ThinWiki community - Excellent SBC Search Capabilities! > http://www.thinwiki.com > *********************************************************** > For Archives, to Unsubscribe, Subscribe or > set Digest or Vacation mode use the below link: > http://thin.net/citrixlist.cfm > > ******************************************************** > This Weeks Sponsor: RTO Software TScale > TScale provides a cost-effective way to improve performance, capacity and > stability for thin-client servers like Citrix MetaFrame or Microsoft > Terminal Services running Windows NT, 2000 or 2003. > http://www.rtosoft.com/enter.asp?id=296 > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thin.net/links.cfm > ThinWiki community - Excellent SBC Search Capabilities! > http://www.thinwiki.com > *********************************************************** > For Archives, to Unsubscribe, Subscribe or > set Digest or Vacation mode use the below link: > http://thin.net/citrixlist.cfm > > ############################################################################ > ######### > > This e-mail, including all attachments, may be confidential or privileged. > Confidentiality or privilege is not waived or lost because this e-mail has > been sent to you in error. If you are not the intended recipient any use, > disclosure or copying of this e-mail is prohibited. If you have received > it in error please notify the sender immediately by reply e-mail and > destroy all copies of this e-mail and any attachments. All liability for > direct and indirect loss arising from this e-mail and any attachments is > hereby disclaimed to the extent permitted by law. > ############################################################################ > ######### > > (See attached file: winmail.dat) > > ############################################################################ > ######### > > This e-mail, including all attachments, may be confidential or privileged. > Confidentiality or privilege is not waived or lost because this e-mail has > been sent to you in error. If you are not the intended recipient any use, > disclosure or copying of this e-mail is prohibited. If you have received it > in error please notify the sender immediately by reply e-mail and destroy > all copies of this e-mail and any attachments. All liability for direct and > indirect loss arising from this e-mail and any attachments is hereby > disclaimed to the extent permitted by law. > > ############################################################################ > ######### > > -- > No virus found in this incoming message. > Checked by AVG Anti-Virus. > Version: 7.0.308 / Virus Database: 266.8.1 - Release Date: 3/23/2005 > > > ******************************************************** This Weeks Sponsor: RTO Software TScale TScale provides a cost-effective way to improve performance, capacity and stability for thin-client servers like Citrix MetaFrame or Microsoft Terminal Services running Windows NT, 2000 or 2003. http://www.rtosoft.com/enter.asp?id=296 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm ThinWiki community - Excellent SBC Search Capabilities! http://www.thinwiki.com *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm