Hi all,
My NT server always rebooted from bug check in every week…one week
one time…
Every week must have someone phone me tell me the server down…i’m
very tired about this…
I had tried many many,but still can’t find any solution.
Can anyone help me?
Config:
NT server 4.0
Option Pack 4.0
Service Pack 6a
norton antivirus 5.0
The event log show out:
Time:11:50pm
Source:NAVAP
event:1001
Detail:System memory is running very low. Norton AntiVirus Auto-Protect may
not be able to function properly.
Time:12:04am
Source:eventlog
event:6008
Detail:The previous system shutdown at 11:47:26 PM on 8/23/01 was
unexpected.
Time:12:04
Source:SysMgmt
event:4188
Detail:The Compaq System Management Driver has detected that the system
encountered an NT bugcheck prior to this boot. The bugcheck data was:
STOP: 0x0000001E (0xC000009A, 0x801698A3, 0x00000000, 0x80E1A740).
Time:12:05
Source:Save Dump
Event:1001
Detail:The computer has rebooted from a bugcheck. The bugcheck was:
0x0000001e (0xc000009a, 0x801698a3, 0x00000000, 0x80e1a740). Microsoft
Windows NT [v15.1381]. A dump was saved in: C:\WINNT\MEMORY.DMP.
I had already check the memory.dmp
The result is:
Filename . . . . . . .C:\WINNT\MEMORY.DMP
Signature. . . . . . .PAGE
ValidDump. . . . . . .DUMP
MajorVersion . . . . .free system
MinorVersion . . . . .1381
DirectoryTableBase . .0x00030000
PfnDataBase. . . . . .0x8fe7c000
PsLoadedModuleList . .0x80155380
PsActiveProcessHead. .0x80155278
MachineImageType . . .i386
NumberProcessors . . .2
BugCheckCode . . . . .0x0000001e
BugCheckParameter1 . .0xc000009a
BugCheckParameter2 . .0x801698a3
BugCheckParameter3 . .0x00000000
BugCheckParameter4 . .0x80e1a740
ExceptionCode. . . . .0x80000003
ExceptionFlags . . . .0x00000001
ExceptionAddress . . .0x8011ac9c
NumberOfRuns . . . . .0x3
NumberOfPages. . . . .0xff99
Run #1
BasePage . . . . . .0x1
PageCount. . . . . .0x9e
Run #2
BasePage . . . . . .0x100
PageCount. . . . . .0xeff
Run #3
BasePage . . . . . .0x1000
PageCount. . . . . .0xeffc
Then i use the Pstat to check the address:
Here is a part of the result:
ModuleName Load Addr Code Data Paged LinkDate
ntoskrnl.exe 80100000 292672 44288 442048 Wed Jun 13 17:09:36 2001
hal.dll 80001000 25184 4384 9920 Fri Feb 12 13:19:02 1999
CpqSmgrK.sys 80012000 4448 32 0 Mon Aug 28 09:02:09 2000
cpqarray.sys 80014000 31136 32 0 Mon Aug 06 12:56:04 2001
SCSIPORT.SYS 801e0000 9856 32 17248 Wed Jun 27 14:42:34 2001
atapi.sys 801e9000 22496 1088 0 Tue May 11 17:07:16 1999
cpq32fs2.sys 801f0000 64608 2112 0 Tue Apr 25 13:20:50 2000
symc810.sys 80201000 16000 3552 0 Wed May 12 17:18:12 1999
Disk.sys 80207000 3328 0 7072 Fri Feb 12 13:44:14 1999
CLASS2.SYS 8020b000 7264 0 1696 Thu Jun 03 15:42:45 1999
QAFilter.sys 8020f000 4288 704 66304 Wed Feb 02 13:32:37 2000
intlfxsr.sys 8001d000 576 224 288 Tue Mar 09 20:20:44 1999
Ntfs.sys 80222000 69120 5952 276576 Thu Aug 26 09:50:36 1999
Floppy.SYS f3ef0000 1088 672 7968 Tue Jun 12 16:40:05 2001
Cdrom.SYS f3f00000 12672 32 3072 Fri Feb 12 13:44:05 1999
*the exception address seems point to the ntoskernel
But i still can’t find any solution to solve it.please help me.
Thanks alot.
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com