Diagnosing Blue Screens & Re-boots

[Dave Onex]

Hi Folks;

I have an old Compaq DL380 G2 server that I'm using as my firewall. All it
has on it is
Windows 2000 Advanced Server & ISA Server 2004.

It's worked well for years - never an issue. I manage it remotely via
Terminal Services.

Recently the server has been re-starting itself about once a week or so.
This is done by the server management software (auto recovery). It checks
the machine to ensure it's responding and if it doesn't get a reply for 5
minutes it forces a re-start of the system.

Because this is a rack mount server I'm never in front of it to see it
happen.

In anticipation of it occurring again (it seems to happen once a week) -
what would/should I do to determine what the cause is?

Thanks!
Dave

 

[John John (MVP)]

Anything showing in the Event Log? Is the server configured to create a
minidump file?

John

 

[Dave Onex]

Anything showing in the Event Log? Is the server configured to create a
minidump file?

Hi John;

Thanks for helping! I changed the configuration a while back so that it
saves a mini-dump (as opposed to 3 gigs in a file) and I believe I was
seeing an error entry in the event viewer. I've since cleared the log and
re-started the server clean.

So basically, I'm waiting for it to happen again.

I did take a look at the mini.dmp files but they are hard to understand.
Looks like a binary file in a text editor

Is it wait and see time or do the mini.dmp files help?

Best;
Dave

 

[John John (MVP)]

You can wait and see if anything records in the Event Log the next time
the problem occurs, for the event to be recorded the Startup and
Recovery option has to be configured to write the event to the system
log. If you want to read the minidump file you can use Dumpchk.exe.

How to read the small memory dump files that Windows creates for debugging
http://support.microsoft.com/kb/315263

John

 

[Dave Onex]

Hi John - it just did it!

Here's what the event log said;

The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1
(0xf6036000, 0x00000002, 0x00000000, 0xf6036000). Microsoft Windows 2000
[v15.2195]. A dump was saved in: C:\WINNT\Minidump\Mini050708-01.dmp.

Any idea what that actually means?

Much thanks;
Dave

 

[Dave Onex]

I think I might have figured it out....

I got to see the remote machine while it was actually blue screening and the
screen showed two lines with the same file name - famfd.sys

After looking a little deeper I found that the file belongs to an
application called Winbackup Open File Manager.

Now it makes sense - I recently changed the logging options on the firewall
for that machine such that it now makes really large log files. I'll bet
that what's happening is that the open file manager application can't handle
those files when they grow (hence the several day delay before the issue
occurs).

At any rate - I've removed the application and I'm quite sure that will be
that

Best;
Dave

Hi John - it just did it!

Here's what the event log said;

The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1
(0xf6036000, 0x00000002, 0x00000000, 0xf6036000). Microsoft Windows 2000
[v15.2195]. A dump was saved in: C:\WINNT\Minidump\Mini050708-01.dmp.

Any idea what that actually means?

Much thanks;
Dave

You can wait and see if anything records in the Event Log the next time
the problem occurs, for the event to be recorded the Startup and
Recovery option has to be configured to write the event to the system
log. If you want to read the minidump file you can use Dumpchk.exe.

How to read the small memory dump files that Windows creates for debugging
http://support.microsoft.com/kb/315263

John

 

[John John (MVP)]

0xd1 stop errors are usually caused by faulty drivers, when the driver
is identified in the bugcheck error message it makes the troubleshooting
much easier.

John

I think I might have figured it out....

I got to see the remote machine while it was actually blue screening and the
screen showed two lines with the same file name - famfd.sys

After looking a little deeper I found that the file belongs to an
application called Winbackup Open File Manager.

Now it makes sense - I recently changed the logging options on the firewall
for that machine such that it now makes really large log files. I'll bet
that what's happening is that the open file manager application can't handle
those files when they grow (hence the several day delay before the issue
occurs).

At any rate - I've removed the application and I'm quite sure that will be
that

Best;
Dave

Hi John - it just did it!

Here's what the event log said;

The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1
(0xf6036000, 0x00000002, 0x00000000, 0xf6036000). Microsoft Windows 2000
[v15.2195]. A dump was saved in: C:\WINNT\Minidump\Mini050708-01.dmp.

Any idea what that actually means?

Much thanks;
Dave

You can wait and see if anything records in the Event Log the next time
the problem occurs, for the event to be recorded the Startup and
Recovery option has to be configured to write the event to the system
log. If you want to read the minidump file you can use Dumpchk.exe.

How to read the small memory dump files that Windows creates for

debugging

http://support.microsoft.com/kb/315263

John

Dave Onex wrote:




Anything showing in the Event Log? Is the server configured to create

a

minidump file?


Hi John;

Thanks for helping! I changed the configuration a while back so that

it

saves a mini-dump (as opposed to 3 gigs in a file) and I believe I was
seeing an error entry in the event viewer. I've since cleared the log
and

re-started the server clean.

So basically, I'm waiting for it to happen again.

I did take a look at the mini.dmp files but they are hard to

understand.

Looks like a binary file in a text editor

Is it wait and see time or do the mini.dmp files help?

Best;
Dave




John

Dave Onex wrote:



Hi Folks;

I have an old Compaq DL380 G2 server that I'm using as my firewall.

All

it


has on it is
Windows 2000 Advanced Server & ISA Server 2004.

It's worked well for years - never an issue. I manage it remotely via
Terminal Services.

Recently the server has been re-starting itself about once a week or
so.

This is done by the server management software (auto recovery). It

checks


the machine to ensure it's responding and if it doesn't get a reply

for

5


minutes it forces a re-start of the system.

Because this is a rack mount server I'm never in front of it to see

it

happen.

In anticipation of it occurring again (it seems to happen once a

week) -

what would/should I do to determine what the cause is?

Thanks!
Dave