Exchange server-Please help-NEW Dump.DMP

Hi,
I was able to use the DMP File deteled the old dmp file from my earlier post and get a good one. I used dumpchk.exe on it after making a copy just in case your tools do something different, here are the results.
Opened log file 'c:\debuglog.txt'
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

Microsoft (R) Windows Debugger Version 6.3.0017.0
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\MEMORY.DMP]
Kernel Complete Dump File: Full address space is available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\WINNT;C:\WINNT\system32;C:\WINNT\system32\drivers
Windows 2000 Kernel Version 2195 (Service Pack 4) UP Free x86 compatible
Product: LanManNt, suite: TerminalServer SingleUserTS
Kernel base = 0x80400000 PsLoadedModuleList = 0x80480780
Debug session time: Tue Jan 11 10:23:24 2005
System Uptime: 0 days 0:00:25.176
WARNING: Process directory table base 07767000 doesn't match CR3 00030000
WARNING: Unable to reset page directories
Loading Kernel Symbols
.....................................................................................
Loading unloaded module list
...
Loading User Symbols
WARNING: Process directory table base 07767000 doesn't match CR3 00030000
Unable to get PEB pointer
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {8, 0, 0, 0}

*** ERROR: Module load completed but symbols could not be loaded for intelata.sys
Probably caused by : intelata.sys ( intelata+9a11 )

Followup: MachineOwner
---------

kd> !analyze -v;r;kv;lmtn;.logclose;q
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------


BUGCHECK_STR: 0x7f_8

TSS: 00000028 -- (.tss 28)
.tss 28
eax=00000101 ebx=000001f0 ecx=00000000 edx=000001f6 esi=81f1ce08 edi=8206a004
eip=bff6fa11 esp=eb65cf68 ebp=eb65d398 iopl=3 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00013282
intelata+0x9a11:
bff6fa11 53 push ebx
.trap
Resetting default scope

DEFAULT_BUCKET_ID: DRIVER_FAULT

LAST_CONTROL_TRANSFER: from 4a424f48 to bff6fa11

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
eb65d398 4a424f48 6f4d625f 6f546576 54415000 intelata+0x9a11
54415000 00000000 00000000 00000000 00000000 0x4a424f48


FOLLOWUP_IP:
intelata+9a11
bff6fa11 53 push ebx

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: intelata+9a11

MODULE_NAME: intelata

IMAGE_NAME: intelata.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 3933f61c

STACK_COMMAND: .tss 28 ; kb

BUCKET_ID: 0x7f_8_intelata+9a11

Followup: MachineOwner
---------

eax=ffdff13c ebx=0000007f ecx=80036000 edx=00000000 esi=00000000 edi=00000000
eip=80465d49 esp=8046daf8 ebp=00000000 iopl=0 nv up di ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000086
nt!KiTrap08+0x3e:
80465d49 ebef jmp nt!KiTrap08+0x2f (80465d3a)
ChildEBP RetAddr Args to Child
00000000 bff6fa11 00000000 00000000 00000000 nt!KiTrap08+0x3e (FPO: TaskGate 28:0)
WARNING: Stack unwind information not available. Following frames may be wrong.
eb65d398 4a424f48 6f4d625f 6f546576 54415000 intelata+0x9a11
54415000 00000000 00000000 00000000 00000000 0x4a424f48
start end module name
80062000 80072520 hal halacpi.dll Thu Mar 20 20:04:40 2003 (3E7A7338)
80400000 8059a800 nt ntoskrnl.exe Wed Oct 20 22:55:33 2004 (41773335)
a0000000 a018f000 win32k win32k.sys unavailable (FFFFFFFE)
bb8f8000 bb915000 dump_IntelATA dump_IntelATA.sys unavailable (FFFFFFFE)
bb93d000 bb9a0e40 mrxsmb mrxsmb.sys Sun Oct 31 23:24:54 2004 (4185C8A6)
bb9b3000 bb9dc760 rdbss rdbss.sys Fri Oct 15 16:03:40 2004 (41703B2C)
bb9dd000 bb9ed760 naveng naveng.sys Thu Sep 30 20:59:17 2004 (415CB9F5)
bb9ee000 bba86680 navex15 navex15.sys Thu Sep 30 21:11:15 2004 (415CBCC3)
bbb27000 bbb39f00 SYMEVENT SYMEVENT.SYS Wed Jan 14 20:02:13 2004 (4005F4A5)
bbb3a000 bbb89000 savrt savrt.sys Mon Feb 09 17:24:30 2004 (402816AE)
bbb89000 bbbb0e00 netbt netbt.sys Wed Jul 16 14:44:26 2003 (3F15AB1A)
bbbb1000 bbc02060 tcpip tcpip.sys Tue Apr 29 18:05:31 2003 (3EAF053B)
bfccb000 bfcf53a0 update update.sys Tue Apr 15 23:22:01 2003 (3E9CDA69)
bfd08000 bfd2b060 rdpdr rdpdr.sys Fri Mar 21 15:43:14 2003 (3E7B8772)
bfd2c000 bfd42ba0 ndiswan ndiswan.sys Tue Apr 29 18:05:01 2003 (3EAF051D)
bfd43000 bfd62d00 KS KS.SYS Wed Dec 04 11:09:38 2002 (3DEE36D2)
bfd63000 bfd871e0 portcls portcls.sys Tue Apr 15 23:11:22 2003 (3E9CD7EA)
bfd88000 bfdfc680 smwdm smwdm.sys Tue May 28 14:18:44 2002 (3CF3D814)
bfe01000 bfe05000 dump_diskdump dump_diskdump.sys unavailable (FFFFFFFE)
bfe25000 bfe3e2c0 i81xnt5 i81xnt5.sys Tue Aug 08 18:18:32 2000 (39909548)
bfe70000 bfe85640 Mup Mup.sys Wed Jan 15 13:54:01 2003 (3E25BC59)
bfe86000 bfeafaa0 NDIS NDIS.sys Tue Apr 29 18:05:01 2003 (3EAF051D)
bfeb0000 bff2d800 Ntfs Ntfs.sys Wed Jun 04 17:11:33 2003 (3EDE6E95)
bff2e000 bff3f7c0 KSecDD KSecDD.sys Sat Sep 20 19:32:19 2003 (3F6CF193)
bff40000 bff521c0 Dfs Dfs.sys Tue Feb 11 20:19:06 2003 (3E49AF1A)
bff53000 bff650c0 SCSIPORT SCSIPORT.SYS Fri May 16 20:11:02 2003 (3EC58C26)
bff66000 bff82440 intelata intelata.sys Tue May 30 12:10:52 2000 (3933F61C)
bff83000 bff98180 atapi atapi.sys Tue Apr 01 12:08:25 2003 (3E89D599)
bff99000 bffba9c0 dmio dmio.sys Wed Jan 15 13:47:04 2003 (3E25BAB8)
bffbb000 bffd7220 ftdisk ftdisk.sys Mon Mar 31 16:21:58 2003 (3E88BF86)
bffd8000 bffffc20 ACPI ACPI.sys Wed Jan 15 13:44:22 2003 (3E25BA16)
eb400000 eb40e6a0 pci pci.sys Wed Jan 15 13:44:07 2003 (3E25BA07)
eb410000 eb41b680 isapnp isapnp.sys Wed Jan 15 13:43:47 2003 (3E25B9F3)
eb420000 eb428700 CLASSPNP CLASSPNP.SYS Wed Jan 15 13:42:51 2003 (3E25B9BB)
eb450000 eb45c4c0 VIDEOPRT VIDEOPRT.SYS Wed Jan 15 13:47:20 2003 (3E25BAC8)
eb460000 eb46f000 el90xbc5 el90xbc5.sys Tue Oct 19 12:09:18 1999 (380CA5BE)
eb470000 eb47b680 i8042prt i8042prt.sys Tue Apr 15 23:00:59 2003 (3E9CD57B)
eb480000 eb48f400 serial serial.sys Tue Apr 15 23:19:39 2003 (3E9CD9DB)
eb490000 eb49e180 Cdr4_2K Cdr4_2K.SYS Tue Sep 24 16:21:41 2002 (3D90D765)
eb4a0000 eb4aca80 rasl2tp rasl2tp.sys Tue Apr 29 18:05:06 2003 (3EAF0522)
eb4b0000 eb4bbc40 raspptp raspptp.sys Wed May 14 18:47:00 2003 (3EC2D574)
eb4c0000 eb4cea20 parallel parallel.sys Wed Jan 15 13:47:14 2003 (3E25BAC2)
eb4e0000 eb4e9be0 usbhub usbhub.sys Tue Mar 18 17:30:41 2003 (3E77AC21)
eb4f0000 eb4f9ce0 NDProxy NDProxy.SYS Thu Sep 30 18:25:35 1999 (37F3F16F)
eb500000 eb508fa0 Npfs Npfs.SYS Sat Oct 09 18:58:07 1999 (37FFD68F)
eb510000 eb518680 msgpc msgpc.sys Wed Jan 15 13:54:25 2003 (3E25BC71)
eb520000 eb5281a0 netbios netbios.sys Tue Oct 12 14:34:19 1999 (38038D3B)
eb530000 eb540000 Savrtpel Savrtpel.sys Mon Feb 09 17:24:34 2004 (402816B2)
eb680000 eb685520 PCIIDEX PCIIDEX.SYS Tue Feb 25 12:31:08 2003 (3E5BB66C)
eb688000 eb68f4c0 MountMgr MountMgr.sys Tue Feb 10 13:47:53 2004 (40293569)
eb690000 eb697720 disk disk.sys Wed Jan 15 13:43:05 2003 (3E25B9C9)
eb698000 eb69c400 ptilink ptilink.sys Wed Jan 15 13:47:15 2003 (3E25BAC3)
eb6a0000 eb6a7d00 wanarp wanarp.sys Fri Aug 16 07:25:01 2002 (3D5CEF1D)
eb6a8000 eb6ac0e0 raspti raspti.sys Fri Oct 08 15:45:10 1999 (37FE57D6)
eb6b0000 eb6b6000 cmosa cmosa.SYS unavailable (FFFFFFFE)
eb710000 eb714a60 flpydisk flpydisk.sys Wed Jan 15 13:42:52 2003 (3E25B9BC)
eb730000 eb736a20 EFS EFS.SYS Wed Jan 15 13:46:55 2003 (3E25BAAF)
eb750000 eb755400 mouclass mouclass.sys Thu Feb 20 10:37:45 2003 (3E550459)
eb760000 eb766580 fdc fdc.sys Wed Jan 15 13:42:51 2003 (3E25B9BB)
eb768000 eb76d240 Msfs Msfs.SYS Tue Oct 26 18:21:32 1999 (3816377C)
eb778000 eb77dec0 kbdclass kbdclass.sys Thu Feb 20 10:37:30 2003 (3E55044A)
eb798000 eb79e100 parport parport.sys Wed Jan 15 13:47:13 2003 (3E25BAC1)
eb7a8000 eb7aff40 uhcd uhcd.sys Wed Jan 15 13:45:50 2003 (3E25BA6E)
eb7b8000 eb7bec40 cdrom cdrom.sys Wed Jan 15 13:43:04 2003 (3E25B9C8)
eb7c0000 eb7c4fc0 USBD USBD.SYS Wed Jan 22 11:05:33 2003 (3E2ECF5D)
eb7d0000 eb7d5560 Cdralw2k Cdralw2k.SYS Tue Sep 24 16:20:49 2002 (3D90D731)
eb810000 eb812a20 BOOTVID BOOTVID.dll Wed Nov 03 19:24:33 1999 (3820E051)
eb814000 eb816d00 PartMgr PartMgr.sys Wed Jan 15 13:43:07 2003 (3E25B9CB)
eb890000 eb893640 serenum serenum.sys Wed Jan 15 13:47:01 2003 (3E25BAB5)
eb8a8000 eb8aa2e0 ndistapi ndistapi.sys Wed Jan 15 13:54:15 2003 (3E25BC67)
eb8b8000 eb8bbe60 TDI TDI.SYS Wed Jan 15 13:56:26 2003 (3E25BCEA)
eb8f0000 eb8f3580 vga vga.sys Sat Sep 25 13:37:40 1999 (37ED1674)
eb900000 eb901100 intelide intelide.sys Wed Feb 19 11:19:09 2003 (3E53BC8D)
eb902000 eb903d20 Diskperf Diskperf.sys Wed Feb 12 15:34:38 2003 (3E4ABDEE)
eb904000 eb905b80 dmload dmload.sys Wed Jan 15 13:47:06 2003 (3E25BABA)
eb90c000 eb90d120 aeaudio aeaudio.sys Mon Apr 01 08:39:14 2002 (3CA87112)
eb916000 eb917ca0 Fs_Rec Fs_Rec.SYS Wed Jan 15 13:53:30 2003 (3E25BC3A)
eb91e000 eb91fe40 rasacd rasacd.sys Sat Sep 25 13:41:23 1999 (37ED1753)
eb9c8000 eb9c8f80 WMILIB WMILIB.SYS Sat Sep 25 13:36:47 1999 (37ED163F)
eb9c9000 eb9c9cc0 idebd idebd.sys Tue Feb 22 19:20:15 2000 (38B335CF)
eb9e3000 eb9e38c0 SENSUPGD SENSUPGD.SYS Tue May 28 11:07:59 2002 (3CF3AB5F)
eb9eb000 eb9eba40 audstub audstub.sys Sat Sep 25 13:35:33 1999 (37ED15F5)
eb9f6000 eb9f7000 swenum swenum.sys Wed Dec 04 11:10:07 2002 (3DEE36EF)
eba01000 eba019e0 Null Null.SYS Sat Sep 25 13:34:58 1999 (37ED15D2)
eba03000 eba03ee0 Beep Beep.SYS Wed Oct 20 17:18:59 1999 (380E3FD3)
eba07000 eba07f80 mnmdd mnmdd.SYS Sat Sep 25 13:37:40 1999 (37ED1674)

Unloaded modules:
eb620000 eb629000 redbook.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
eb740000 eb745000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
eb8e8000 eb8eb000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\debuglog.txt

 

The debugger isnt tracking this fault on your machine well. I'm going to guess that this is the usual stack overflow. See the below articles. Why are you running that intel wizbang accelerator. If you are going to run oddball stuff on a server, you need to keep it current. I've included a link for you to download the newest version.

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2002071208532048?Open&src=w

intelata.sys Tue May 30 12:10:52 2000
http://support.intel.com/support/chipsets/iaa/

 

exchange server dump

I didn't know it was running that wizbal thing or whatever it is. I will look into that. Thanks,

How do you figure out what all this data means? I have searched and nothing tells you how to find out what the issue is or what to even look for? Basically how do you make sense of it all?

This machine is actually a dell desktop gx150 and the guy put exchange on it because it sits at a site with like 5 people and I am just jumping into the picture now.

 

accelerator on exchange server dump.dmp

Can I just remove that accelerator and then what do I have to do?

The symantec article points to some things I looked at before but what is the root cause of these kernel dumps?

 

One more questions

Do I have to do the edit on the symantec article for the registry regarding the kernel size or just update the intel accelerator driver?

 

Joe is making a guess, based on his experience. Some of these 7fs really need to be debugged by hand to be taken to root cause.

I would agree with his recommendation. If i were you, i would pull the intel stuff for now, AND tweak that key for norton.

 

removing accelerator?

How do you do that?

 

Remove Intel Accelerator?

I have been following the exchange dump thread so how do I remove that intel accelerator? I installed the latest chipset drivers.

Now the symantec regedit, it seems like the newer version has that in it?

 

Exchange server - dump.dmp progress but...

I managed to update the intel chipset by tracking down the drivers from the dell site. I didn't see the accelerator in the add/remove list but I did install it and then remove it to see if that would help.
It now boots OK but the event logs are still filling up with event id 1005 and source savrt. It points to the article I got in this post already and I made the regedit change but it still occurs. The only thing is now I actually get the error in the event log and it read" symantec antivirus can't scan c:\winnt\various files due to the kernel is to small "?
ANy ideas?

 

I am not a norton guy, but as i understand how that key works, its a knob. You can tune it around to find the setting that works for you.