Windows Server 2008 R2 crashing during Acronis Image
Hi there,
We are currently experiencing temporary issues when running a full system image to a network share on another server on a Windows Server 2008 R2 base running Acronis Backup & Recovery 11.5 (Build 11.5.32308)
We have ran a microsoft driver verify program and it highlights that the snapman.sys driver appears to be at fault - details of the program are as below.
This causes the server to blue screen, has anyone experienced a similar issue and how do i resolve it.
May i also add that we are running this software on other non server 2008 R2 machines and we don't have any issues on thses boxes.
Regards
Duncan
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [G:\Minidump\051713-28298-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols;cache*c:\symbols;http://150.1.161.104:8090/Store
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (12 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Built by: 7601.17944.amd64fre.win7sp1_gdr.120830-0333
Machine Name:
Kernel base = 0xfffff800`01606000 PsLoadedModuleList = 0xfffff800`0184a670
Debug session time: Fri May 17 08:30:58.627 2013 (GMT+1)
System Uptime: 0 days 0:05:40.815
Loading Kernel Symbols
...............................................................
................................................................
..............
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C4, {f6, c, fffffa8013eb7b30, fffff88001bbbf86}
Unable to load image \SystemRoot\system32\DRIVERS\snapman.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for snapman.sys
*** ERROR: Module load completed but symbols could not be loaded for snapman.sys
Probably caused by : snapman.sys ( snapman+7f86 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 00000000000000f6, Referencing user handle as KernelMode.
Arg2: 000000000000000c, Handle value being referenced.
Arg3: fffffa8013eb7b30, Address of the current process.
Arg4: fffff88001bbbf86, Address inside the driver that is performing the incorrect reference.
Debugging Details:
------------------
BUGCHECK_STR: 0xc4_f6
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80001b0b3dc to fffff80001684fc0
STACK_TEXT:
fffff880`0da86b38 fffff800`01b0b3dc : 00000000`000000c4 00000000`000000f6 00000000`0000000c fffffa80`13eb7b30 : nt!KeBugCheckEx
fffff880`0da86b40 fffff800`01b20ae4 : 00000000`0000000c fffffa80`13eb7b30 00000000`00000004 0000007f`fffffff8 : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`0da86b80 fffff800`018d8000 : fffffa80`14e6a248 fffff880`0da86e10 fffff880`0da86f00 fffff880`0da87068 : nt!VfCheckUserHandle+0x1b4
fffff880`0da86c60 fffff800`01961c7e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x212de
fffff880`0da86d30 fffff800`01684253 : fffffa80`13a6db50 fffff880`0da87068 fffff880`0da86e58 00000000`00000002 : nt!NtQueryObject+0x14c
fffff880`0da86e40 fffff800`01680810 : fffff800`01b0ff23 fffffa80`14e54000 00000000`00000370 fffff880`0da87400 : nt!KiSystemServiceCopyEnd+0x13
fffff880`0da87048 fffff800`01b0ff23 : fffffa80`14e54000 00000000`00000370 fffff880`0da87400 00000000`0000000c : nt!KiServiceLinkage
fffff880`0da87050 fffff880`01bbbf86 : 00000000`0000000c fffff880`0da87189 fffff880`0da87170 fffff880`0da87110 : nt!VfZwQueryObject+0x63
fffff880`0da870a0 00000000`0000000c : fffff880`0da87189 fffff880`0da87170 fffff880`0da87110 fffff880`0da87140 : snapman+0x7f86
fffff880`0da870a8 fffff880`0da87189 : fffff880`0da87170 fffff880`0da87110 fffff880`0da87140 fffff880`01bd49bb : 0xc
fffff880`0da870b0 fffff880`0da87170 : fffff880`0da87110 fffff880`0da87140 fffff880`01bd49bb fffffa80`14e6a250 : 0xfffff880`0da87189
fffff880`0da870b8 fffff880`0da87110 : fffff880`0da87140 fffff880`01bd49bb fffffa80`14e6a250 fffff800`01b20878 : 0xfffff880`0da87170
fffff880`0da870c0 fffff880`0da87140 : fffff880`01bd49bb fffffa80`14e6a250 fffff800`01b20878 00000000`00000000 : 0xfffff880`0da87110
fffff880`0da870c8 fffff880`01bd49bb : fffffa80`14e6a250 fffff800`01b20878 00000000`00000000 00000000`00000000 : 0xfffff880`0da87140
fffff880`0da870d0 fffffa80`14e6a250 : fffff800`01b20878 00000000`00000000 00000000`00000000 fffffa80`14e54000 : snapman+0x209bb
fffff880`0da870d8 fffff800`01b20878 : 00000000`00000000 00000000`00000000 fffffa80`14e54000 fffff880`01bd3aad : 0xfffffa80`14e6a250
fffff880`0da870e0 fffff880`01bb9b45 : 00000000`0000000c fffff980`0b40af80 fffff980`00000000 00000000`00000048 : nt!VerifierObReferenceObjectByHandle+0x48
fffff880`0da87130 00000000`0000000c : fffff980`0b40af80 fffff980`00000000 00000000`00000048 fffff880`0da87160 : snapman+0x5b45
fffff880`0da87138 fffff980`0b40af80 : fffff980`00000000 00000000`00000048 fffff880`0da87160 00000000`00000000 : 0xc
fffff880`0da87140 fffff980`00000000 : 00000000`00000048 fffff880`0da87160 00000000`00000000 fffffa80`13eaf670 : 0xfffff980`0b40af80
fffff880`0da87148 00000000`00000048 : fffff880`0da87160 00000000`00000000 fffffa80`13eaf670 fffff880`0da87248 : 0xfffff980`00000000
fffff880`0da87150 fffff880`0da87160 : 00000000`00000000 fffffa80`13eaf670 fffff880`0da87248 fffff880`01be2d18 : 0x48
fffff880`0da87158 00000000`00000000 : fffffa80`13eaf670 fffff880`0da87248 fffff880`01be2d18 00000000`00000000 : 0xfffff880`0da87160
STACK_COMMAND: kb
FOLLOWUP_IP:
snapman+7f86
fffff880`01bbbf86 448b8424a0000000 mov r8d,dword ptr [rsp+0A0h]
SYMBOL_STACK_INDEX: 8
SYMBOL_NAME: snapman+7f86
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: snapman
IMAGE_NAME: snapman.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 50f6aea6
FAILURE_BUCKET_ID: X64_0xc4_f6_VRF_snapman+7f86
BUCKET_ID: X64_0xc4_f6_VRF_snapman+7f86
Followup: MachineOwner
---------
Hi there,
Many thanks for your reply, the BSOD's are random and happen when a full system image is running on a server.
The snapapi drivers on the system are the latest version i'm afraid to say.
The system does BSOD when running the verifier, so that would explain that issue.
Regards
Duncan