goshanecr
04-01-2024, 20:08
Доброго дня уважаемые Спецы!
Посоветуйте пожалуйста, как найти причину периодических перезагрузок сервера.
Итого поциент: Windows 2016 Server x64, работает на виртуалке BHyVe под FreeBSD. Из задач на машине - RDP доступ с запуском клиентской части 1С-ки, которая уже цепляется к 1С серверу на другой машине.
1С - лицензионная, винда не совсем. Хост - AMD Ryzen 2600 + 32GB RAM. Диски на хосте исправные, зазеркалены. Память также исправна, прогонял. Сам хост проблем не испытывает, только виртуалка.
Подскажите, откуда начать копать?
Вот что выдаёт WinDBG минидампа:
Microsoft (R) Windows Debugger Version 10.0.22621.1778 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\010324-15703-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred SRV*E:\Sym_WinDBG*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*E:\Sym_WinDBG*http://msdl.microsoft.com/download/symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*Windows 10 Kernel Version 14393 MP (4 procs) Free x64
Product: Server, suite: TerminalServer
Machine Name:
Kernel base = 0xfffff803`c4497000 PsLoadedModuleList = 0xfffff803`c479ccd0
Debug session time: Wed Jan 3 10:05:15.336 2024 (UTC + 5:00)
System Uptime: 4 days 19:38:40.026
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*************************************************************************
*Loading Kernel Symbols
.
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
..............................................................
................................................................
........
Loading User Symbols
Loading unloaded module list
.....
************* Symbol Loading Error Summary **************
Module name Error
ntoskrnl The path is not available
You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
You should also verify that your symbol search path (.sympath) is correct.
For analysis of this file, run !analyze -v
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_PROCESS_DIED (ef)
A critical system process died
Arguments:
Arg1: ffffb703d27e9800, Process object or thread object
Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
Arg3: 0000000000000000, The process object that initiated the termination.
Arg4: 0000000000000000
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 171
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 14671
Key : Analysis.Init.CPU.mSec
Value: 2390
Key : Analysis.Init.Elapsed.mSec
Value: 66876
Key : Analysis.Memory.CommitPeak.Mb
Value: 56
FILE_IN_CAB: 010324-15703-01.dmp
ADDITIONAL_DEBUG_TEXT:
You can run '.symfix; .reload' to try to fix the symbol path and load symbols.
WRONG_SYMBOLS_TIMESTAMP: 64253b6e
WRONG_SYMBOLS_SIZE: 81f000
FAULTING_MODULE: fffff803c4497000 nt
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
BUGCHECK_CODE: ef
BUGCHECK_P1: ffffb703d27e9800
BUGCHECK_P2: 0
BUGCHECK_P3: 0
BUGCHECK_P4: 0
CUSTOMER_CRASH_COUNT: 1
STACK_TEXT:
ffffcb80`b7330dd8 fffff803`c4b17da2 : 00000000`000000ef ffffb703`d27e9800 00000000`00000000 00000000`00000000 : nt+0x15d1c0
ffffcb80`b7330de0 00000000`000000ef : ffffb703`d27e9800 00000000`00000000 00000000`00000000 00000000`00000000 : nt+0x680da2
ffffcb80`b7330de8 ffffb703`d27e9800 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xef
ffffcb80`b7330df0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffb703`d27e9800 : 0xffffb703`d27e9800
STACK_COMMAND: .cxr; .ecxr ; kb
EXCEPTION_CODE_STR: 64253B6E
EXCEPTION_STR: WRONG_SYMBOLS
PROCESS_NAME: ntoskrnl.wrong.symbols.exe
IMAGE_NAME: ntoskrnl.wrong.symbols.exe
MODULE_NAME: nt_wrong_symbols
SYMBOL_NAME: nt_wrong_symbols!64253B6E81F000
FAILURE_BUCKET_ID: WRONG_SYMBOLS_X64_TIMESTAMP_230330-073406_64253B6E_nt_wrong_symbols!64253B6E81F000
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {1af12a26-2ab5-d00c-80db-c221ddcf2701}
Followup: MachineOwner
---------
Посоветуйте пожалуйста, как найти причину периодических перезагрузок сервера.
Итого поциент: Windows 2016 Server x64, работает на виртуалке BHyVe под FreeBSD. Из задач на машине - RDP доступ с запуском клиентской части 1С-ки, которая уже цепляется к 1С серверу на другой машине.
1С - лицензионная, винда не совсем. Хост - AMD Ryzen 2600 + 32GB RAM. Диски на хосте исправные, зазеркалены. Память также исправна, прогонял. Сам хост проблем не испытывает, только виртуалка.
Подскажите, откуда начать копать?
Вот что выдаёт WinDBG минидампа:
Microsoft (R) Windows Debugger Version 10.0.22621.1778 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\010324-15703-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred SRV*E:\Sym_WinDBG*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*E:\Sym_WinDBG*http://msdl.microsoft.com/download/symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*Windows 10 Kernel Version 14393 MP (4 procs) Free x64
Product: Server, suite: TerminalServer
Machine Name:
Kernel base = 0xfffff803`c4497000 PsLoadedModuleList = 0xfffff803`c479ccd0
Debug session time: Wed Jan 3 10:05:15.336 2024 (UTC + 5:00)
System Uptime: 4 days 19:38:40.026
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*************************************************************************
*Loading Kernel Symbols
.
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
..............................................................
................................................................
........
Loading User Symbols
Loading unloaded module list
.....
************* Symbol Loading Error Summary **************
Module name Error
ntoskrnl The path is not available
You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
You should also verify that your symbol search path (.sympath) is correct.
For analysis of this file, run !analyze -v
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_PROCESS_DIED (ef)
A critical system process died
Arguments:
Arg1: ffffb703d27e9800, Process object or thread object
Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
Arg3: 0000000000000000, The process object that initiated the termination.
Arg4: 0000000000000000
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 171
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 14671
Key : Analysis.Init.CPU.mSec
Value: 2390
Key : Analysis.Init.Elapsed.mSec
Value: 66876
Key : Analysis.Memory.CommitPeak.Mb
Value: 56
FILE_IN_CAB: 010324-15703-01.dmp
ADDITIONAL_DEBUG_TEXT:
You can run '.symfix; .reload' to try to fix the symbol path and load symbols.
WRONG_SYMBOLS_TIMESTAMP: 64253b6e
WRONG_SYMBOLS_SIZE: 81f000
FAULTING_MODULE: fffff803c4497000 nt
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
BUGCHECK_CODE: ef
BUGCHECK_P1: ffffb703d27e9800
BUGCHECK_P2: 0
BUGCHECK_P3: 0
BUGCHECK_P4: 0
CUSTOMER_CRASH_COUNT: 1
STACK_TEXT:
ffffcb80`b7330dd8 fffff803`c4b17da2 : 00000000`000000ef ffffb703`d27e9800 00000000`00000000 00000000`00000000 : nt+0x15d1c0
ffffcb80`b7330de0 00000000`000000ef : ffffb703`d27e9800 00000000`00000000 00000000`00000000 00000000`00000000 : nt+0x680da2
ffffcb80`b7330de8 ffffb703`d27e9800 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xef
ffffcb80`b7330df0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffb703`d27e9800 : 0xffffb703`d27e9800
STACK_COMMAND: .cxr; .ecxr ; kb
EXCEPTION_CODE_STR: 64253B6E
EXCEPTION_STR: WRONG_SYMBOLS
PROCESS_NAME: ntoskrnl.wrong.symbols.exe
IMAGE_NAME: ntoskrnl.wrong.symbols.exe
MODULE_NAME: nt_wrong_symbols
SYMBOL_NAME: nt_wrong_symbols!64253B6E81F000
FAILURE_BUCKET_ID: WRONG_SYMBOLS_X64_TIMESTAMP_230330-073406_64253B6E_nt_wrong_symbols!64253B6E81F000
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {1af12a26-2ab5-d00c-80db-c221ddcf2701}
Followup: MachineOwner
---------