Multiple 0x00000027 RDR_FILE_SYSTEM BSOD HELP!!!!

Discussion in 'Windows 7 Blue Screen of Death (BSOD)' started by timkl25, Mar 13, 2012.

  1. timkl25

    timkl25 New Member

    Joined:
    Mar 13, 2012
    Messages:
    10
    Likes Received:
    0
    I am having some serious issues with the 000000x27 BSOD. We have about 100 systems and about 10 or so systems throw this code inconsistantly but every day or so. Some users reported the code when using Outlook or Word, others just had on the destop. Same systems have reoccuring BSOD and all the same 0x0000027 RDR_FILE_SYSTEM. I do not have Win Debugging tools and we have ran the latest updates, reinstalled the drives for the audio, video and network. I have the dumps and can email or post the links. I am running out of things to try, please advise. We have swapped the system and reimaged it with the same image and issue is still there, so it is software replated. Clean install is not an option as the users are runing specific software. PLEASE HELP!!!!
     
    #1 timkl25, Mar 13, 2012
    Last edited: Mar 15, 2012
  2. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    Hello Tim and welcome to the forums.
    First make sure your machine is configured properly to facilitate the collection of .dmp files.
    Then:
    Please read the first post in this sticky thread here How to ask for help with a BSOD problem
    Do your best to accumulate the data required.
    Run the SF Diagnostic tool (download and right click the executable and choose run as administrator)
    Download and run CPUz. Use the Windows snipping tool to gather images from all tabs including all slots populated with memory under the SPD tab.
    Likewise RAMMon. Export the html report, put everything into a desktop folder that you've created for this purpose, zip it up and attach it to your next post (right click it and choose send to, compressed (zipped) folder.
    Additionally, if you haven’t already, please take some time and fill out your system specs in your forum profile area http://windows7forums.com/windows-7-support/72212-help-us-help-you-filling-your-system-specs.html#post235529 .
    Good luck
    Randy
     
  3. timkl25

    timkl25 New Member

    Joined:
    Mar 13, 2012
    Messages:
    10
    Likes Received:
    0
    Today same issue happend again exactly when one user was coping file (60mb) form his system to the another user's C: drive. Recieving system bluescreened. Sender system did not. So could be related to network?
     
    #3 timkl25, Mar 14, 2012
    Last edited: Mar 15, 2012
  4. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    At first glance, at your single dump file, it would suggest a problem with
    proxyclientflt32.sys normally associated with Blue Coat Systems Blue Coat
    I would also suggest addressing these three older drivers
    SonMirrorftas.sys 3/14/2006
    SonVMDas.sys 3/14/2006 both apparently associated with Sonexis Conference Bridge, Audio Conference Bridge, Web Conferencing | Sonexis Technology
    and
    dne2000.sys 11/10/2008 Citrix Deterministic Network Enhancer Miniport or Cisco Systems VPN Client
    If Blue Screens persist, uninstall Norton/Symantec through the control panel and follow that up by running the vendor specific proprietary removal tool here https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?lg=english&ct=united+states&docid=20080710133834EN&product=home&version=1&pvid=f-home
    Consider replacing with Microsoft Security Essentials here Anti-Malware, Virus, Spyware Protection | Microsoft Security Essentials
     
  5. timkl25

    timkl25 New Member

    Joined:
    Mar 13, 2012
    Messages:
    10
    Likes Received:
    0
    Thank you very much, thats a great start, I will try to update all the listed drivers. Attached are a few more dumps form one of the users. These were recorded as a kernel dumps, before I changed the settings to capture memory dumps. Also what software do you use to decode the dumps. I have tried Bluescreen Analyzer and Windows Debuging tools and did not get nearly anythingclose to what you suggested. This is a great forum.
     
    #5 timkl25, Mar 14, 2012
    Last edited: Mar 15, 2012
  6. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    Your most recent 5 dump files are all identical.
    WinDbg.exe (Windows Debugger)
    EXAMPLE:
    Code:
    RDR_FILE_SYSTEM (27)
        If you see RxExceptionFilter on the stack then the 2nd and 3rd parameters are the
        exception record and context record. Do a .cxr on the 3rd parameter and then kb to
        obtain a more informative stack trace.
        The high 16 bits of the first parameter is the RDBSS bugcheck code, which is defined
        as follows:
         RDBSS_BUG_CHECK_CACHESUP  = 0xca550000,
         RDBSS_BUG_CHECK_CLEANUP   = 0xc1ee0000,
         RDBSS_BUG_CHECK_CLOSE     = 0xc10e0000,
         RDBSS_BUG_CHECK_NTEXCEPT  = 0xbaad0000,
    Arguments:
    Arg1: baad0073
    Arg2: a3d336a8
    Arg3: a3d33280
    Arg4: 911e1c82
    *** WARNING: Unable to verify timestamp for[COLOR=#ff0000][U][B] proxyclientflt32.sys[/B][/U][/COLOR]
    *** ERROR: Module load completed but symbols could not be loaded for[COLOR=#ff0000][U][B] proxyclientflt32.sys[/B][/U][/COLOR]
    *** WARNING: Unable to verify timestamp for [COLOR=#ff0000][U][B]proxyclientwebfilter32.sys[/B][/U][/COLOR]
    *** ERROR: Module load completed but symbols could not be loaded for [COLOR=#ff0000][U][B]proxyclientwebfilter32.sys
    [/B][/U][/COLOR]
    EXCEPTION_RECORD:  a3d336a8 -- (.exr 0xffffffffa3d336a8)
    ExceptionAddress: 911e1c82 (tdx!TdxCreateControlChannel+0x00000070)
       ExceptionCode: c0000005 (Access violation)
      ExceptionFlags: 00000000
    NumberParameters: 2
       Parameter[0]: 00000001
       Parameter[1]: 0000000c
    Attempt to write to address 0000000c
    
    CONTEXT:  a3d33280 -- (.cxr 0xffffffffa3d33280)
    eax=00000000 ebx=00000000 ecx=00000002 edx=00000000 esi=86445cf8 edi=00000003
    eip=911e1c82 esp=a3d33770 ebp=a3d33778 iopl=0         nv up ei pl nz na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010206
    tdx!TdxCreateControlChannel+0x70:
    911e1c82 89700c          mov     dword ptr [eax+0Ch],esi ds:0023:0000000c=????????
    Resetting default scope
    CUSTOMER_CRASH_COUNT:  1
    PROCESS_NAME:  System
    CURRENT_IRQL:  0
    ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
    EXCEPTION_PARAMETER1:  00000001
    EXCEPTION_PARAMETER2:  0000000c
    WRITE_ADDRESS: GetPointerFromAddress: unable to read from 82d77848
    Unable to read MiSystemVaType memory at 82d56e20
     0000000c 
    FOLLOWUP_IP: 
    tdx!TdxCreateControlChannel+70
    911e1c82 89700c          mov     dword ptr [eax+0Ch],esi
    FAULTING_IP: 
    tdx!TdxCreateControlChannel+70
    911e1c82 89700c          mov     dword ptr [eax+0Ch],esi
    BUGCHECK_STR:  0x27
    DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE
    LAST_CONTROL_TRANSFER:  from 911e9009 to 911e1c82
    STACK_TEXT:  
    a3d33778 911e9009 884d5c90 00000000 00000000 tdx!TdxCreateControlChannel+0x70
    a3d337b0 82c4558e 880a5be8 89c5bd98 89c5bd98 tdx!TdxTdiDispatchCreate+0x5f
    a3d337c8 910027b2 a3d337e8 91003501 880a5be8 nt!IofCallDriver+0x63
    WARNING: Stack unwind information not available. Following frames may be wrong.
    a3d337d0 91003501 880a5be8 89c5bd98 886410d0 [COLOR=#ff0000][U][B]proxyclientflt32[/B][/U][/COLOR]+0x27b2
    a3d337e8 91001753 88633e40 89c5bd98 88633e40 [COLOR=#ff0000][U][B]proxyclientflt32[/B][/U][/COLOR]+0x3501
    a3d337fc 82c4558e 88633e40 89c5bd98 8a0c8904 [COLOR=#ff0000][U][B]proxyclientflt32[/B][/U][/COLOR]+0x1753
    a3d33814 91011627 886410d0 8a0c8904 89545430 nt!IofCallDriver+0x63
    a3d33828 9100d7ab 886410d0 8a0c8904 89545430 [COLOR=#ff0000][U][B]proxyclientwebfilter32[/B][/U][/COLOR]+0x6627
    a3d33860 9101241e 89545430 8b13e458 89545430 [COLOR=#ff0000][U][B]proxyclientwebfilter32[/B][/U][/COLOR]+0x27ab
    a3d33880 910148c6 89545430 8a0c8904 89545430 [COLOR=#ff0000][U][B]proxyclientwebfilter32[/B][/U][/COLOR]+0x741e
    a3d33898 910131e1 00000000 89545430 886410d0 [COLOR=#ff0000][U][B]proxyclientwebfilter32[/B][/U][/COLOR]+0x98c6
    a3d338b4 91011635 0f6410d0 8a0c8904 00000000 [COLOR=#ff0000][U][B]proxyclientwebfilter32[/B][/U][/COLOR]+0x81e1
    a3d338d0 91011836 886410d0 00000103 89c5bd98 [COLOR=#ff0000][U][B]proxyclientwebfilter32[/B][/U][/COLOR]+0x6635
    a3d3391c 91011eac 8a0c8904 0000009f 00000001 [COLOR=#ff0000][U][B]proxyclientwebfilter32[/B][/U][/COLOR]+0x6836
    a3d33930 9100de1c 8a0c8904 89c5bf28 886410d0 [COLOR=#ff0000][U][B]proxyclientwebfilter32[/B][/U][/COLOR]+0x6eac
    a3d3395c 9101241e 85b0f1d0 00000104 89c5bd98 [COLOR=#ff0000][U][B]proxyclientwebfilter32[/B][/U][/COLOR]+0x2e1c
    a3d3397c 910148c6 89c5bd98 89c5bd98 88641018 [COLOR=#ff0000][U][B]proxyclientwebfilter32[/B][/U][/COLOR]+0x741e
    a3d33994 82c4558e 00000000 89c5bd98 a3d339e0 [COLOR=#ff0000][U][B]proxyclientwebfilter32[/B][/U][/COLOR]+0x98c6
    a3d339ac 9166fced 85f24798 85fb2fa0 85fb2f68 nt!IofCallDriver+0x63
    a3d339c4 91632e50 8a3bf2c8 85fb2fd8 00000000 afd!WskTdiTLRequestSend+0x12f
    a3d33a00 9163185a a3d33a20 82c4558e 885fa868 afd!WskProIRPSend+0xc2
    a3d33a08 82c4558e 885fa868 85fb2f68 8af0fa40 afd!AfdWskDispatchInternalDeviceControl+0x21
    a3d33a20 91632fa8 a3d33a7c 911146b0 85f247ac nt!IofCallDriver+0x63
    a3d33a28 911146b0 85f247ac a3d33a64 00000002 afd!WskProAPISend+0x67
    a3d33a7c 911290d8 89cd3010 9163fe30 8ab30258 mrxsmb!SmbWskSend+0x12f
    a3d33acc 9112919a 89cd3010 00000000 8ab30258 mrxsmb!RxCeSend+0x4a
    a3d33af4 911165a6 89cd3010 00000000 8ab30258 mrxsmb!VctSend+0x24
    a3d33b28 9111a2fc 00000000 0000009b 00000000 mrxsmb!SmbCseSubmitBufferContext+0x208
    a3d33b4c 911170d8 00000000 89cd3010 00000000 mrxsmb!SmbNegotiate_Start+0x138
    a3d33b7c 9111a0bb 00bc1c00 87c19828 8abc1c00 mrxsmb!SmbCeInitiateExchange+0x347
    a3d33b90 9111b7ae 8a8f1768 89cd3010 87c19828 mrxsmb!MRxSmbInitialNegotiate+0x70
    a3d33bbc 9111b86b 8a8f1768 8a65ba68 8a8998c8 mrxsmb!SmbCeCompleteTransportConnectionEstablishment+0xfa
    a3d33bd4 9111a893 00000000 92246cc8 a3d33c40 mrxsmb!VctCompleteConnectRequest+0x6f
    a3d33be4 92234143 8a8998c8 31f75b05 00000000 mrxsmb!RxCeInitiateConnection+0x1bd
    a3d33c40 92249d32 92246cc8 92247108 a3d33c90 rdbss!RxpWorkerThreadDispatcher+0x13e
    a3d33c50 82e16fda 92246cc8 84778901 00000000 rdbss!RxWorkerThreadDispatcher+0x1a
    a3d33c90 82cbf1f9 92249d18 92246cc8 00000000 nt!PspSystemThreadStartup+0x9e
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
    SYMBOL_STACK_INDEX:  0
    SYMBOL_NAME:  tdx!TdxCreateControlChannel+70
    Additional Resource: Bug Check 0x27: RDR_FILE_SYSTEM
     
  7. timkl25

    timkl25 New Member

    Joined:
    Mar 13, 2012
    Messages:
    10
    Likes Received:
    0
    I have been trying to get the WinBG to read my dumps, followed the instctuctions and even downloaded the symbols on to the computer and extracted to the C:\ Drive. I am getting the error and it gets stck on that loading symbols page.
     
    #7 timkl25, Mar 15, 2012
    Last edited: Mar 15, 2012
  8. timkl25

    timkl25 New Member

    Joined:
    Mar 13, 2012
    Messages:
    10
    Likes Received:
    0
    Thanks for the Help.
     
    #8 timkl25, Mar 15, 2012
    Last edited: Mar 15, 2012

Share This Page

Loading...