In my environment win2008 r2 server with MA 126.96.36.1995, and VSE patch 9 (188.8.131.524) DAT was updated as current date.
As my seever team reported me that sever caused BSOD , we collected MER logs and Memory dump, But Support Technician said that file was incomplete, But My server team said that only mini dump was generated while BSOD occured ?
What is the suggestion / what is the cause to occuring this any idea ?
How often has this occurred? Most likely it is VSE related and probably should be in that forum. When did it start and what changed? There are several causes. You might want to check out the release notes for patch 10 as there is a bugcheck and other issues fixed in that patch. Are all the hardware drivers on the system up to date, such as nic, video, raid controllers, etc? That can cause issues with older drivers also.
Typically a mini dump is the default, but it only contains very basic info on the crash cause. If it is occurring more than once, then the system should be configured for a full memory dump on crash if you want exact root cause. In the WER directories, did it log a crash dump and log? Those can be helpful. If it is a one time occurrance, it would help to also know what else might have been occurring on the system to trigger it - a windows update, new software install, etc.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Are you seeing the BSOD after installing McAfee software on the clients? Are you seeing the BSOD after a reboot? What behavior do you see as far as a trigger? From a technical standpoint a MER won't really be to useful in diagnosing why the BSOD is occuring. We would want a full memory dump as stated above for issues like this.
We want to see the process that is causing the crash which will be indicated through a full memory dump. From there we can advise A) if it is something that we need to fix B) a catalyst for a process owned by another vendor that is causing the BSOD to occur.
Cookand Thanks for great suggestion
Are you seeing the BSOD after installing McAfee software on the clients? Are you seeing the BSOD after a reboot?
Ans : Mcafee software was installed before ocuurence of BSOD. means it was caused due to rebooting the server.
I have doubt As you saying regarding full memory dump , But it can be possible reoccurence of issue?you mean that i need to wait for event re-occurence?
All in all, what we would look at from a technical standpoint would be a full memory dump on that client when the BSOD occurs. We would look at the stack for the faulting process causing the BSOD to occur. It may very well be a McAfee product causing the issue but we can't determine that without that information. Sometimes we will see it where a customer installs VSE or ENS and they reboot and BSOD occurs. Everyones first thought is VSE/ENS is causing a BSOD, explain yourself McAfee... From the cases I have worked sometimes it is McAfee, sometimes it's 3rd party. For instance, if you were to install VSE or ENS and the install completes successfully and you perform a reboot and a BSOD occurs the first thought is McAfee... However, in a lot of cases I have reviewed as far as the actual FMD it will indicate flawed code in 3rd party software. Basically the presence of our software is exposing defective code on something like clussvc.exe (owned by Microsoft) for example. We will then reach back out to you and advise hey, looked through the FMD you supplied and the faulting process was XXXXX.exe which is owned by whomever. Due to us not having the symbols/proprietary code for XXXXX.exe you then in turn have to reach out to that vendor and ask why is this process doing this. All of this information is kept under lock and key to make sure that people cannot reverse engineer the technology. So if you want us to look into it, we would need to have the BSOD replicated with the FMD sent to the SR you create with us. From there we can advise on what needs to be done. Hopefully that wasn't too much information and that makes sense. If you have any questions I should be able to reply to you on here, but it would prob be more effective to open an SR with tech support as I have a very small window to monitor the traffic posted in the community.
Thanks for your time,
Yes , i have submitted Full-Dump which is already configured before causing this issue,
They said there is no drivers are loaded while booting the system.As my server team was not conviced with this becuase the same thing was repeated in other servers also, we are following same collecting dump, submit Mcafee does'nt have any insights says that please reach out to MS team to process further.
How to identify myself to it was not due to Mcafee?
How can i show my proff to server to make convence.
What the prerequisites i need to take to avoid future occurences this related issues?