Video Screencast Help

BSOD after redirecting SEP 11 RU5 to new 12.1.2 SEPM

Created: 30 Apr 2013 • Updated: 30 Apr 2013 | 5 comments
Marco Tafur's picture
This issue has been solved. See solution.

hi everybody,

 

We are having problems upgrading a SEPM to 12.1.2. the customer requested to migrate to a new server which deemed not possible, so we decided to install a new SEPM (old was 11.05, new is 12.1.2).

We thought on using Sylinkreplacer, but the console offered an option to push the new comms config to the clients. However, two days later, some computers started to BSOD with STOP ERROR F4. 

I have analyzed some of the dumps and found this:

 

Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
Online Crash Dump Analysis Service
See http://www.osronline.com for more information
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18113.x86fre.win7sp1_gdr.130318-1533
Machine Name:
Kernel base = 0x82a54000 PsLoadedModuleList = 0x82b9d4d0
Debug session time: Tue Apr 30 10:28:28.760 2013 (UTC - 4:00)
System Uptime: 0 days 0:24:02.711
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

CRITICAL_OBJECT_TERMINATION (f4)
A process or thread crucial to system operation has unexpectedly exited or been
terminated.
Several processes and threads are necessary for the operation of the
system; when they are terminated (for any reason), the system can no
longer function.
Arguments:
Arg1: 00000003, Process
Arg2: 880e3568, Terminating object
Arg3: 880e36d4, Process image file name
Arg4: 82c6ceb0, Explanatory message (ascii)

Debugging Details:
------------------

----- ETW minidump data unavailable-----TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2

PROCESS_OBJECT: 880e3568

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MODULE_NAME: wininit

FAULTING_MODULE: 00000000 

PROCESS_NAME:  WerFault.exe

BUGCHECK_STR:  0xF4_WerFault.exe

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 82d323ad to 82b32c2c

STACK_TEXT:  
c2237b18 82d323ad 000000f4 00000003 880e3568 nt!KeBugCheckEx+0x1e
c2237b3c 82caffe5 82c6ceb0 880e36d4 880e37d8 nt!PspCatchCriticalBreak+0x71
c2237b6c 82caff28 880e3568 baa27328 000000ff nt!PspTerminateAllThreads+0x2d
c2237ba0 8fdc4449 00000084 000000ff 87dda9f8 nt!NtTerminateProcess+0x1a2
WARNING: Stack unwind information not available. Following frames may be wrong.
c2237c24 82a918ba 00000084 000000ff 0006e738 SYMEVENT+0x14449
c2237c24 0006f4bc 00000084 000000ff 0006e738 nt!KiFastCallEntry+0x12a
0000003b 00000000 00000000 00000000 00000000 0x6f4bc


STACK_COMMAND:  kb

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  wininit.exe

FAILURE_BUCKET_ID:  0xF4_WerFault.exe_IMAGE_wininit.exe

BUCKET_ID:  0xF4_WerFault.exe_IMAGE_wininit.exe

Followup: MachineOwner
---------

So, I think SEP 11 RU5 is causing them.

 

Have anyone happened to have the same issue?

 

Marco Tafur

Magnatech Technical Support

Operating Systems:

Comments 5 CommentsJump to latest comment

MichaelD50's picture

Did these Win7 SP1 computers have SEP 11.0.5 installed? If so, I don't believe that version is Win7 compatible. First Win7 SP1 compatible client was 11.0.7000.

Is this Win7 SP1?

MJD

pete_4u2002's picture

win 7 is supported from SEP 11 Ru5, however not the service pack 1. can you check if you install frsh SEP 12.1 ru2 on client does it still gives BSOD?

Marco Tafur's picture

thanks for your replies.

I knew SEP 11 RU5 is compatible with W7 SP1. I haven't checked the SCL for that version right now, but my memories are clear.

We are installing the latest package and will see what happens. Hopefully, this will remove the problems.

We might have found a bug here...

MichaelD50's picture

From KB doc TECH94910:

Which versions of Symantec Endpoint Protection are supported on Windows 7 SP1 and Windows Server 2008 R2 SP1?
Symantec Endpoint Protection 11.0 Release Update 7 (RU7) and Symantec Endpoint Protection 12.1 or higher is supported on Windows 7 SP1 and Windows Server 2008 R2 SP1.

SOLUTION
Marco Tafur's picture

Michael,

Thanks a lot. I was suspecting that. My customer did the previous installation but I couldn't find this doc.

Marco