bsod with Endpoint MR3
I activated the network threat protection, and now my computer bluescreens regularly.
this is what i get from the bluescreen dump files.
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 9F, {3, 8433f880, 861ec030, 84991dc0}
*** WARNING: Unable to verify timestamp for teefer2.sys
*** ERROR: Module load completed but symbols could not be loaded for teefer2.sys
Probably caused by : teefer2.sys
Followup: MachineOwner
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_POWER_STATE_FAILURE (9f)
A driver is causing an inconsistent power state.
Arguments:
Arg1: 00000003, A device object has been blocking an Irp for too long a time
Arg2: 8433f880, Physical Device Object of the stack
Arg3: 861ec030, Functional Device Object of the stack
Arg4: 84991dc0, The blocked IRP
Debugging Details:
------------------
DRVPOWERSTATE_SUBCODE: 3
IRP_ADDRESS: 84991dc0
DEVICE_OBJECT: 861ec030
DRIVER_OBJECT: 86174800
IMAGE_NAME: teefer2.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4875eb25
MODULE_NAME: teefer2
FAULTING_MODULE: 8ed9f000 teefer2
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x9F
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from 81e40b6c to 81eda163
STACK_TEXT:
81f02acc 81e40b6c 0000009f 00000003 8433f880 nt!KeBugCheckEx+0x1e
81f02b28 81e406bc 81f02b94 81f02c50 81f1b401 nt!PopCheckIrpWatchdog+0x1ad
81f02b68 81ec3d00 81f1b4e0 00000000 fd0cf147 nt!PopCheckForIdleness+0x343
81f02c88 81ec3936 81f02cd0 0c8ba402 81f02cd8 nt!KiTimerListExpire+0x367
81f02ce8 81ec3483 00000000 00000000 0004a445 nt!KiTimerExpiration+0x2a0
81f02d50 81ec1f9d 00000000 0000000e 00000000 nt!KiRetireDpcList+0xba
81f02d54 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x49
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: 0x9F_IMAGE_teefer2.sys
BUCKET_ID: 0x9F_IMAGE_teefer2.sys
Followup: MachineOwner
---------
-------------------------------------------------------------------------------------------
And this is the other failure i get...
-------------------------------------------------------------------------------------------
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from 81f7c868
Unable to read MiSystemVaType memory at 81f5c420
9c751ff4
CURRENT_IRQL: 2
FAULTING_IP:
wpsdrvnt+7a33
91ac9a33 ?? ???
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: inetinfo.exe
TRAP_FRAME: a172ab20 -- (.trap 0xffffffffa172ab20)
ErrCode = 00000000
eax=9f35e63c ebx=9c751ff4 ecx=00000104 edx=9c751ff4 esi=9f36fa58 edi=9f36fa58
eip=91ac9a33 esp=a172ab94 ebp=aca09875 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
wpsdrvnt+0x7a33:
91ac9a33 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from 91ac9a33 to 81e9fd84
STACK_TEXT:
a172ab20 91ac9a33 badb0d00 9c751ff4 9c77ec40 nt!KiTrap0E+0x2ac
WARNING: Stack unwind information not available. Following frames may be wrong.
a172ab90 00000000 00011400 91ac8571 9f36fa58 wpsdrvnt+0x7a33
STACK_COMMAND: kb
FOLLOWUP_IP:
wpsdrvnt+7a33
91ac9a33 ?? ???
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: wpsdrvnt+7a33
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: wpsdrvnt
IMAGE_NAME: wpsdrvnt.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 48c05c58
FAILURE_BUCKET_ID: 0xD1_wpsdrvnt+7a33
BUCKET_ID: 0xD1_wpsdrvnt+7a33
Followup: MachineOwner
Can anybody help me out here?
This is really frustrating
thanks in advance.
Comments
It looks like the teefer2.sys at fault here, But as the dump suggests use the debugger to get the detailed description.
This is a good guide for debugging.
http://www.networkworld.com/news/2005/041105-windows-crash.html?page=1
Though, Make sure that the windows firewall and windows defender are stopped and disabled while NTP is on.
De facto when AV does something, it starts jumping up and down, waving its arms, and shouting "Hey! I found a virus! Look at me! I'm soooo goooood!"
The postings are the detailed description. ( !analyze -v )
And i also know that the two responsible is teefer2.sys and wpsdrvnt.sys.
What is don't know, is what's causing this bluescreen, except that teefer2.sys and wpsdrvnt.sys i to blame?
Has anyone else experienced this ?
i'm about to upgrade all the computers in my company, but i cannot do this when my computer (testmachine) bluescreens.
The machine is a Lenovo T61, Core 2 Duo 2200MHz and 3GB Ram
Both windows firewall and windows defender are disabled.
Have you recently upgraded your network card drivers? You might want to give that a try if you haven't or even roll back to an earlier version.
Forgot to mention...we decided to not use NTP because of issues like that and other problems. Those problems aren't the main reason for not using NTP since we use GP to administer Windows Firewall and have a hardware intrusion prevention device but they were a big factor.
I have similar problems on my ThinkPad T61p. I got random BSOD when shutting down the machine. Rolled back to MR2 SP2 and the BSOD disappeard. Must be some problem with a specific T61 driver, as I have MR3 on 12 Dell desktops in the office without problem.
Will wait until MR3 SP1 and try again then on the T61p.
I'm not sure it was the answer i was looking for, but i'm "happy" there are more people experiencing the same problem.
Hope Symantec resolve whatever problem they got with Lenovo computers.
It would make my work alot easier.
Is there anyone from Symantec here that is aware of this problem with Lenovo computers ?
Do you have the Thinkvantage Client Security Solution software installed? We found that our machines with that installed are the only ones that had problems with NTP running.
This is the main programs running on my computer:
Windows Vista Business (clean install)
Windows Office 2007 Enterprise
SEP 11.0.3001.2224
Thinkvantage tools:
- active protection system
- easy eject
- maintenance manager
- Presentation manager
- Power manager
- system update
- keyboard customizer
- fingerprint software
I am having the same issue with a T500. I have checked and windows firewall and defender are not running.
this is my bugcheck.
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: e1350eb4, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 907e5a33, address which referenced memory
Debugging Details:
------------------
Unable to load image \??\C:\Windows\system32\drivers\wpsdrvnt.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for wpsdrvnt.sys
*** ERROR: Module load completed but symbols could not be loaded for wpsdrvnt.sys
READ_ADDRESS: GetPointerFromAddress: unable to read from 81d74868
Unable to read MiSystemVaType memory at 81d54420
e1350eb4
CURRENT_IRQL: 2
FAULTING_IP:
wpsdrvnt+7a33
907e5a33 ?? ???
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: wlanext.exe
TRAP_FRAME: afd9fb20 -- (.trap 0xffffffffafd9fb20)
ErrCode = 00000000
eax=b8b5e63c ebx=e1350eb4 ecx=00000104 edx=e1350eb4 esi=b8b6fa58 edi=b8b6fa58
eip=907e5a33 esp=afd9fb94 ebp=2bfa9575 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
wpsdrvnt+0x7a33:
907e5a33 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from 907e5a33 to 81c97d24
STACK_TEXT:
afd9fb20 907e5a33 badb0d00 e1350eb4 e137c840 nt!KiTrap0E+0x2ac
WARNING: Stack unwind information not available. Following frames may be wrong.
afd9fb90 00000000 00011400 907e4571 b8b6fa58 wpsdrvnt+0x7a33
STACK_COMMAND: kb
FOLLOWUP_IP:
wpsdrvnt+7a33
907e5a33 ?? ???
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: wpsdrvnt+7a33
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: wpsdrvnt
IMAGE_NAME: wpsdrvnt.sys
Any update on this? I just upgraded to MR4 from MR3 and got this blue screen. Lenovo T60, Vista Business SP1, 3GB RAM, all supplied software installed, all SEP options enabled.
Edit: the error I got was from wpsdrvnt.sys
My Vista Ultimate SP1 - 64bit, laptop has the same BSOD: here is the !analyze -v
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_POWER_STATE_FAILURE (9f)
A driver is causing an inconsistent power state.
Arguments:
Arg1: 0000000000000003, A device object has been blocking an Irp for too long a time
Arg2: fffffa80024d0c00, Physical Device Object of the stack
Arg3: fffffa8005136050, Functional Device Object of the stack
Arg4: fffffa8008399b40, The blocked IRP
Debugging Details:
------------------
DRVPOWERSTATE_SUBCODE: 3
DEVICE_OBJECT: fffffa8005136050
DRIVER_OBJECT: fffffa8005068c60
IMAGE_NAME: teefer2.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 47d856fd
MODULE_NAME: teefer2
FAULTING_MODULE: fffffa60038f2000 teefer2
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x9F
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80001d1105e to fffff80001cb2350
STACK_TEXT:
fffff800`031099f8 fffff800`01d1105e : 00000000`0000009f 00000000`00000003 fffffa80`024d0c00 fffffa80`05136050 : nt!KeBugCheckEx
fffff800`03109a00 fffff800`01cba8b3 : fffff800`03109ad8 00000000`00000000 00000000`00000001 fffffa60`005efb01 : nt! ?? ::FNODOBFM::`string'+0x18318
fffff800`03109a70 fffff800`01cbb2f5 : fffff800`03109cd0 00000000`00000002 fffff800`03109cc8 00000000`00000010 : nt!KiTimerListExpire+0x333
fffff800`03109ca0 fffff800`01cbba9f : 00000948`0a3c337f 00000000`00000000 fffffa80`00000010 fffff800`01dd4a80 : nt!KiTimerExpiration+0x295
fffff800`03109d10 fffff800`01cbcb62 : fffff800`01dd1680 fffff800`01dd1680 00000000`00000000 fffff800`01dd6b80 : nt!KiRetireDpcList+0x1df
fffff800`03109d80 fffff800`01e8a5c0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x62
fffff800`03109db0 00000000`fffff800 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!zzz_AsmCodeRange_End+0x4
fffff800`031030b0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00680000`00000000 : 0xfffff800
fffff800`031030b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00680000`00000000 00000000`00000000 : 0x0
fffff800`031030c0 00000000`00000000 : 00000000`00000000 00680000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`031030c8 00000000`00000000 : 00680000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`031030d0 00680000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`031030d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x680000`00000000
fffff800`031030e0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`031030e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`031030f0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`031030f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103100 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103108 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103110 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103118 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103120 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103128 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103130 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103138 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103140 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103148 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103150 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103158 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103160 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103168 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103170 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103178 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103180 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103188 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103190 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103198 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`031031a0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`031031a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`031031b0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`031031b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`031031c0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`031031c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`031031d0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`031031d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`031031e0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`031031e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`031031f0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`031031f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103200 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103208 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103210 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103218 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103220 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103228 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103230 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103238 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103240 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103248 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103250 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103258 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103260 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103268 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103270 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103278 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103280 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103288 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103290 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`03103298 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`031032a0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`031032a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`031032b0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`031032b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`031032c0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffff800`031032c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: X64_0x9F_IMAGE_teefer2.sys
BUCKET_ID: X64_0x9F_IMAGE_teefer2.sys
Followup: MachineOwner
---------
I was transferring some files to the laptop when I think the laptop tried to go to sleep.
My version of SEP is:
11.0.2010.25
BSODs are not good. If Symantec is interested I can ftp the dump.
Would you like to reply?
Login or Register to post your comment.