Dell E6500 - Blue Screen

Here is a screenshot of the BSOD:

http://users.marshall.edu/~carter91/BlueScreen.jpg

Here are some DUMP files if somebody can help figure these out:

http://users.marshall.edu/~carter91/minidump/minidump/

Bump...anybody?

Pretty much all of the dump files end with:

Unable to verify timestamp for SRTSPL.SYS

Probably caused by : SRTSPL.SYS ( SRTSPL+1836e )

what version do you have installed?

SRTSPL is the legacy driver, it shouldn't be being loaded...

I would suggest calling support with your dumps, so they can analyse them. 

MR4 is the version we have installed.  Original the machine that I had the dumps posted, was MR3, but was upgraded to MR4.

If SRTSPL is a legacy driver, then I do wonder why it's being loaded.

This is a clean install of Windows Vista Enterprise and did not have a previous version of SAV 10.x on it.  If the AV was upgraded I could understand why it still might be there.

Like I said, I don't have access directly to the machines that are having issues, only to the dumps and the information gives me.  Do you think the support will be able to identify the problem soley based on the dumps?

Same problem on same SEP version on Dell E6400 and E6500. All Vista Business preinstalled from Dell.
Also one of them now persistently will run a diskcheck on start up - like Vista was not closed properly.
Uninstalling SEP makes them all able to start up, but after reinstalling SEP eventually same problem will happen again.

Did anyone manage to solve this problem?

I had the same trouble on a sony laptop with vista family premium SP1.
Unable to boot even in safemode.

The reason is a corrupt liveupdate session with an aborted / corrupted virus database.

I must start with vista recovery then i follow ms kb927525 to disable the faulty driver STRSPL.SYS.

Use the tools in the Windows Recovery Environment to repair Windows Vista.

here is an extract :

1. If the computer will not start in safe mode, click Startup Repair in the System Recovery Options dialog box to fix certain problems that may prevent Windows Vista from starting correctly. If the Startup Repair tool cannot diagnose or repair the problem, go to step 2. If Windows Vista starts, go to the "Resolve the cause of the startup problem" section.

   For more information about how to use Startup Repair, click the following article number to view the article in the Microsoft Knowledge Base:

   925810  (http://support.microsoft.com/kb/925810/ ) A Stop error occurs, or the computer stops responding when you try to start Windows Vista
2. In the System Recovery Options dialog box, click System Restore to restore Windows Vista to the restore point that was created when the program or the driver was installed. If you cannot use the System Restore tool to start the computer, go to step 3.
3. Use the Command Prompt option in the Windows Recovery Environment to disable the driver that stops Windows Vista from starting. To do this, follow these steps.
   1. In the System Recovery Options dialog box, click Command Prompt.
   2. At the command prompt, type regedit, and then click OK.
   3. Click HKEY_LOCAL_MACHINE, and then click Load Hive on the File menu.
   4. Locate and then click the C:\Windows\System32\Config\System file, and then click Open.
   5. In the Load Hive dialog box, type Offline, and then click OK.
   6. Expand System, and then click Select.
   7. In the right-pane, locate Current, and then note the value in the Data column.
   8. Expand ControlSet00x, and then expand Services. x is the value from the Data column that you noted in step j.
   9. Locate the subkey that corresponds to the last driver that was installed. If you cannot locate a match, click Services, click Find on the Edit menu, type the name of the driver in the Find what box, and then click Find Next.

>Search srtspl.sys<

1. Click the subkey that has the driver name.
   1. In the right-pane, right-click Start, and then click Modify.
   2. In the Value data box, type 4, and then click OK. This step stops the driver from starting.
   3. Locate and then click the following registry subkey:
      
      HKEY_LOCAL_MACHINE\Offline
   4. On the File menu, click Unload Hive, and then click Yes in the Confirm Unload Hive dialog box.
   5. Exit Registry Editor.
   6. Restart the computer.
   7.  

Now th system is bootting properly but SEP is not fully functionnal.
Then i do a full manual liveupdate.........50 Mo !!!

Reboot

enable the strspl.sys driver.
(this time with HKEY_LOCAL_MACHINE\system\currentcontrolset\services\srtspl.sys)

And now it's working.

Hope it help someone.
I had spent a couple of hours on it.

After a few weeks of Symantec engineers looking over the logs and memory dump files, they finally saw waht the problem was, and it was supposedly fixed already in MR4 MP1A (even though it was not mentioned in the release notes at all).

Apprantly they weren't even going to put up a KB article on it (they were trying to hide the fact that this was a problem from my eyes since there was no KB article and nothing in the release notes). 

I finally convinced that tech that this was stupid and he put up a KB article for it (not much details) but hey, at least it's there.  Solution is to upgrade to MR4 MP1A.

Basically the problem was that upon logging in, Symantec would hold on to resources and lock them, hence the blue screen.

My Support case was:  320-171-630 in case anybody at Symantec is interested in looking at my argument that finally got them to put up a KB article.

Please Symantec, when you fix something in a relase, put it in the release notes so we know that a simple upgrade will fix our problems!  Apparantly, the backend support engineers do not feel the need to put everything that is fixed in a release warrants a write up to be included into the relsae notes.   They never did go back and edit the relase notes about this issue, but at least the KB artcle it up.

http://service1.symantec.com/SUPPORT/ent-security....

To bad I wasted 2-3 weeks with a support case before I got this answer, if it was just in the release notes it would have saved me time.

Hey all,

I had the same problem with my Dell Studio XPS 13 (DSX 13). Following the hints provided in this forum, I was able to recover from the windows blue screen. I am posting this for other DSX 13 users that may encounter the same problem. Given the postings here, this seems to be a general incompatability between new Dell computers (I have: Intel Core 2 Duo, P9600 @ 2.66GHz, 4GB RAM, 32-bit Windows Vista Home Premium) and Symantec Endpoint Protection MR4 (11.0.4000). I ended up having to uninstall SEP MR4 completely and installing the AVG Free 8.5 because my school did not have the upgrade patch to SEP MR4 MP1A (11.0.4014). After doing this, my DSX 13 works great (only 12 hours into it, so I'm still on the lookout for problems).

Anyways, here is a rundown of what happened in my case.

I received my new DSX 13 on May 1st. Other blue screen problems had been reported with this computer, but because of the dell updates, my computer already had an updated BIOS (A06), etc.

On May 21st the blue screen bug code I received was as such:

0x0000007e (0xC00000005, the next 3 parameters changed each time a new blue screen appeared)
SRTSPL.SYS (was the driver file identified as problemmatic)

Prior to this point, I would have random freezings; but holding down the power button, always worked. This time it didn't, and I was only able to load the computer in safe mode. I continued receiving this blue screen until I did the following: 

• System Restore to point before SEP was installed (sometime around 5/1).
• Followed the instructions to manually uninstall SEP (traces of it were still on the computer).
• This enabled me to start the computer in normal mode but I had lost some functionality with other programs because of the system restore. 
• After that I restored the computer to point before I got the blue screen of death (some time around 5/21), and then uninstalled SEP through the Control Panel > Programs and Features
• This allowed me to restore functionality with other programs AND do a complete wipe of SEP.

Altogether this took a couple of hours, but after completing the process, it seems the main thing to do is to STOP Symantec Endpoint Protection from starting up with msconfig. After that, you most likely will be able to access normal mode. If not, just go through all of the steps for the manual uninstallation.

For all those students out there (myself included): unless you've bought SEP MR4 yourself, you won't have the product key to do a migration to SEP MR4 MP1A. So, a complete uninstall is necessary.

Hopefully this is helpful to someone in the future.