6,871
社区成员
发帖
与我相关
我的任务
分享【windows server 2012】异常重启 schannel.dll模块故障
问题如图,之前发生过两次,没在意,结果这次差点出大麻烦。
事件查看器如下:请大神帮忙看一下,是什么问题,。时间查看器前后没有什么有价值的日志郁闷了。
好像传不了附件?那传个百度云链接吧。
链接: http://pan.baidu.com/s/1hr75MOO 密码: msqm
生成一个 dmp文件,windbg的结果如下,也是显示 schannel.dll模块的问题,想不通。。
Microsoft (R) Windows Debugger Version 10.0.10586.567 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\****\Desktop\20170214\WER849D.tmp.dmp]
User Mini Triage Dump File: Only registers, stack and portions of memory are available
--------------------------------
The user dump currently examined is a triage dump. Consequently, only a subset of debugger
functionality will be available. If needed, please collect a minidump or a heap dump.
To create a mini user dump use the command: .dump /m <filename>
To create a full user dump use the command: .dump /ma <filename>
Triage dumps have certain values on the stack and in the register contexts overwritten with
pattern 0xAAAAAAAA. If you see this value
1. the original value was not NULL
2. the original value was not a direct pointer to a loaded or unloaded image
3. the original value did not point to an object whose VFT points to a loaded or
unloaded image (indirect pointer)
4. the original value did not point to the stack itself or any memory area added to
the dump (TEB, PEB, memory for CLR stackwalk or exceptions, etc.)
5. the original value was not a valid handle value
--------------------------------
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*c:\mysymbol* http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*c:\mysymbol* http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Version 9200 MP (4 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Built by: 6.2.9200.16384 (win8_rtm.120725-1247)
Machine Name:
Debug session time: Tue Feb 14 14:46:32.000 2017 (UTC + 8:00)
System Uptime: 11 days 23:53:40.401
Process Uptime: 11 days 23:53:30.000
...............................................................
Loading unloaded module list
.
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(268.15d4): Security check failure or stack buffer overrun - code c0000409 (first/second chance not available)
schannel!_chkstk+0x5c8d:
000007fe`bc269057 cd29 int 29h
0:005> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
DUMP_CLASS: 2
DUMP_QUALIFIER: 400
CONTEXT: (.ecxr)
rax=000000ef2b8ee600 rbx=000000ef2b8ee5f0 rcx=0000000000000003
rdx=000000ef2c9edc60 rsi=0000000000000224 rdi=000000ef2c9604a0
rip=000007febc269057 rsp=000000ef2be9de50 rbp=000000ef2c9edb00
r8=00000000000000af r9=0000000000000000 r10=0000000000000000
r11=0000000000000246 r12=0000000000000002 r13=0000000000000000
r14=000000ef2b81fbb0 r15=0000000000004874
iopl=0 nv up ei pl nz na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000206
schannel!_chkstk+0x5c8d:
000007fe`bc269057 cd29 int 29h
Resetting default scope
FAULTING_IP:
schannel!_chkstk+5c8d
000007fe`bc269057 cd29 int 29h
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 000007febc269057 (schannel!_chkstk+0x0000000000005c8d)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
PROCESS_NAME: lsass.exe
ERROR_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
WATSON_BKT_PROCSTAMP: 50108ab2
WATSON_BKT_PROCVER: 6.2.9200.16384
WATSON_BKT_MODULE: schannel.dll
WATSON_BKT_MODSTAMP: 5010892c
WATSON_BKT_MODOFFSET: 49057
WATSON_BKT_MODVER: 6.2.9200.16384
MODULE_VER_PRODUCT: Microsoft? Windows? Operating System
BUILD_VERSION_STRING: 6.2.9200.16384 (win8_rtm.120725-1247)
MODLIST_WITH_TSCHKSUM_HASH: e90930dd401b73fa10e9b246cb4f414daa423444
MODLIST_SHA1_HASH: a8e81b64c88dd20988d9a3b4c8d8a98f760d1931
NTGLOBALFLAG: 0
PRODUCT_TYPE: 3
SUITE_MASK: 272
DUMP_FLAGS: 102c6
DUMP_TYPE: 1
APP: lsass.exe
ANALYSIS_SESSION_HOST: ANYY-PC
ANALYSIS_SESSION_TIME: 02-15-2017 09:09:57.0951
ANALYSIS_VERSION: 10.0.10586.567 amd64fre
THREAD_ATTRIBUTES:
OS_LOCALE: CHS
PROBLEM_CLASSES:
LIST_ENTRY_CORRUPT
Tid [0x0]
Frame [0x00]
Failure Bucketing
CRITICAL_PROCESS_FAULT
Tid [0x0]
Frame [0x00]
BUGCHECK_STR: CRITICAL_PROCESS_FAULT_LIST_ENTRY_CORRUPT
DEFAULT_BUCKET_ID: CRITICAL_PROCESS_FAULT_LIST_ENTRY_CORRUP
LAST_CONTROL_TRANSFER: from 000007febc22742f to 000007febc269057
STACK_TEXT:
000000ef`2be9de50 000007fe`bc22742f : 000000ef`2ca218c0 000000ef`2ca218c0 000000ef`2be9e129 000000ef`2be9e129 : schannel!_chkstk+0x5c8d
000000ef`2be9e060 000007fe`bc8ccde3 : 000000ef`2c9e1d20 00000000`00000000 aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa : schannel!SpInitLsaModeContext+0x492
000000ef`2be9e150 000007fe`bc8cc4b4 : 000000ef`2be9e770 000000ef`2be9e760 000000ef`2be9e3d0 aaaaaaaa`aaaaaaaa : lsasrv!WLsaInitContext+0x493
000000ef`2be9e290 000007fe`bca01643 : aaaaaaaa`aaaaaaaa 000000ef`2be9e9d0 000000ef`2be9e739 000007fe`bdcadc01 : lsasrv!SspiExProcessSecurityContext+0x4f4
000000ef`2be9e6a0 000007fe`bdc92005 : aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa : sspisrv!SspirProcessSecurityContext+0x1d3
000000ef`2be9e7f0 000007fe`bdca76c0 : 000007fe`bca03c82 000000ef`2be9eca0 00000000`00000000 00000000`00000000 : rpcrt4!Invoke+0x65
000000ef`2be9e8c0 000007fe`bdca8a9d : 000007f7`6ac52510 000007f7`6ac52410 000000ef`2be9ef20 aaaaaaaa`aaaaaaaa : rpcrt4!NdrStubCall2+0x33c
000000ef`2be9eef0 000007fe`bdc922a4 : aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa : rpcrt4!NdrServerCall2+0x1d
000000ef`2be9ef20 000007fe`bdc921bd : aaaaaaaa`aaaaaaaa 000000ef`2be9f070 000000ef`2be9f160 000007fe`bfd35780 : rpcrt4!DispatchToStubInCNoAvrf+0x14
000000ef`2be9ef70 000007fe`bdc92db3 : 00000000`00000000 00000000`00000000 00000000`00000000 aaaaaaaa`aaaaaaaa : rpcrt4!RPC_INTERFACE::DispatchToStubWorker+0x17d
000000ef`2be9f110 000007fe`bdc929fc : 000000ef`2be9f310 aaaaaaaa`aaaaaaaa 00000000`00000000 aaaaaaaa`aaaaaaaa : rpcrt4!LRPC_SCALL::DispatchRequest+0x91e
000000ef`2be9f210 000007fe`bdc927ad : aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa 00000000`00000000 00000000`00000000 : rpcrt4!LRPC_SCALL::HandleRequest+0x7d2
000000ef`2be9f360 000007fe`bdc9160b : 00000000`00000000 000000ef`2bc4caa8 00000000`00000000 00000000`00000000 : rpcrt4!LRPC_ADDRESS::ProcessIO+0x17bb
000000ef`2be9f4d0 000007fe`bfd3c52b : 000000ef`2bc4caa8 00000000`00000000 00000000`00000000 00000000`00000000 : rpcrt4!LrpcIoComplete+0x97
000000ef`2be9f560 000007fe`bfd38576 : 00000000`00000004 aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa 00000000`00000000 : ntdll!TppAlpcpExecuteCallback+0x21b
000000ef`2be9f680 000007fe`bf7b167e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!TppWorkerThread+0x388
000000ef`2be9f920 000007fe`bfd4c3f1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x1a
000000ef`2be9f950 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d
THREAD_SHA1_HASH_MOD_FUNC: 2656803a2fc9e6e1be65025e0afc514b5f5038a6
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 37b6ae8125ea166c43e705987be1d4d218781a6e
THREAD_SHA1_HASH_MOD: e0c71a366f2f3999556ec7defde7e8f668225d57
FOLLOWUP_IP:
schannel!SpInitLsaModeContext+492
000007fe`bc22742f 8bd8 mov ebx,eax
FAULT_INSTR_CODE: c085d88b
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: schannel!SpInitLsaModeContext+492
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: schannel
IMAGE_NAME: schannel.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 5010892c
STACK_COMMAND: .ecxr ; kb
BUCKET_ID: CRITICAL_PROCESS_FAULT_LIST_ENTRY_CORRUPT_schannel!SpInitLsaModeContext+492
PRIMARY_PROBLEM_CLASS: CRITICAL_PROCESS_FAULT_LIST_ENTRY_CORRUPT_schannel!SpInitLsaModeContext+492
BUCKET_ID_OFFSET: 492
BUCKET_ID_MODULE_STR: schannel
BUCKET_ID_MODTIMEDATESTAMP: 5010892c
BUCKET_ID_MODCHECKSUM: 6b927
BUCKET_ID_MODVER_STR: 6.2.9200.16384
BUCKET_ID_PREFIX_STR: CRITICAL_PROCESS_FAULT_LIST_ENTRY_CORRUPT_
FAILURE_PROBLEM_CLASS: CRITICAL_PROCESS_FAULT_LIST_ENTRY_CORRUPT
FAILURE_EXCEPTION_CODE: c0000409
FAILURE_IMAGE_NAME: schannel.dll
FAILURE_FUNCTION_NAME: SpInitLsaModeContext
BUCKET_ID_FUNCTION_STR: SpInitLsaModeContext
FAILURE_SYMBOL_NAME: schannel.dll!SpInitLsaModeContext
FAILURE_BUCKET_ID: CRITICAL_PROCESS_FAULT_LIST_ENTRY_CORRUPT_c0000409_schannel.dll!SpInitLsaModeContext
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/lsass.exe/6.2.9200.16384/50108ab2/schannel.dll/6.2.9200.16384/5010892c/c0000409/00049057.htm?Retriage=1
TARGET_TIME: 2017-02-14T06:46:32.000Z
OSBUILD: 9200
OSSERVICEPACK: 16384
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
OSPLATFORM_TYPE: x64
OSNAME: Windows 8
OSEDITION: Windows 8 Server TerminalServer SingleUserTS
USER_LCID: 0
OSBUILD_TIMESTAMP: 2012-07-26 10:15:22
BUILDDATESTAMP_STR: 120725-1247
BUILDLAB_STR: win8_rtm
BUILDOSVER_STR: 6.2.9200.16384
ANALYSIS_SESSION_ELAPSED_TIME: 4d7
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:critical_process_fault_list_entry_corrupt_c0000409_schannel.dll!spinitlsamodecontext
FAILURE_ID_HASH: {ed4a3117-7f48-62e2-691c-5a30866df4b3}
Followup: MachineOwner
---------
事件查看器如下:请大神帮忙看一下,是什么问题,。时间查看器前后没有什么有价值的日志郁闷了。
好像传不了附件?那传个百度云链接吧。
链接: http://pan.baidu.com/s/1hr75MOO 密码: msqm
生成一个 dmp文件,windbg的结果如下,也是显示 schannel.dll模块的问题,想不通。。
Microsoft (R) Windows Debugger Version 10.0.10586.567 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\****\Desktop\20170214\WER849D.tmp.dmp]
User Mini Triage Dump File: Only registers, stack and portions of memory are available
--------------------------------
The user dump currently examined is a triage dump. Consequently, only a subset of debugger
functionality will be available. If needed, please collect a minidump or a heap dump.
To create a mini user dump use the command: .dump /m <filename>
To create a full user dump use the command: .dump /ma <filename>
Triage dumps have certain values on the stack and in the register contexts overwritten with
pattern 0xAAAAAAAA. If you see this value
1. the original value was not NULL
2. the original value was not a direct pointer to a loaded or unloaded image
3. the original value did not point to an object whose VFT points to a loaded or
unloaded image (indirect pointer)
4. the original value did not point to the stack itself or any memory area added to
the dump (TEB, PEB, memory for CLR stackwalk or exceptions, etc.)
5. the original value was not a valid handle value
--------------------------------
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*c:\mysymbol* http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*c:\mysymbol* http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Version 9200 MP (4 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Built by: 6.2.9200.16384 (win8_rtm.120725-1247)
Machine Name:
Debug session time: Tue Feb 14 14:46:32.000 2017 (UTC + 8:00)
System Uptime: 11 days 23:53:40.401
Process Uptime: 11 days 23:53:30.000
...............................................................
Loading unloaded module list
.
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(268.15d4): Security check failure or stack buffer overrun - code c0000409 (first/second chance not available)
schannel!_chkstk+0x5c8d:
000007fe`bc269057 cd29 int 29h
0:005> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
DUMP_CLASS: 2
DUMP_QUALIFIER: 400
CONTEXT: (.ecxr)
rax=000000ef2b8ee600 rbx=000000ef2b8ee5f0 rcx=0000000000000003
rdx=000000ef2c9edc60 rsi=0000000000000224 rdi=000000ef2c9604a0
rip=000007febc269057 rsp=000000ef2be9de50 rbp=000000ef2c9edb00
r8=00000000000000af r9=0000000000000000 r10=0000000000000000
r11=0000000000000246 r12=0000000000000002 r13=0000000000000000
r14=000000ef2b81fbb0 r15=0000000000004874
iopl=0 nv up ei pl nz na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000206
schannel!_chkstk+0x5c8d:
000007fe`bc269057 cd29 int 29h
Resetting default scope
FAULTING_IP:
schannel!_chkstk+5c8d
000007fe`bc269057 cd29 int 29h
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 000007febc269057 (schannel!_chkstk+0x0000000000005c8d)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
PROCESS_NAME: lsass.exe
ERROR_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
WATSON_BKT_PROCSTAMP: 50108ab2
WATSON_BKT_PROCVER: 6.2.9200.16384
WATSON_BKT_MODULE: schannel.dll
WATSON_BKT_MODSTAMP: 5010892c
WATSON_BKT_MODOFFSET: 49057
WATSON_BKT_MODVER: 6.2.9200.16384
MODULE_VER_PRODUCT: Microsoft? Windows? Operating System
BUILD_VERSION_STRING: 6.2.9200.16384 (win8_rtm.120725-1247)
MODLIST_WITH_TSCHKSUM_HASH: e90930dd401b73fa10e9b246cb4f414daa423444
MODLIST_SHA1_HASH: a8e81b64c88dd20988d9a3b4c8d8a98f760d1931
NTGLOBALFLAG: 0
PRODUCT_TYPE: 3
SUITE_MASK: 272
DUMP_FLAGS: 102c6
DUMP_TYPE: 1
APP: lsass.exe
ANALYSIS_SESSION_HOST: ANYY-PC
ANALYSIS_SESSION_TIME: 02-15-2017 09:09:57.0951
ANALYSIS_VERSION: 10.0.10586.567 amd64fre
THREAD_ATTRIBUTES:
OS_LOCALE: CHS
PROBLEM_CLASSES:
LIST_ENTRY_CORRUPT
Tid [0x0]
Frame [0x00]
Failure Bucketing
CRITICAL_PROCESS_FAULT
Tid [0x0]
Frame [0x00]
BUGCHECK_STR: CRITICAL_PROCESS_FAULT_LIST_ENTRY_CORRUPT
DEFAULT_BUCKET_ID: CRITICAL_PROCESS_FAULT_LIST_ENTRY_CORRUP
LAST_CONTROL_TRANSFER: from 000007febc22742f to 000007febc269057
STACK_TEXT:
000000ef`2be9de50 000007fe`bc22742f : 000000ef`2ca218c0 000000ef`2ca218c0 000000ef`2be9e129 000000ef`2be9e129 : schannel!_chkstk+0x5c8d
000000ef`2be9e060 000007fe`bc8ccde3 : 000000ef`2c9e1d20 00000000`00000000 aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa : schannel!SpInitLsaModeContext+0x492
000000ef`2be9e150 000007fe`bc8cc4b4 : 000000ef`2be9e770 000000ef`2be9e760 000000ef`2be9e3d0 aaaaaaaa`aaaaaaaa : lsasrv!WLsaInitContext+0x493
000000ef`2be9e290 000007fe`bca01643 : aaaaaaaa`aaaaaaaa 000000ef`2be9e9d0 000000ef`2be9e739 000007fe`bdcadc01 : lsasrv!SspiExProcessSecurityContext+0x4f4
000000ef`2be9e6a0 000007fe`bdc92005 : aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa : sspisrv!SspirProcessSecurityContext+0x1d3
000000ef`2be9e7f0 000007fe`bdca76c0 : 000007fe`bca03c82 000000ef`2be9eca0 00000000`00000000 00000000`00000000 : rpcrt4!Invoke+0x65
000000ef`2be9e8c0 000007fe`bdca8a9d : 000007f7`6ac52510 000007f7`6ac52410 000000ef`2be9ef20 aaaaaaaa`aaaaaaaa : rpcrt4!NdrStubCall2+0x33c
000000ef`2be9eef0 000007fe`bdc922a4 : aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa : rpcrt4!NdrServerCall2+0x1d
000000ef`2be9ef20 000007fe`bdc921bd : aaaaaaaa`aaaaaaaa 000000ef`2be9f070 000000ef`2be9f160 000007fe`bfd35780 : rpcrt4!DispatchToStubInCNoAvrf+0x14
000000ef`2be9ef70 000007fe`bdc92db3 : 00000000`00000000 00000000`00000000 00000000`00000000 aaaaaaaa`aaaaaaaa : rpcrt4!RPC_INTERFACE::DispatchToStubWorker+0x17d
000000ef`2be9f110 000007fe`bdc929fc : 000000ef`2be9f310 aaaaaaaa`aaaaaaaa 00000000`00000000 aaaaaaaa`aaaaaaaa : rpcrt4!LRPC_SCALL::DispatchRequest+0x91e
000000ef`2be9f210 000007fe`bdc927ad : aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa 00000000`00000000 00000000`00000000 : rpcrt4!LRPC_SCALL::HandleRequest+0x7d2
000000ef`2be9f360 000007fe`bdc9160b : 00000000`00000000 000000ef`2bc4caa8 00000000`00000000 00000000`00000000 : rpcrt4!LRPC_ADDRESS::ProcessIO+0x17bb
000000ef`2be9f4d0 000007fe`bfd3c52b : 000000ef`2bc4caa8 00000000`00000000 00000000`00000000 00000000`00000000 : rpcrt4!LrpcIoComplete+0x97
000000ef`2be9f560 000007fe`bfd38576 : 00000000`00000004 aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa 00000000`00000000 : ntdll!TppAlpcpExecuteCallback+0x21b
000000ef`2be9f680 000007fe`bf7b167e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!TppWorkerThread+0x388
000000ef`2be9f920 000007fe`bfd4c3f1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x1a
000000ef`2be9f950 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d
THREAD_SHA1_HASH_MOD_FUNC: 2656803a2fc9e6e1be65025e0afc514b5f5038a6
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 37b6ae8125ea166c43e705987be1d4d218781a6e
THREAD_SHA1_HASH_MOD: e0c71a366f2f3999556ec7defde7e8f668225d57
FOLLOWUP_IP:
schannel!SpInitLsaModeContext+492
000007fe`bc22742f 8bd8 mov ebx,eax
FAULT_INSTR_CODE: c085d88b
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: schannel!SpInitLsaModeContext+492
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: schannel
IMAGE_NAME: schannel.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 5010892c
STACK_COMMAND: .ecxr ; kb
BUCKET_ID: CRITICAL_PROCESS_FAULT_LIST_ENTRY_CORRUPT_schannel!SpInitLsaModeContext+492
PRIMARY_PROBLEM_CLASS: CRITICAL_PROCESS_FAULT_LIST_ENTRY_CORRUPT_schannel!SpInitLsaModeContext+492
BUCKET_ID_OFFSET: 492
BUCKET_ID_MODULE_STR: schannel
BUCKET_ID_MODTIMEDATESTAMP: 5010892c
BUCKET_ID_MODCHECKSUM: 6b927
BUCKET_ID_MODVER_STR: 6.2.9200.16384
BUCKET_ID_PREFIX_STR: CRITICAL_PROCESS_FAULT_LIST_ENTRY_CORRUPT_
FAILURE_PROBLEM_CLASS: CRITICAL_PROCESS_FAULT_LIST_ENTRY_CORRUPT
FAILURE_EXCEPTION_CODE: c0000409
FAILURE_IMAGE_NAME: schannel.dll
FAILURE_FUNCTION_NAME: SpInitLsaModeContext
BUCKET_ID_FUNCTION_STR: SpInitLsaModeContext
FAILURE_SYMBOL_NAME: schannel.dll!SpInitLsaModeContext
FAILURE_BUCKET_ID: CRITICAL_PROCESS_FAULT_LIST_ENTRY_CORRUPT_c0000409_schannel.dll!SpInitLsaModeContext
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/lsass.exe/6.2.9200.16384/50108ab2/schannel.dll/6.2.9200.16384/5010892c/c0000409/00049057.htm?Retriage=1
TARGET_TIME: 2017-02-14T06:46:32.000Z
OSBUILD: 9200
OSSERVICEPACK: 16384
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
OSPLATFORM_TYPE: x64
OSNAME: Windows 8
OSEDITION: Windows 8 Server TerminalServer SingleUserTS
USER_LCID: 0
OSBUILD_TIMESTAMP: 2012-07-26 10:15:22
BUILDDATESTAMP_STR: 120725-1247
BUILDLAB_STR: win8_rtm
BUILDOSVER_STR: 6.2.9200.16384
ANALYSIS_SESSION_ELAPSED_TIME: 4d7
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:critical_process_fault_list_entry_corrupt_c0000409_schannel.dll!spinitlsamodecontext
FAILURE_ID_HASH: {ed4a3117-7f48-62e2-691c-5a30866df4b3}
Followup: MachineOwner
---------
...全文
请发表友善的回复…
发表回复
「已注销」 2017-02-15
- 打赏
- 举报
在微软官网找到一个完全对应的问题,
详见链接
https://support.microsoft.com/zh-cn/help/2952379/windows-server-2012-restarts-unexpectedly-and-application-error-1000-is-logged-in-the-application-log
Cause
This problem occurs because Domain Controllers do not handle some security context correctly. lsass.exe refers to a NULL pointer if no memory is allocated for the pOutput->pBuffers[0].pvBuffer function or if the ASC_REQ_ALLOCATE_MEMORY flag is set to request LSA to allocate memory.
但愿能解决,晚上下班后试试
