大橙子网站建设,新征程启航
为企业提供网站建设、域名注册、服务器等服务
系统运维
===dump information===
2: kd> !mex.t
Process Thread CID UserTime KernelTime ContextSwitches Wait Reason Time State
System (ffffe0002ba30900) ffffe0002d5fc040 4.73c 0s 141ms 4564 Executive 0s Running on CPU 2
Child-SP Return Call Site Info
0 ffffd000d1f70498 fffff802d7e03bd2 nt!KeBugCheckEx+0x0
1 ffffd000d1f704a0 fffff802d7cdd2b9 nt!MiSystemFault+0x10a3d2
2 ffffd000d1f70540 fffff802d7ddfc2f nt!MmAccessFault+0x769
3 ffffd000d1f70700 fffff800facf7360 nt!KiPageFault+0x12f TrapFrame @ ffffd000d1f70700
4 ffffd000d1f70890 fffff800facf72a5 srv!SrvOs2FeaToNt+0x48
5 ffffd000d1f708c0 fffff800fad1869b srv!SrvOs2FeaListToNt+0x125
6 ffffd000d1f70910 fffff800fad218ba srv!SrvSmbOpen2+0xc3
7 ffffd000d1f709b0 fffff800fad24b2e srv!ExecuteTransaction+0x2ca
8 ffffd000d1f709f0 fffff800facb284f srv!SrvSmbTransactionSecondary+0x40b
9 ffffd000d1f70a90 fffff800facb2a20 srv!SrvProcessSmb+0x237
a ffffd000d1f70b10 fffff800facf1ac8 srv!SrvRestartReceive+0x114
b ffffd000d1f70b50 fffff802d819dd92 srv!WorkerThread+0x5248
c ffffd000d1f70bd0 fffff802d7d86c70 nt!IopThreadStart+0x26
d ffffd000d1f70c00 fffff802d7ddbfc6 nt!PspSystemThreadStartup+0x58
e ffffd000d1f70c60 0000000000000000 nt!KxStartSystemThread+0x16
2: kd> .trap ffffd000d1f70700
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=ffffe00030c94000
rdx=ffffc0013fdc709a rsi=0000000000000000 rdi=0000000000000000
rip=fffff800facf7360 rsp=ffffd000d1f70890 rbp=ffffc0013fdc7095
r8=0000000000000000 r9=0000000000000000 r10=0000000000000200
r11=ffffe00030c94000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
srv!SrvOs2FeaToNt+0x48:
fffff800facf7360 c60300 mov byte ptr [rbx],0 ds:00000000
00000000=??
2: kd> lmvm srv
Browse full module list
start end module name
fffff800faca5000 fffff800
fad33000 srv (private pdb symbols) c:\\symbols\\srv.pdb\\665B8481A81740C59F71C54C0DD24E762\\srv.pdb
Loaded symbol image file: srv.sys
Image path: \\SystemRoot\\System32\\DRIVERS\\srv.sys
Image name: srv.sys
Browse all global symbols functions data
Timestamp: Thu Jul 24 19:43:27 2014 (53D0F15F)
CheckSum: 0006F7BA
ImageSize: 0008E000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
2: kd> vertarget
Windows 8.1 Kernel Version 9600 MP (8 procs) Free x64
Product: LanManNt, suite: TerminalServer SingleUserTS
Built by: 9600.17415.amd64fre.winblue_r4.141028-1500
Machine Name: "D0AP2002"
Kernel base = 0xfffff802d7c85000 PsLoadedModuleList = 0xfffff802
d7f5e250
Debug session time: Wed Feb 28 11:22:40.306 2018 (UTC + 8:00)
System Uptime: 0 days 7:01:13.511
dump来看,服务器反复蓝屏是由于srv漏洞引起的。给所有的2012R2服务器安装KB4012213以修复漏洞,否则机器可能会感染wannacry病毒。
安装KB4012213
https://www.catalog.update.microsoft.com/Search.aspx?q=4012213
安装以上补丁可以解决反复蓝屏问题