Re: BSOD bad_pool_header SBS 2003

From: Tim W <tim@xxxxxxxxxxxxxxx>
Date: Fri, 20 Jun 2008 17:45:20 -0700 (PDT)

Looks like it actually was Avast...unistalled Avast and the
distributed network manager, did a normal startup, and no BSOD.

Everything isn't working correctly (Windows is telling me I have to re-
activate within 3 days?), but its working enough where I'm confident
the worst is behind me.

Couldn't re-install Avast for some reason; I'm going to shut it down
and come back to the office tomorrow to figure out the rest.

Any other suggestions are always appreciated, and I'll be sure to keep
this thread updated.

Thanks,

Tim

On Jun 20, 7:34 pm, "SuperGumby [SBS MVP]" <n...@xxxxxxxxxxx> wrote:

I actually only got alerted to this site today, might help.

http://www.aumha.org/a/stop.php
0x00000019: BAD_POOL_HEADER
A pool header issue is a problem with Windows memory allocation. Device
driver issues are probably the msot common, but this can have diverse causes
including bad sectors or other disk write issues, and problems with some
routers. (By theory, RAM problems would be suspect for memory pool issues,
but I haven't been able to confirm this as a cause.)
"STOP: 0x00000019" error message on Windows Server 2003 {KB 892260} Server
2003 (NTFS problem corrected in current Service Pack)
Error message when a Delayed Write Failure event is reported in Windows
Server 2003: "Stop 0x00000019 - BAD_POOL_HEADER" or "Stop 0xCD
PAGE_FAULT_BEYOND_END_OF_ALLOCATION" {KB 925259} Server 2003 (driver issue;
hotfix available)
When backing up to Clarion storage in a SAN environment, Windows Server 2003
may stop responding after restart {KB 884585} Server 2003 (caused by adding
more than 20 mount points during the backup; hotfix available)
When trying to control a Systems Management Server 2003 client from a remote
location, Stop error on SMS 2003 client {KB 905795} SMS 2003 (driver issue)

---comment---
Disk write errors. SO, yes, AV is a possibility, also %free space (DO NOT
tell me 'I have 37GB free', tell me what percentage)

"Tim W" <t...@xxxxxxxxxxxxxxx> wrote in message

news:757f483d-bce7-4403-acff-130227cb6385@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Of course, on a Friday afternoon, the server suddenly went down 5
minutes before I was going to leave (3 hours ago).

Upon restart, sometimes I get to the login, and bet an 0x19
bad_pool_header. Sometimes, I get it before login. But I get it
every time.

I can get into safe mode, and if I pick 'Diagnostic Startup', I can
reboot and log in fine.

The first 2 dump files tell me the probable culprit is aswMon2.sys,
which is Avast (I have the Avast SBS suite running on here).

I tried to disable certain processes (shadow copy, and then Avast),
but every dump file still points to aswMon2.sys. My next step that I
plan on trying after I post this is to uninstall Avast and see what
happens.

I have made no hardware changes in well over a year. The last debug
of memory.dmp is included below.

If the same thing happens after I uninstall Avast, I will run
memtest. In the meantime, if anybody has any other suggestions,
please feel free to reply.

Thanks

DEBUG INFO:
-------------------------------------------------------
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause
of
the problem, and then special pool applied to the suspect tags or the
driver
verifier to a suspect driver.
Arguments:
Arg1: 00000020, a pool block header size is corrupt.
Arg2: e1647d48, The pool entry we were looking for within the page.
Arg3: e1647db0, The next pool entry.
Arg4: 0c0d0410, (reserved)

Debugging Details:
------------------

Page ea58c not present in the dump file. Type ".hh dbgerr004" for
details
Page ea860 not present in the dump file. Type ".hh dbgerr004" for
details
PEB is paged out (Peb.Ldr = 7ffd800c). Type ".hh dbgerr001" for
details
PEB is paged out (Peb.Ldr = 7ffd800c). Type ".hh dbgerr001" for
details

BUGCHECK_STR: 0x19_20

POOL_ADDRESS: e1647d48 Paged pool

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: inetinfo.exe

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from 808927bb to 80827c63

STACK_TEXT:
b9b85344 808927bb 00000019 00000020 e1647d48 nt!KeBugCheckEx+0x1b
b9b853ac f7b7ac3c e1647d50 00000000 f7b7c2bd nt!ExFreePoolWithTag
+0x477
b9b85464 f7b7ac7f 89c3c008 e3f9e0d0 e13583b8 Ntfs!NtfsAddDosOnlyName
+0x1d1
b9b854a0 f7b904af 89c3c008 00000001 10a00400 Ntfs!NtfsAddLink+0xac
b9b8569c f7b94a04 89c3c008 8a5ec210 8a5ec3c4 Ntfs!NtfsCreateNewFile
+0x847
b9b858c0 f7b91ef8 89c3c008 8a5ec210 b9b85900 Ntfs!NtfsCommonCreate
+0x1226
b9b859c4 8081df65 8aa37020 8a5ec210 8b190030 Ntfs!NtfsFsdCreate+0x17d
b9b859d8 f725d458 8a5ec3e8 8b190030 8ad303f0 nt!IofCallDriver+0x45
b9b85a04 8081df65 8aa36260 8a5ec210 00000000 fltmgr!FltpCreate+0xe4
b9b85a18 ba25c95e 8a1eef60 8a173d58 89c92f00 nt!IofCallDriver+0x45
WARNING: Stack unwind information not available. Following frames may
be wrong.
b9b85a3c ba25683c 8a16c760 005ec210 8081df65 aswMon2+0x695e
b9b85a5c 808f8f71 b9b85c04 8b13ec70 00000000 aswMon2+0x83c
b9b85b44 80937942 8b13ec88 00000000 8991d680 nt!IopParseDevice+0xa35
b9b85bc4 80933a76 00000000 b9b85c04 00000040 nt!ObpLookupObjectName
+0x5b0
b9b85c18 808eae25 00000000 00000000 00000001 nt!ObOpenObjectByName
+0xea
b9b85c94 808ec0bf 072ef2dc 40100080 072ef278 nt!IopCreateFile+0x447
b9b85cf0 808eeb4e 072ef2dc 40100080 072ef278 nt!IoCreateFile+0xa3
b9b85d30 8088978c 072ef2dc 40100080 072ef278 nt!NtCreateFile+0x30
b9b85d30 7c8285ec 072ef2dc 40100080 072ef278 nt!KiFastCallEntry+0xfc
072ef2d4 00000000 00000000 00000000 00000000 0x7c8285ec

STACK_COMMAND: kb

FOLLOWUP_IP:
aswMon2+695e
ba25c95e eb22 jmp aswMon2+0x6982 (ba25c982)

SYMBOL_STACK_INDEX: a

SYMBOL_NAME: aswMon2+695e

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: aswMon2

IMAGE_NAME: aswMon2.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 46326b17

FAILURE_BUCKET_ID: 0x19_20_aswMon2+695e

BUCKET_ID: 0x19_20_aswMon2+695e

Followup: MachineOwner

Follow-Ups:
- Re: BSOD bad_pool_header SBS 2003
  - From: Tim W

References:
- BSOD bad_pool_header SBS 2003
  - From: Tim W
- Re: BSOD bad_pool_header SBS 2003
  - From: SuperGumby [SBS MVP]

Prev by Date: BSOD bad_pool_header SBS 2003
Next by Date: Re: From P2P to SBS 2003 Network
Previous by thread: Re: BSOD bad_pool_header SBS 2003
Next by thread: Re: BSOD bad_pool_header SBS 2003
Index(es):
- Date
- Thread

Relevant Pages

Re: BSOD bad_pool_header SBS 2003
... A pool header issue is a problem with Windows memory allocation. ... driver issues are probably the msot common, but this can have diverse causes ... Error message when a Delayed Write Failure event is reported in Windows ... which is Avast. ...
(microsoft.public.windows.server.sbs)
Re: Antivirus
... signature, and hopefully you weren't infected by then. ... That's why I really like Avast for my Windows installations. ... all sorts of cookies and javascript crap pops up as a "virus" or threat. ...
(Ubuntu)
Re: Dcom Exploit
... Windows firewall is active and I am using the full home edition of Avast. ... I can access and install updates from the windows update site. ... applications running when you installed SP3? ...
(microsoft.public.security)
Re: buggy BSOD caused by eacfilt.sys
... I am annoyed by the random bluescreen on Windows XP-SP2 when I plug in a ... The current thread is making a bad pool request. ... FOLLOWUP_NAME: MachineOwner ... MODULE_NAME: eacfilt ...
(microsoft.public.windowsxp.embedded)
Re: buggy BSOD caused by eacfilt.sys
... I am annoyed by the random bluescreen on Windows XP-SP2 when I plug in a ... The current thread is making a bad pool request. ... FOLLOWUP_NAME: MachineOwner ... MODULE_NAME: eacfilt ...
(microsoft.public.windowsxp.embedded)