WinGate Forums

[gergoe]

All,

I've enconting blue screens on two (identical) wingate 6.0.3.1005 installations, at the first glance it does not appears to be connected to the wingate, but after debugging the minidump file it becomes more than likelly that the problem lies somewhere there.

The servers(!) are running windows server 2003 (web edition), both of them have several NIC's installed, and both of them are quite heavily used (websites, dns, ftp, mail etc). Sometimes no blue screen happens, the whole thing just gets frozen, one needs to do a cold restart to get the machine back to live, but occasionally a blue screen happens with the following parameters (debug session of the minidump file):

Code: Select all

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request.  Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00001153, (reserved)
Arg3: 02080006, Memory contents of the pool block
Arg4: 85977388, Address of the block of pool being deallocated

Debugging Details:
------------------
GetUlongFromAddress: unable to read from 80584278 unable to get pool big page table - either wrong symbols or pool tagging is disabled
85977000 is freed (or corrupt) pool
Bad allocation size @85977000, too large

*** An error (or corruption) in the pool was detected;
*** Pool Region unknown (0xFFFFFFFF85977000)
***
*** Use !poolval 85977000 for more details.

POOL_ADDRESS:  85977388

BUGCHECK_STR:  0xc2_7

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from 80568ad0 to 80543ac9

STACK_TEXT:
8056f02c 80568ad0 000000c2 00000007 00001153 nt!KeBugCheckEx+0x19
8056f08c f71bd3a5 85977388 00000000 8056f0ac nt!ExFreePoolWithTag+0x514
WARNING: Stack unwind information not available. Following frames may be wrong.
8056f09c f71ca252 85977388 85977388 8056f0c8 qbikhkXP+0x3a5
8056f0ac f71ca1fe 00000001 f71ca280 85977388 qbikhkXP+0xd252
8056f0c8 f71ca2a0 f34a35bf f34e6191 861cbad0 qbikhkXP+0xd1fe
8056f0fc f71c0271 f71f7580 c3384134 8056f120 qbikhkXP+0xd2a0
8056f16c f71eef63 861529b8 85f4a000 00000000 qbikhkXP+0x3271
8056f1a4 f7261540 862120b0 86059a18 861529b8 qbikhkXP+0x31f63
8056f1fc f65136ce 861c6ad0 8056f3ac 00000001 NDIS!ethFilterDprIndicateReceivePacket+0x1cc
8056f544 f6523273 00000001 00000061 86195000 b57xp32+0x56ce
00000000 00000000 00000000 00000000 00000000 b57xp32+0x15273

FOLLOWUP_IP:
qbikhkXP+3a5
f71bd3a5 ??               ???

SYMBOL_STACK_INDEX:  2

FOLLOWUP_NAME:  MachineOwner

SYMBOL_NAME:  qbikhkXP+3a5

MODULE_NAME:  qbikhkXP

IMAGE_NAME:  qbikhkXP.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  41493ef6

STACK_COMMAND:  kb

BUCKET_ID:  0xc2_7_qbikhkXP+3a5

All advices are welcome

[genie]

Hi,

Can you send me the dump file generated by this BSOD?

[genie]

Hi,

Can you send me the dump file generated by this BSOD?

[gergoe]

The dump file was sent in a mail

<add>
Forgot to mention that the wingate is mainly used as a firewall only on both installations, but that's being used heavily, approximatelly gigabytes a day, and 10-20 new socket connections per second in the peak hours. Recently the usage of the servers was increased and the problems seems to started from that period.
</add>

[genie]

Hi,

Thanks for the crash information. I've sent you my reply with new driver attached to it. Let me know if the new driver helps resolve this problem.

Regards,
Gene

[gergoe]

Thanks Gene, got the file;

How I can replace it if i don't have physical access to the servers, only remote access, like Treminal Services? I tried the most likelly one which might work, stopped the Wingate service, but when I tried to stop the device driver, I got the same blue screen again? What happens if I stop the driver (if I don't have a blue screen again), can I still access the machine via tcp/ip?

Thanks

[genie]

Well, you have to backup the old file (just in case) in \windows\system32\drivers directory, copy the new file there and reboot the machine.

[gergoe]

Okay, but I guess the file is open if the device driver is running, I need to stop it first. But I'm affraid that if I stop it I can't reach the machine anymore via tcp/ip. Or will it continue to work normally?

[genie]

Nope - not the driver. Well, if you reboot it it should come up normal (fingers crossed).

[gergoe]

Thanks Gene, it's working well; Let's wait and see what happens

[genie]

Great - hope the fix helps and we can publish it.

[gergoe]

Genie,

the patch seem to solve the problem; I still got few blue screens, but might not be related to the wingate, and far not as much as it was before (it was every few days, now i got only on in the last month if i remember well)

Thanks