This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 34%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVJ%3C/text%3E%3C/svg%3E)
One of the Hyper-V VMs crashed with BSOD intermittently.
System details
OS: Microsoft Windows Server 2016 Standard
Version 10.0.14393 Build 14393
System Model Virtual Machine
System Type x64-based PC
Installed Physical Memory (RAM):16.0 GB
Total Physical Memory: 16.0 GB
Available Physical Memory: 9.96 GB
Total Virtual Memory: 21.4 GB
Available Virtual Memory: 15.5 GB
Page File Space 5.37 GB
Page File: C:\pagefile.sys
Dump analysis
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffd5053eb0b000, memory referenced.
Arg2: 0000000000000002, value 0 = read operation, 1 = write operation.
Arg3: ffff8f807d3165e1, If non-zero, the instruction address which referenced the bad memory
address.
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: caagstart.exe
MODULE_NAME: nt
FAILURE_BUCKET_ID: AV_INVALID_nt!MiSystemFault
Palo Alto endpoint protection and Windows defender is there in the VM.
Please help me to find whether this is an OS issue or an anti-virus issue or the Arcserve backup agent issue.
The Memory dump file is available in the following link --> Dump
caagstart.exe is a generally a CA ARCserve Backup program. Often when an executable fails, the executable itself has been corrupted. Try re-installing you ARCserve Backup environment. If that fails, you may want to contact CA to have them help you troubleshoot their application in your environment.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 41%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJN%3C/text%3E%3C/svg%3E)
Hello Tim,
Thank you very much for your suggestion.
Yes, the reinstall may fix this issue, but my management wants to know the cause. This is an intermittent issue and there is no pattern observed. I'm seeking the answer;
What caused the BSOD?
How to prevent this?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 57.99999999999999%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECF%3C/text%3E%3C/svg%3E)
Hi,
0x50 STOPs can be down to a faulty system service or NFTS corruption among other things.
For dump,
SYMBOL_NAME: nt!MiSystemFault+fb4
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
PROCESS_NAME: caagstart.exe
ntoskrnl = windows kernel. Its not the cause, just what crashed. Process: caagstart.exe was crash.
Enabling the driver verifier with standard settings may produce more informative crash dumps.
https://mikemstech.blogspot.com/2011/12/troubleshooting-0x50.html
Meanwhile, please perform a clean boot and disable security software temporarily.
https://support.microsoft.com/en-us/help/929135/how-to-perform-a-clean-boot-in-windows
Check for update if some security updates need to be installed.
Hope this helps and please help to accept as Answer if the response is useful.
Best Regards,
Carl
Hello Carl,
Thank you very much for your reply.
I would follow the suggested steps and update the discussion later