caagstart.exe is a generally a CA ARCserve Backup program. Often when an executable fails, the executable itself has been corrupted. Try re-installing you ARCserve Backup environment. If that fails, you may want to contact CA to have them help you troubleshoot their application in your environment.
BSOD | Windows Server 2016 Hyper-V VM | PAGE_FAULT_IN_NONPAGED_AREA (50) | BUCKET_ID: AV_INVALID_nt!MiSystemFault
One of the Hyper-V VMs crashed with BSOD intermittently.
System details
OS: Microsoft Windows Server 2016 Standard
Version 10.0.14393 Build 14393
System Model Virtual Machine
System Type x64-based PC
Installed Physical Memory (RAM):16.0 GB
Total Physical Memory: 16.0 GB
Available Physical Memory: 9.96 GB
Total Virtual Memory: 21.4 GB
Available Virtual Memory: 15.5 GB
Page File Space 5.37 GB
Page File: C:\pagefile.sys
Dump analysis
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffd5053eb0b000, memory referenced.
Arg2: 0000000000000002, value 0 = read operation, 1 = write operation.
Arg3: ffff8f807d3165e1, If non-zero, the instruction address which referenced the bad memory
address.
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: caagstart.exe
MODULE_NAME: nt
FAILURE_BUCKET_ID: AV_INVALID_nt!MiSystemFault
Palo Alto endpoint protection and Windows defender is there in the VM.
Please help me to find whether this is an OS issue or an anti-virus issue or the Arcserve backup agent issue.
The Memory dump file is available in the following link --> Dump
2 answers
Sort by: Most helpful
-
-
Carl Fan 6,866 Reputation points
2020-10-01T08:42:29.24+00:00 Hi,
0x50 STOPs can be down to a faulty system service or NFTS corruption among other things.
For dump,
SYMBOL_NAME: nt!MiSystemFault+fb4MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
PROCESS_NAME: caagstart.exe
ntoskrnl = windows kernel. Its not the cause, just what crashed. Process: caagstart.exe was crash.
Enabling the driver verifier with standard settings may produce more informative crash dumps.
https://mikemstech.blogspot.com/2011/12/troubleshooting-0x50.html
Meanwhile, please perform a clean boot and disable security software temporarily.
https://support.microsoft.com/en-us/help/929135/how-to-perform-a-clean-boot-in-windows
Check for update if some security updates need to be installed.
Hope this helps and please help to accept as Answer if the response is useful.
Best Regards,
Carl