FAILURE_BUCKET_ID: AV_partmgr!unknown_function

Kester Pechardo 0 Reputation points
2023-05-01T01:05:25.6466667+00:00

Good day.

I'm new to this, so I'm not really sure what information I should include. I am not very good in analyzing dump files.

I have a Windows Server 2012 R2, a VMware VM and a client open a ticket what cause why the server went down. I went to log files and found that the system as rebooted without cleanly shutting down first. I have not found any other information related to this down time however, there's a log that a dump file was created.

I found the file and was able to open it and other than driver related, I can't move any further what caused it and why.

I hope the community to help to analyze the dump file.

here's the created dump file

https://1drv.ms/f/s!AiWQrxd0So3YgYJdazbK_O7haZbAyA?e=RSeT85

Windows Server 2012
Windows Server 2012
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
1,591 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vahid Ghafarpour 21,710 Reputation points
    2023-05-01T02:41:56.28+00:00

    If you've determined that the server was rebooted without cleanly shutting down first, and you've found a dump file, you may be able to gather more information about what caused the reboot by analyzing the dump file.

    Here are some steps you can take to analyze the dump file:

    Install the Debugging Tools for Windows: If you haven't already, install the Debugging Tools for Windows on the server. You can download them from the Microsoft website.

    Open the dump file: Once you have the Debugging Tools installed, open a command prompt and navigate to the folder where the dump file is located. Then, use the following command to open the dump file in the Windows Debugger:

    windbg -y srv*path-to-symbol-files* -i imagepath -z *dump-file-name*

    Replace path-to-symbol-files with the path to your symbol files (if you have them), imagepath with the path to your image files, and dump-file-name with the name of your dump file.

    Analyze the dump file: Once the dump file is open in the Windows Debugger, you can analyze it to try to determine what caused the reboot. Start by running the !analyze -v command, which will provide you with a detailed analysis of the crash.

    If the analysis doesn't provide enough information, you can use other commands to drill down further into the dump file. Some useful commands include lm, which lists the loaded modules, and kb, which provides a stack trace.

    You can also use the !analyze -v command to get more information about any drivers that are implicated in the crash. The analysis may suggest that a particular driver caused the crash.

    Investigate the driver: If the analysis suggests that a driver caused the crash, investigate that driver. Look for any known issues with that driver, and check for any updates or patches that may be available.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.