BSOD Land

One Friday morning several months ago I encountered a very perplexing problem. A bunch of tickets called into the Help Desk about Windows 2000 machines BSODing. BSOD = Blue Screen of Death: a techie’s favorite (or not so favorite) term to describe a dead Windows machine. We determined that a patch pack pushed out the night before was likely the cause. However, the BSOD only seemed to happen on reboot and only on certain Omnitech 3200 machines and not all of them, nor all the time! Upon rebooting some of these machines several times they worked fine until later on when they were rebooted again. I even took one of them out of commission that was crashing, turned off automatic rebooting, wrote a reboot script and left the machine to reboot for 24 hours continuously. Not once did it crash!

The event log showed nothing, a Google search on the error came up with nothing and the crash could not be consisently produced on demand. The BSOD itself was very useless: an INVALID_PAGE_FAULT in NTOSKRNL. NTOSKRNL, as you know, is the heart of the Windows 2000 operating system. It was painfully obvious that it was not the cause of the crashes. We would either rebuild the machines which would fix the problem and then reapply the security patches or just tell the user to keep rebooting the system (incidentally, booting the PCs into safe mode always worked).

After several weeks of rebuilding machines we grew very tired of the situation. No one seemed to have an answer and someone was even called in on a Saturday to reboot a PC with this problem! Something had to be done! Having trial copy of Winternals Administrator Pak 5 I had access to Crash Analyser. What this tool does is it uses Microsoft’s own debugging tools to decipher the dump file and then it in turn deciphers the Microsoft debug summary to make a best guess as to what caused the crash. I grabbed the C:\WINNT\MEMORY.DMP file after turning on crash dumping on one of the machines causing an issue. Upon running the utility I found out that idechdr.sys was the file causing the crash! So, after discovering this, I went to each machine called in and uninstalled the IDE drivers in safe mode and then let Windows 2000 redetect them on the next reboot. This solution finally worked!

This does not explain however what caused this in the first place. I had an Omnitech 3200 under my desk as my work PC and never once did it fail on me with the BSOD. It’s very likely that your company won’t go out and purchase the Administrator’s Pak based on cost, so you can read Dirk Smith’s excellent article entitled How to solve Windows system crashes in minutes which uses only the freeware debugging tools directly from Microsoft.

– Soli Deo Gloria

Leave a Reply

Your email address will not be published. Required fields are marked *