Hi, I want to know what is the source problem of unexpected shutodown on my computer (windows server 2008 R2). I already check dump file, but I confuse to find cause of the problem. below the dump file: Microsoft (R) Windows Debugger Version 6.11.0001.404 X86 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [Z:\DCOPS TEAM Pools\WINTEL team\Ndhanks\092911-DRCSQLBPM81.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7600 MP (4 procs) Free x64 Product: Server, suite: TerminalServer SingleUserTS Built by: 7600.16695.amd64fre.win7_gdr.101026-1503 Machine Name: Kernel base = 0xfffff800`01418000 PsLoadedModuleList = 0xfffff800`01655e50 Debug session time: Thu Sep 29 20:33:24.593 2011 (GMT+7) System Uptime: 56 days 2:44:45.837 Loading Kernel Symbols ............................................................... ................................................................ ... Loading User Symbols Loading unloaded module list ....................... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 4A, {76def72a, 2, 0, fffff88005445ca0} Probably caused by : ntkrnlmp.exe ( nt!KiSystemServiceExit+245 ) Followup: MachineOwner --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_GT_ZERO_AT_SYSTEM_SERVICE (4a) Returning to usermode from a system call at an IRQL > PASSIVE_LEVEL. Arguments: Arg1: 0000000076def72a, Address of system function (system call routine) Arg2: 0000000000000002, Current IRQL Arg3: 0000000000000000, 0 Arg4: fffff88005445ca0, 0 Debugging Details: ------------------ PROCESS_NAME: NisSrv.exe BUGCHECK_STR: RAISED_IRQL_FAULT FAULTING_IP: +5635952f0159da38 00000000`76def72a ?? ??? DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP CURRENT_IRQL: 2 LAST_CONTROL_TRANSFER: from fffff80001487ca9 to fffff80001488740 STACK_TEXT: fffff880`05445a68 fffff800`01487ca9 : 00000000`0000004a 00000000`76def72a 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff880`05445a70 fffff800`01487be0 : fffffa80`19eca360 fffff800`01a04674 fffff880`05445bc8 fffff880`05445c20 : nt!KiBugCheckDispatch+0x69 fffff880`05445bb0 00000000`76def72a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x245 00000000`07f1f908 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76def72a STACK_COMMAND: kb FOLLOWUP_IP: nt!KiSystemServiceExit+245 fffff800`01487be0 4883ec50 sub rsp,50h SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: nt!KiSystemServiceExit+245 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4cc791bd FAILURE_BUCKET_ID: X64_RAISED_IRQL_FAULT_NisSrv.exe_nt!KiSystemServiceExit+245 BUCKET_ID: X64_RAISED_IRQL_FAULT_NisSrv.exe_nt!KiSystemServiceExit+245 Followup: MachineOwner --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_GT_ZERO_AT_SYSTEM_SERVICE (4a) Returning to usermode from a system call at an IRQL > PASSIVE_LEVEL. Arguments: Arg1: 0000000076def72a, Address of system function (system call routine) Arg2: 0000000000000002, Current IRQL Arg3: 0000000000000000, 0 Arg4: fffff88005445ca0, 0 Debugging Details: ------------------ PROCESS_NAME: NisSrv.exe BUGCHECK_STR: RAISED_IRQL_FAULT FAULTING_IP: +5635952f0159da38 00000000`76def72a ?? ??? DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP CURRENT_IRQL: 2 LAST_CONTROL_TRANSFER: from fffff80001487ca9 to fffff80001488740 STACK_TEXT: fffff880`05445a68 fffff800`01487ca9 : 00000000`0000004a 00000000`76def72a 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff880`05445a70 fffff800`01487be0 : fffffa80`19eca360 fffff800`01a04674 fffff880`05445bc8 fffff880`05445c20 : nt!KiBugCheckDispatch+0x69 fffff880`05445bb0 00000000`76def72a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x245 00000000`07f1f908 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76def72a STACK_COMMAND: kb FOLLOWUP_IP: nt!KiSystemServiceExit+245 fffff800`01487be0 4883ec50 sub rsp,50h SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: nt!KiSystemServiceExit+245 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4cc791bd FAILURE_BUCKET_ID: X64_RAISED_IRQL_FAULT_NisSrv.exe_nt!KiSystemServiceExit+245 BUCKET_ID: X64_RAISED_IRQL_FAULT_NisSrv.exe_nt!KiSystemServiceExit+245 Followup: MachineOwner --------- 1: kd> lmvm nt start end module name fffff800`01418000 fffff800`019f5000 nt (pdb symbols) c:\symbols\ntkrnlmp.pdb\518768F0031C4F5C9C3211628CC6C8422\ntkrnlmp.pdb Loaded symbol image file: ntkrnlmp.exe Mapped memory image file: C:\Symbols\ntoskrnl.exe\4CC791BD5dd000\ntoskrnl.exe Image path: ntkrnlmp.exe Image name: ntkrnlmp.exe Timestamp: Wed Oct 27 09:43:09 2010 (4CC791BD) CheckSum: 00550986 ImageSize: 005DD000 File version: 6.1.7600.16695 Product version: 6.1.7600.16695 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 1.0 App File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Microsoft Corporation ProductName: Microsoft® Windows® Operating System InternalName: ntkrnlmp.exe OriginalFilename: ntkrnlmp.exe ProductVersion: 6.1.7600.16695 FileVersion: 6.1.7600.16695 (win7_gdr.101026-1503) FileDescription: NT Kernel & System LegalCopyright: © Microsoft Corporation. All rights reserved. 1: kd> lmvm nt start end module name fffff800`01418000 fffff800`019f5000 nt (pdb symbols) c:\symbols\ntkrnlmp.pdb\518768F0031C4F5C9C3211628CC6C8422\ntkrnlmp.pdb Loaded symbol image file: ntkrnlmp.exe Mapped memory image file: C:\Symbols\ntoskrnl.exe\4CC791BD5dd000\ntoskrnl.exe Image path: ntkrnlmp.exe Image name: ntkrnlmp.exe Timestamp: Wed Oct 27 09:43:09 2010 (4CC791BD) CheckSum: 00550986 ImageSize: 005DD000 File version: 6.1.7600.16695 Product version: 6.1.7600.16695 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 1.0 App File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Microsoft Corporation ProductName: Microsoft® Windows® Operating System InternalName: ntkrnlmp.exe OriginalFilename: ntkrnlmp.exe ProductVersion: 6.1.7600.16695 FileVersion: 6.1.7600.16695 (win7_gdr.101026-1503) FileDescription: NT Kernel & System LegalCopyright: © Microsoft Corporation. All rights reserved. Regards, Endang Irawan

The error was caused by NisSrv.exe, which is part of MSE Network Inspection System...this was a new feature added into MSE V.2. Did you recently install Microsoft Security Essentials or update it? If so, try rolling back the install, repairing or uninstalling it and see if the problem persists.If you found this post helpful, please "Vote as Helpful". If it answered your question, remember to "Mark as Answer". Rich Prescott | MCITP, MCTS, MCP [Blog] Engineering Efficiency | [Twitter] @Rich_Prescott | [Powershell GUI] Client System Administration tool

The error was caused by NisSrv.exe, which is part of MSE Network Inspection System...this was a new feature added into MSE V.2. Did you recently install Microsoft Security Essentials or update it? If so, try rolling back the install, repairing or uninstalling it and see if the problem persists.If you found this post helpful, please "Vote as Helpful". If it answered your question, remember to "Mark as Answer". Rich Prescott | MCITP, MCTS, MCP [Blog] Engineering Efficiency | [Twitter] @Rich_Prescott | [Powershell GUI] Client System Administration tool

hi Endang, can you provide eventviewer details of event that happened after the shutdown also can you tell me whether it is a VM or a physical machine also can you run the hardware test of your machine Thanks VirajPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, If the above troubleshooting suggestions cannot fix the issue for you, you may contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request. To troubleshoot this kind of kernel crash issue, we need to debug the crashed system dump. Unfortunately, debugging is beyond what we can do in the forum. Please be advised that contacting phone support will be a charged call. To obtain the phone numbers for specific technology request please take a look at the web site listed below: http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607 Regards,Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Bug Check Code 0x4A: http://msdn.microsoft.com/en-us/library/ff559001(v=VS.85).aspx The BSOD occured when NisSrv.exe was running and it is the cause of your problem (BUCKET_ID: X64_RAISED_IRQL_FAULT_NisSrv.exe_nt!KiSystemServiceExit+245). I recommend disabling Microsoft Forefront Endpoint Protection 2010 antivirus and checking again. Also, I recommend reporting that to Microsoft CSS.http://www.virmansec.com/blogs/skhairuddin

Hi, If the above troubleshooting suggestions cannot fix the issue for you, you may contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request. To troubleshoot this kind of kernel crash issue, we need to debug the crashed system dump. Unfortunately, debugging is beyond what we can do in the forum. Please be advised that contacting phone support will be a charged call. To obtain the phone numbers for specific technology request please take a look at the web site listed below: http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607 Regards,Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Bug Check Code 0x4A: http://msdn.microsoft.com/en-us/library/ff559001(v=VS.85).aspx The BSOD occured when NisSrv.exe was running and it is the cause of your problem (BUCKET_ID: X64_RAISED_IRQL_FAULT_NisSrv.exe_nt!KiSystemServiceExit+245). I recommend disabling Microsoft Forefront Endpoint Protection 2010 antivirus and checking again. Also, I recommend reporting that to Microsoft CSS.http://www.virmansec.com/blogs/skhairuddin