1.1 影响版本
server 2008以上的版本
1.2 故障现象
Unknown bugcheck code (c00002e2)
Unknown bugcheck description
Arguments:
Arg1: ffffc40c87ffd9c0
Arg2: ffffffffc0000001
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 10.0.14393.2273 (rs1_release_1.180427-1811)
SYSTEM_MANUFACTURER: SANGFOR
SYSTEM_PRODUCT_NAME: Standard PC (i440FX + PIIX, 1996)
SYSTEM_VERSION: pc-i440fx-2.5
BIOS_VENDOR: SeaBIOS
BIOS_VERSION: rel-1.7.5.1-20160823_191021
BIOS_DATE: 04/01/2014
BUGCHECK_STR: 0xc00002e2
ERROR_CODE: (NTSTATUS) 0xc00002e2 - <Unable to get error code text>
EXCEPTION_CODE: (NTSTATUS) 0xc00002e2 - <Unable to get error code text>
EXCEPTION_CODE_STR: c00002e2
EXCEPTION_PARAMETER1: ffffc40c87ffd9c0
EXCEPTION_PARAMETER2: ffffffffc0000001
EXCEPTION_PARAMETER3: 0000000000000000
EXCEPTION_PARAMETER4: 0
DUMP_TYPE: 2
BUGCHECK_P1: ffffc40c87ffd9c0
BUGCHECK_P2: ffffffffc0000001
BUGCHECK_P3: 0
BUGCHECK_P4: 0
CPU_COUNT: 4
CPU_MHZ: 893
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: f
CPU_STEPPING: b
CPU_MICROCODE: 6,f,b,0 (F,M,S,R) SIG: 1'00000000 (cache) 1'00000000 (init)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT_SERVER
PROCESS_NAME: lsass.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: VT0036
ANALYSIS_SESSION_TIME: 12-07-2018 17:39:17.0109
ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
LAST_CONTROL_TRANSFER: from fffff803a69ee83c to fffff803a676c950
STACK_TEXT:
ffffe281`cb5467f8 fffff803`a69ee83c : 00000000`0000004c 00000000`c00002e2 ffffe281`cc59e538 ffff8b80`12ea32f0 : nt!KeBugCheckEx
ffffe281`cb546800 fffff803`a69e8618 : ffffffff`800000a8 00000000`00000002 ffffe281`cb546940 00000000`00000002 : nt!PopGracefulShutdown+0x268
ffffe281`cb546840 fffff803`a677da63 : 00000000`00000004 00000000`00000001 00000000`c0000004 ffffe281`cb546b00 : nt!NtSetSystemPowerState+0xb380
ffffe281`cb5469c0 fffff803`a6770710 : fffff803`a6bd7880 00000000`00000000 ffffe281`cb546bd8 00000000`00000014 : nt!KiSystemServiceCopyEnd+0x13
ffffe281`cb546b58 fffff803`a6bd7880 : 00000000`00000000 ffffe281`cb546bd8 00000000`00000014 00000000`00000000 : nt!KiServiceLinkage
ffffe281`cb546b60 fffff803`a6b30489 : 00000000`00000000 00000000`00000000 00000000`00000000 fffff803`a69d0280 : nt!PopIssueActionRequest+0xa7a00
ffffe281`cb546c20 fffff803`a6717d91 : 00000000`00000001 fffff803`a6717d24 00000000`00000002 00000000`00000000 : nt!PopPolicyWorkerAction+0x69
ffffe281`cb546c90 fffff803`a664f529 : ffff8b80`0bf4c040 fffff803`a6914c60 ffff8b80`00000000 ffff8b80`00000003 : nt!PopPolicyWorkerThread+0x6d
ffffe281`cb546cc0 fffff803`a66860c1 : ffff8b80`0bf4c040 00000000`00000080 ffff8b80`0be94040 ffff8b80`0bf4c040 : nt!ExpWorkerThread+0xe9
ffffe281`cb546d50 fffff803`a6774216 : ffffe281`cafb4180 ffff8b80`0bf4c040 fffff803`a6686080 00000000`00000000 : nt!PspSystemThreadStartup+0x41
ffffe281`cb546da0 00000000`00000000 : ffffe281`cb547000 ffffe281`cb541000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
1.3 原因分析
windows在启动AD服务过程中发现事务日志头损坏了,主动制造的一次蓝屏.原因是我们使用的类似于断电的机制备份的,
很有可能导致备份过程中域控服务事务日志刷写错误,理论上关机备份就不会导致这种问题.后面又查了一下viritas和vmware备份都有这种问题.
1.4 解决方案
【高危操作】操作之前打快照。进winpe,删除或者重命名C:\Windows\NTDS\下所有后缀名是.log的文件即可.
建议使用Chrome浏览器访问!
