BSOD KMODE_EXCEPTION_NOT_HANDLED and server slows to a crawl

D

donathon

Well-known member
Joined
Sep 4, 2018
Posts
58
Hi All,

We are facing a very difficult situation here. We have gotten many vendors including Microsoft in but has not found a solution yet. We have a Windows 2012 cluster server some big file shares. Every day the server would either hit a blue screen or slow to a crawl. We migrated to Windows 2016 cluster and the BSOD went away although we did have 1 or 2 every now and then but we are not getting any more slowness reports. The key thing that we suspect is within the shares, we used symbolic links to point some of the folders to another share within the same server. We are wondering if this could be the cause of the slowness and the crash?
 

Attachments

There are no recent crash dumps but the ones from the end of July show that you have Driver Verifier enabled. This will cause your system to slow down. Is it still enabled? If so turn it off and see if the system improves.

If you do not know how to turn it off have a read through the following tutorial which will tell you more about the reasons why you would use it and it shows various ways of disabling it.
Driver Verifier - BSOD related - Windows 10, 8.1, 8, 7 + Vista
 
Hi,

If there is no blue screen but the server slows to a crawl and the only way to recover from the slowness is to disconnect the disk from the server, what could be the cause? It seems like something is holding on to the mounted disk volume refusing to let go until there is some sort of time out. Once the disk is gone from the Disk Management, the server recovers back to normal speed. The C:\ is local so a slow LUN is definitely not the cause here. I have disabled the verifier in the meantime.
 
The disk queue length all looks fine. There is no contention on the disks. Even if there is, there is no reason why it would cause the server to be slow. Even the mouse moving is slow.
 
What about memory or page file issues? Have you tried changing the page file location?

An Error showing up in the event log need attention:

Code: 
2019-08-20T03:39:04.479  Volume F: (\Device\HarddiskVolume7) needs to be taken offline to perform a Full Chkdsk.  Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.
 
Last edited:
It is already moved to a different drive so it should not be a big problem. I was monitoring the counter SMB Server Session \ Total File Open. It kept on going up. It reached to 19 million before it suddenly drop to zero after we dismounted the drive. Could it be cause of the slowness?
 
donathon said:
It is already moved to a different drive so it should not be a big problem. I was monitoring the counter SMB Server Session \ Total File Open. It kept on going up. It reached to 19 million before it suddenly drop to zero after we dismounted the drive. Could it be cause of the slowness?
Click to expand...

did you monitor your network?
may be also some intrusion, server is busy handling smb-connections.
SMB and the return of the worm
 
Hi, does not seems to be network related. It looks more like a technical limit of some sort...
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top