[SOLVED] ntoskrnl.exe (NT Kernel) Symbol Errors - Windbg

Email sent to Microsoft asking that the MSDL SYM server be updated ASAP.

It does appear that NT was in fact updated on 9 October 2013 via auto-Windows Updates.



My post from TSF BSOD Forum:

jcgriff2 said:
Hi -

Please check Control Panel, Windows Updates to see if any Windows Updates were recently installed. I show 27 Windows Updates were installed on 9 October 2013.

The reason:

We are getting "symbol errors" on the Windows NT Kernel (NT) -
Code: 
[font=lucida console]nt       ntoskrnl.exe Wed Aug 28 21:13:25 2013 (521EA035) [/font]

I have the same version in my system and am in the process of determining if it was recently updated or not -


W7x64_NTkernel_10-12-2013 15-32-33.png

The 9 October 2013 date referenced earlier is important as you can see it is listed as "create" and "last accessed" in the above screenshot of the Windows NT Kernel. The time of 03:25:46 is interesting as well because most systems are set up for Windows Updates to start downloading/installing at 3 am.

Without correct symbol files from Microsoft, the dump file results may not be accurate.

The bugchecks on the 4 dumps appear RAM related (or other hardware failure affecting RAMs ability to properly hold kernel code) -
(2) 0x1a = memory management error
(2) 0x50 = invalid memory referenced

Regards. . .

jcgriff2


`


The following is being listed to assist us in contacting other BSOD Analysts as well as Microsoft to inquire about the SYM errors.

NT Symbol INFO:
Code: 
[font=lucida console]
1: kd> [B]!sym noisy[/B]
noisy mode - symbol prompts on
1: kd> [B].reload[/B]
SYMSRV:  a:\symbols\ntoskrnl.exe\521EA0355e5000\ntoskrnl.exe not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/ntoskrnl.exe/521EA0355e5000/ntoskrnl.exe not found
SYMSRV:  a:\symbols\ntkrnlup.exe\521EA0355e5000\ntkrnlup.exe not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/ntkrnlup.exe/521EA0355e5000/ntkrnlup.exe not found
SYMSRV:  a:\symbols\ntkrnlpa.exe\521EA0355e5000\ntkrnlpa.exe not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/ntkrnlpa.exe/521EA0355e5000/ntkrnlpa.exe not found
SYMSRV:  a:\symbols\ntkrnlmp.exe\521EA0355e5000\ntkrnlmp.exe not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/ntkrnlmp.exe/521EA0355e5000/ntkrnlmp.exe not found
SYMSRV:  a:\symbols\ntkrpamp.exe\521EA0355e5000\ntkrpamp.exe not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/ntkrpamp.exe/521EA0355e5000/ntkrpamp.exe not found
DBGHELP: K:\WinDDK\7600.16385.1\Debuggers\ntoskrnl.exe - file not found
DBGHELP: K:\WinDDK\7600.16385.1\Debuggers\ntkrnlup.exe - file not found
DBGHELP: K:\WinDDK\7600.16385.1\Debuggers\ntkrnlpa.exe - file not found
DBGHELP: K:\WinDDK\7600.16385.1\Debuggers\ntkrnlmp.exe - file not found
DBGHELP: K:\WinDDK\7600.16385.1\Debuggers\ntkrpamp.exe - file not found
SYMSRV:  a:\symbols\ntoskrnl.exe\521EA0355e5000\ntoskrnl.exe not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/ntoskrnl.exe/521EA0355e5000/ntoskrnl.exe not found
SYMSRV:  a:\symbols\ntkrnlup.exe\521EA0355e5000\ntkrnlup.exe not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/ntkrnlup.exe/521EA0355e5000/ntkrnlup.exe not found
SYMSRV:  a:\symbols\ntkrnlpa.exe\521EA0355e5000\ntkrnlpa.exe not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/ntkrnlpa.exe/521EA0355e5000/ntkrnlpa.exe not found
SYMSRV:  a:\symbols\ntkrnlmp.exe\521EA0355e5000\ntkrnlmp.exe not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/ntkrnlmp.exe/521EA0355e5000/ntkrnlmp.exe not found
SYMSRV:  a:\symbols\ntkrpamp.exe\521EA0355e5000\ntkrpamp.exe not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/ntkrpamp.exe/521EA0355e5000/ntkrpamp.exe not found
DBGENG:  \SystemRoot\system32\ntoskrnl.exe - Image mapping disallowed by non-local path.
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
DBGENG:  ntoskrnl.exe - Partial symbol image load missing image info
DBGHELP: No header for ntoskrnl.exe.  Searching for dbg file
DBGHELP: .\ntoskrnl.dbg - file not found
DBGHELP: .\exe\ntoskrnl.dbg - path not found
DBGHELP: .\symbols\exe\ntoskrnl.dbg - path not found
DBGHELP: ntoskrnl.exe missing debug info.  Searching for pdb anyway
DBGHELP: Can't use symbol server for ntoskrnl.pdb - no header information available
DBGHELP: ntoskrnl.pdb - file not found
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
DBGHELP: nt - no symbols loaded
Loading Kernel Symbols
.
SYMSRV:  a:\symbols\halaacpi.dll\4CE7C66949000\halaacpi.dll not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/halaacpi.dll/4CE7C66949000/halaacpi.dll not found
SYMSRV:  a:\symbols\halacpi.dll\4CE7C66949000\halacpi.dll not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/halacpi.dll/4CE7C66949000/halacpi.dll not found
SYMSRV:  a:\symbols\halapic.dll\4CE7C66949000\halapic.dll not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/halapic.dll/4CE7C66949000/halapic.dll not found
SYMSRV:  a:\symbols\halmacpi.dll\4CE7C66949000\halmacpi.dll not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/halmacpi.dll/4CE7C66949000/halmacpi.dll not found
SYMSRV:  a:\symbols\halmps.dll\4CE7C66949000\halmps.dll not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/halmps.dll/4CE7C66949000/halmps.dll not found
DBGHELP: a:\symbols\hal.dll\4CE7C66949000\hal.dll - OK
DBGENG:  a:\symbols\hal.dll\4CE7C66949000\hal.dll - Mapped image memory
.
DBGHELP: a:\symbols\kdcom.dll\4D4D8061a000\kdcom.dll - OK
DBGENG:  a:\symbols\kdcom.dll\4D4D8061a000\kdcom.dll - Mapped image memory
.............................................................
................................................................
......................................
Loading User Symbols
Loading unloaded module list
..............................
[/font]




BSOD SUMMARY
Code: 
[font=lucida console]
Loading Dump File [C:\Users\PalmDesert\_jcgriff2_\dbug\__Kernel__\101113-11559-01.dmp]
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Built by: 7601.18247.amd64fre.win7sp1_gdr.130828-1532
Debug session time: Fri Oct 11 21:53:14.680 2013 (UTC - 4:00)
System Uptime: 0 days 2:50:01.523
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Probably caused by : ntoskrnl.exe ( nt+75bc0 )
BUGCHECK_STR:  0x1a_41790
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Bugcheck code 0000001A
Arguments 00000000`00041790 fffffa80`05ee8f70 00000000`0000ffff 00000000`00000000
BiosVersion = FB
BiosReleaseDate = 10/12/2011
SystemManufacturer = Gigabyte Technology Co., Ltd.
SystemProductName = Z68AP-D3
MaxSpeed:     3300
CurrentSpeed: 3309
Loading Dump File [C:\Users\PalmDesert\_jcgriff2_\dbug\__Kernel__\101113-11481-01.dmp]
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Built by: 7601.18247.amd64fre.win7sp1_gdr.130828-1532
Debug session time: Fri Oct 11 19:02:43.100 2013 (UTC - 4:00)
System Uptime: 0 days 1:55:01.317
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Probably caused by : ntoskrnl.exe ( nt+75bc0 )
BUGCHECK_STR:  0x1a_41790
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
Bugcheck code 0000001A
Arguments 00000000`00041790 fffffa80`05eed020 00000000`0000ffff 00000000`00000000
BiosVersion = FB
BiosReleaseDate = 10/12/2011
SystemManufacturer = Gigabyte Technology Co., Ltd.
SystemProductName = Z68AP-D3
MaxSpeed:     3300
CurrentSpeed: 3309
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Loading Dump File [C:\Users\PalmDesert\_jcgriff2_\dbug\__Kernel__\101113-11076-01.dmp]
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Built by: 7601.18247.amd64fre.win7sp1_gdr.130828-1532
Debug session time: Fri Oct 11 17:05:52.418 2013 (UTC - 4:00)
System Uptime: 0 days 6:17:14.636
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Probably caused by : ntoskrnl.exe ( nt+75bc0 )
BUGCHECK_STR:  0x1a_41790
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
Bugcheck code 0000001A
Arguments 00000000`00041790 fffffa80`05fb9020 00000000`0000ffff 00000000`00000000
BiosVersion = FB
BiosReleaseDate = 10/12/2011
SystemManufacturer = Gigabyte Technology Co., Ltd.
SystemProductName = Z68AP-D3
MaxSpeed:     3300
CurrentSpeed: 3309
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Loading Dump File [C:\Users\PalmDesert\_jcgriff2_\dbug\__Kernel__\101013-12433-01.dmp]
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Built by: 7601.18247.amd64fre.win7sp1_gdr.130828-1532
Debug session time: Thu Oct 10 10:12:41.337 2013 (UTC - 4:00)
System Uptime: 0 days 0:12:40.555
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Probably caused by : ntoskrnl.exe ( nt+bc117 )
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
BUGCHECK_STR:  0x50
Bugcheck code 00000050
Arguments fffffae0`012de988 00000000`00000000 fffff800`03518117 00000000`00000005
BiosVersion = FB
BiosReleaseDate = 10/12/2011
SystemManufacturer = Gigabyte Technology Co., Ltd.
SystemProductName = Z68AP-D3
MaxSpeed:     3300
CurrentSpeed: 3309
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
  

	    
             
       [color=#555555]J. C. Griffith, Microsoft MVP (jcgriff2)[/color]   
             
           [url=http://mvp.microsoft.com/en-us/mvp/John%20C.%20Griffith-4025562][color=#555555][u]http://mvp.microsoft.com/en-us/mvp/John%20C.%20Griffith-4025562[/u][/color][/url]   

           [url=https://www.sysnative.com][color=#555555][u][url]www.sysnative.com[/url][/u][/color][/url]
             
           [url=http://jcgriff2.com][color=#555555][u][url]www.jcgriff2.com[/url][/u][/color][/url] 


¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨


  [/font]
Click to expand...

http://www.techsupportforum.com/forums/f299/blue-screen-daily-715129.html#post4360777
 
I've been experiencing symbol errors, are they still happening? I haven't opened any dump files today.
 
It seems they are getting worse and worse? Not sure. The past few days I was able to go through a few dumps in which I didn't get symbol errors, but now it's practically every dump. Incredibly frustrating because you can't essentially run any commands so you're stuck praying Driver Verifier finds something if it's something like a *9F and if not, well, not much you can do.
 
It's not that they're getting worse, rather the Windows Updates from 9 Oct are now installing in more systems.
 
I am unsure. I have encountered far less than I have in the past few days, but there are still some. I can't tell if that's because you just get symbol errors sometimes on some dumps. I digress.
 
I'm going to try some dump files today and will report back on my findings, but sometimes you will occasionally get symbol errors with some dump files.
 
It seems to be fixed. I have been analyzing all day on Answers (8.1 launch, a lot of people trying to upgrade with ANCIENT software :banghead: ) and I have gotten very little to no symbol errors.
 
Indeed, I am very thankful as well. Had no idea you could barely run any commands without the symbol server working properly.
 
I couldn't even use the most basic ones like !thread. I guess they were waiting to see if the Windows Updates would cause any problems for any users, and then if it didn't, update the symbol server to reflect the new updates.
 
Mhm, it was pretty terrible. Couldn't run !errrec, couldn't run !thread, couldn't run !irp, couldn't run ln, etc.
 
Back
Top