1. 首頁
  2. 問答
  3. splWOW64掛在打印服務器上

splWOW64掛在打印服務器上

2014-10-06 109 views
0

所以我有一臺運行Windows Server 2008 64位的打印服務器。它將水晶報告給各種打印機,一些舊的,一些新的。這意味着那裏有幾個不同的驅動程序。最近我們開始遇到問題,splWOW64進程將掛起並且所有打印都將備份。如果我們終止該進程,隊列就會正常打印。每當我們看到打印機和打印報告時,看看是什麼似乎是掛起的打印作業,然而這絕不是同一份報告或打印機。我們完全轉儲了splwow64進程,並被告知HP通用打印驅動程序PCL5導致了此問題。幾年前它一直在爲我們的大多數打印機工作,沒有任何問題。因此,我們刪除了該驅動,並開始爲每種型號的打印機使用單獨的驅動程序,如果可以在Microsoft驅動程序數據庫上找到它們,則全部使用PCL6。這些都沒有解決這個問題。它依然會每天發生2-3次,這取決於它有多忙。我從來沒有使用過windbg來調試任何東西,我已經在最近的轉儲的分析-v -hang的結果下面了。目前這對我來說很亂。也許有人在那裏可以看到明顯的錯誤?splWOW64掛在打印服務器上

FAULTING_IP: 
+0 
00000000`00000000 ??    ??? 

EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff) 
ExceptionAddress: 0000000000000000 
    ExceptionCode: 80000003 (Break instruction exception) 
    ExceptionFlags: 00000000 
NumberParameters: 0 

CONTEXT: 0000000000000000 -- (.cxr 0x0;r) 
rax=0000000000000000 rbx=0000000000000000 rcx=00000000004486f8 
rdx=00000000ffffffff rsi=00000000ffffffff rdi=0000000000000088 
rip=0000000076d812fa rsp=000000000028f708 rbp=0000000000000001 
r8=000000000028f7d8 r9=0000000000000001 r10=0000000000000000 
r11=0000000000000202 r12=0000000000000000 r13=00000000ff963440 
r14=0000000000000000 r15=0000000000000000 
iopl=0   nv up ei pl zr na po nc 
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b    efl=00000246 
ntdll!NtWaitForSingleObject+0xa: 
00000000`76d812fa c3    ret 

FAULTING_THREAD: 0000000000000000 

BUGCHECK_STR: HANG 

DEFAULT_BUCKET_ID: APPLICATION_HANG 

PROCESS_NAME: splwow64.exe 

ERROR_CODE: (NTSTATUS) 0xcfffffff - <Unable to get error code text> 

EXCEPTION_CODE: (NTSTATUS) 0xcfffffff - <Unable to get error code text> 

NTGLOBALFLAG: 0 

APPLICATION_VERIFIER_FLAGS: 0 

APP: splwow64.exe 

ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre 

DERIVED_WAIT_CHAIN: 

Dl Eid Cid  WaitType 
-- --- ------- -------------------------- 
    0 b68.19bc Unknown     

WAIT_CHAIN_COMMAND: ~0s;k;; 

BLOCKING_THREAD: 00000000000019bc 

PRIMARY_PROBLEM_CLASS: APPLICATION_HANG 

LAST_CONTROL_TRANSFER: from 000007fefcfa10dc to 0000000076d812fa 

STACK_TEXT: 
00000000`0028f708 000007fe`fcfa10dc : 00000000`0044d000 00000000`00400000 00000000`0044cff0 00000000`76d840fd : ntdll!NtWaitForSingleObject+0xa 
00000000`0028f710 000007fe`fd2ed95d : 00000000`004485f0 00000000`0000000a 00000000`00000000 00000000`00000088 : KERNELBASE!WaitForSingleObjectEx+0x79 
00000000`0028f7b0 000007fe`fd36f42c : 00000000`00000000 00000000`00000000 00000000`004485f0 000007fe`fd2ff74e : rpcrt4!EVENT::Wait+0xd 
00000000`0028f7e0 000007fe`fd33a879 : 00000000`004485f0 00000000`004485f0 00000000`00000000 00000000`00000001 : rpcrt4!RPC_SERVER::WaitForStopServerListening+0x1c 
00000000`0028f810 000007fe`fd2ffa49 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : rpcrt4!Invoke+0x13e46 
00000000`0028f850 00000000`ff966b98 : 00000000`00000000 00000000`0000000a 00000000`0000000a 00000000`000004d2 : rpcrt4!RpcServerListen+0x49 
00000000`0028f880 00000000`ff9671f1 : 00000000`00000000 00000000`0028fa20 00000000`00187c90 00000000`00003000 : splwow64!TLoad64BitDllsMgr::StartLdrRPCServer+0x19c 
00000000`0028f9d0 00000000`ff967fb2 : 00000000`00187c90 00000000`00003000 00000000`00001a20 00000000`00003000 : splwow64!TLoad64BitDllsMgr::Run+0x4d 
00000000`0028fa10 00000000`ff96d095 : 00000000`00000000 00000000`00000000 00000000`00187d20 00000000`00000000 : splwow64!wmain+0x1ae 
00000000`0028fa50 00000000`76b2652d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : splwow64!ConvertStringSecurityDescriptorToSecurityDescriptorW+0x19b 
00000000`0028fa90 00000000`76d5c541 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd 
00000000`0028fac0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d 


FOLLOWUP_IP: 
splwow64!TLoad64BitDllsMgr::StartLdrRPCServer+19c 
00000000`ff966b98 8bd8   mov  ebx,eax 

SYMBOL_STACK_INDEX: 6 

SYMBOL_NAME: splwow64!TLoad64BitDllsMgr::StartLdrRPCServer+19c 

FOLLOWUP_NAME: MachineOwner 

MODULE_NAME: splwow64 

IMAGE_NAME: splwow64.exe 

DEBUG_FLR_IMAGE_TIMESTAMP: 4f35fbfe 

STACK_COMMAND: ~0s ; kb 

BUCKET_ID: X64_HANG_splwow64!TLoad64BitDllsMgr::StartLdrRPCServer+19c 

FAILURE_BUCKET_ID: APPLICATION_HANG_cfffffff_splwow64.exe!TLoad64BitDllsMgr::StartLdrRPCServer 

ANALYSIS_SOURCE: UM 

FAILURE_ID_HASH_STRING: um:application_hang_cfffffff_splwow64.exe!tload64bitdllsmgr::startldrrpcserver 

FAILURE_ID_HASH: {369fae16-3854-e2c0-c756-fdab044a0958} 

Followup: MachineOwner

來源

2014-10-06 GunsKillDreams

回答

0

你應該做出一個核心轉儲(見:http://support.microsoft.com/kb/244139

那麼你應該做的:

  1. 0 0 splwow64
  2. 開關搜索你的進程過程中對發現的過程 ! .process/p addr
  3. 列出找到的進程的所有線程!process addr 17
  4. 找到你的線程
  5. 找到ALPC處理堆棧中,找到一個內核對象:!手柄處理
  6. 打印ALPC端口對象ALPC ob_addr
  7. 找到打印相應的服務器端口

如果你有完成這些步驟後,您必須知道RPC服務器進程掛起了RPC請求

來源

2014-10-07 06:01:34

+0

這是一個遠程服務器,我沒有物理訪問權限,我不相信這樣的鍵盤組合可以遠程工作。也許我也可以從printisolationhost進程中獲得一個轉儲。對於遲到的回覆很抱歉,這個問題幾天後不再發生。 – GunsKillDreams 2014-10-09 18:13:45

 相關問題

  • 暫無相關問題^_^