1. 首页
  2. 问答
  3. splWOW64挂在打印服务器上

splWOW64挂在打印服务器上

2014-10-06 40 views
0

所以我有一台运行Windows Server 2008 64位的打印服务器。它将水晶报告给各种打印机,一些旧的,一些新的。这意味着那里有几个不同的驱动程序。最近我们开始遇到问题,splWOW64进程将挂起并且所有打印都将备份。如果我们终止该进程,队列就会正常打印。每当我们看到打印机和打印报告时,看看是什么似乎是挂起的打印作业,然而这绝不是同一份报告或打印机。我们完全转储了splwow64进程,并被告知HP通用打印驱动程序PCL5导致了此问题。几年前它一直在为我们的大多数打印机工作,没有任何问题。因此,我们删除了该驱动,并开始为每种型号的打印机使用单独的驱动程序,如果可以在Microsoft驱动程序数据库上找到它们,则全部使用PCL6。这些都没有解决这个问题。它依然会每天发生2-3次,这取决于它有多忙。我从来没有使用过windbg来调试任何东西,我已经在最近的转储的分析-v -hang的结果下面了。目前这对我来说很乱。也许有人在那里可以看到明显的错误?splWOW64挂在打印服务器上

FAULTING_IP: 
+0 
00000000`00000000 ??    ??? 

EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff) 
ExceptionAddress: 0000000000000000 
    ExceptionCode: 80000003 (Break instruction exception) 
    ExceptionFlags: 00000000 
NumberParameters: 0 

CONTEXT: 0000000000000000 -- (.cxr 0x0;r) 
rax=0000000000000000 rbx=0000000000000000 rcx=00000000004486f8 
rdx=00000000ffffffff rsi=00000000ffffffff rdi=0000000000000088 
rip=0000000076d812fa rsp=000000000028f708 rbp=0000000000000001 
r8=000000000028f7d8 r9=0000000000000001 r10=0000000000000000 
r11=0000000000000202 r12=0000000000000000 r13=00000000ff963440 
r14=0000000000000000 r15=0000000000000000 
iopl=0   nv up ei pl zr na po nc 
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b    efl=00000246 
ntdll!NtWaitForSingleObject+0xa: 
00000000`76d812fa c3    ret 

FAULTING_THREAD: 0000000000000000 

BUGCHECK_STR: HANG 

DEFAULT_BUCKET_ID: APPLICATION_HANG 

PROCESS_NAME: splwow64.exe 

ERROR_CODE: (NTSTATUS) 0xcfffffff - <Unable to get error code text> 

EXCEPTION_CODE: (NTSTATUS) 0xcfffffff - <Unable to get error code text> 

NTGLOBALFLAG: 0 

APPLICATION_VERIFIER_FLAGS: 0 

APP: splwow64.exe 

ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre 

DERIVED_WAIT_CHAIN: 

Dl Eid Cid  WaitType 
-- --- ------- -------------------------- 
    0 b68.19bc Unknown     

WAIT_CHAIN_COMMAND: ~0s;k;; 

BLOCKING_THREAD: 00000000000019bc 

PRIMARY_PROBLEM_CLASS: APPLICATION_HANG 

LAST_CONTROL_TRANSFER: from 000007fefcfa10dc to 0000000076d812fa 

STACK_TEXT: 
00000000`0028f708 000007fe`fcfa10dc : 00000000`0044d000 00000000`00400000 00000000`0044cff0 00000000`76d840fd : ntdll!NtWaitForSingleObject+0xa 
00000000`0028f710 000007fe`fd2ed95d : 00000000`004485f0 00000000`0000000a 00000000`00000000 00000000`00000088 : KERNELBASE!WaitForSingleObjectEx+0x79 
00000000`0028f7b0 000007fe`fd36f42c : 00000000`00000000 00000000`00000000 00000000`004485f0 000007fe`fd2ff74e : rpcrt4!EVENT::Wait+0xd 
00000000`0028f7e0 000007fe`fd33a879 : 00000000`004485f0 00000000`004485f0 00000000`00000000 00000000`00000001 : rpcrt4!RPC_SERVER::WaitForStopServerListening+0x1c 
00000000`0028f810 000007fe`fd2ffa49 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : rpcrt4!Invoke+0x13e46 
00000000`0028f850 00000000`ff966b98 : 00000000`00000000 00000000`0000000a 00000000`0000000a 00000000`000004d2 : rpcrt4!RpcServerListen+0x49 
00000000`0028f880 00000000`ff9671f1 : 00000000`00000000 00000000`0028fa20 00000000`00187c90 00000000`00003000 : splwow64!TLoad64BitDllsMgr::StartLdrRPCServer+0x19c 
00000000`0028f9d0 00000000`ff967fb2 : 00000000`00187c90 00000000`00003000 00000000`00001a20 00000000`00003000 : splwow64!TLoad64BitDllsMgr::Run+0x4d 
00000000`0028fa10 00000000`ff96d095 : 00000000`00000000 00000000`00000000 00000000`00187d20 00000000`00000000 : splwow64!wmain+0x1ae 
00000000`0028fa50 00000000`76b2652d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : splwow64!ConvertStringSecurityDescriptorToSecurityDescriptorW+0x19b 
00000000`0028fa90 00000000`76d5c541 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd 
00000000`0028fac0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d 


FOLLOWUP_IP: 
splwow64!TLoad64BitDllsMgr::StartLdrRPCServer+19c 
00000000`ff966b98 8bd8   mov  ebx,eax 

SYMBOL_STACK_INDEX: 6 

SYMBOL_NAME: splwow64!TLoad64BitDllsMgr::StartLdrRPCServer+19c 

FOLLOWUP_NAME: MachineOwner 

MODULE_NAME: splwow64 

IMAGE_NAME: splwow64.exe 

DEBUG_FLR_IMAGE_TIMESTAMP: 4f35fbfe 

STACK_COMMAND: ~0s ; kb 

BUCKET_ID: X64_HANG_splwow64!TLoad64BitDllsMgr::StartLdrRPCServer+19c 

FAILURE_BUCKET_ID: APPLICATION_HANG_cfffffff_splwow64.exe!TLoad64BitDllsMgr::StartLdrRPCServer 

ANALYSIS_SOURCE: UM 

FAILURE_ID_HASH_STRING: um:application_hang_cfffffff_splwow64.exe!tload64bitdllsmgr::startldrrpcserver 

FAILURE_ID_HASH: {369fae16-3854-e2c0-c756-fdab044a0958} 

Followup: MachineOwner

来源

2014-10-06 GunsKillDreams

回答

0

你应该做出一个核心转储(见:http://support.microsoft.com/kb/244139

那么你应该做的:

  1. 0 0 splwow64
  2. 开关搜索你的进程过程中对发现的过程 ! .process/p addr
  3. 列出找到的进程的所有线程!process addr 17
  4. 找到你的线程
  5. 找到ALPC处理堆栈中,找到一个内核对象:!手柄处理
  6. 打印ALPC端口对象ALPC ob_addr
  7. 找到打印相应的服务器端口

如果你有完成这些步骤后,您必须知道RPC服务器进程挂起了RPC请求

来源

2014-10-07 06:01:34

+0

这是一个远程服务器,我没有物理访问权限,我不相信这样的键盘组合可以远程工作。也许我也可以从printisolationhost进程中获得一个转储。对于迟到的回复很抱歉,这个问题几天后不再发生。 – GunsKillDreams 2014-10-09 18:13:45

相关问题

 相关问题