3

We have 2 new servers set up to allow remote desktop sessions throughout the warehouse. Intermittently we get complaints that the session has stopped working or has frozen. When we check the servers they have a blue screen with the error APC_INDEX_MISMATCH(fltmgr.sys)

I've been doing research and to no avail. It doesn't seem like this issue is solvable.Like it might be a bug issue with Microsoft. Below is the dump file information. It tells you the Bug Check String, Caused By Driver and Crash Time.

Please help me troubleshoot this!![Mini dump info on blue screen error][1]

jayburna688
  • 31
  • 1
  • 3
  • I was not able to add a picture because I am new and I need a 15 reputation or something to that extent. The Bug Check String is APC_Index_Mismatch. The Caused by Driver is fltmgr.sys and the Bug Check Code is 0x00000001. Thanks for any help that could be provided. – jayburna688 May 29 '14 at 12:39

1 Answers1

1

There isn't enough data provided here to troubleshoot for certain, but I am pretty confident that you have a misbehaving device driver loaded on your system(s) that needs updating.

fltmgr.sys is the Filter Manager kernel mode driver. Many so-called "mini-filters" plug in to this Filter Manager architecture. These mini-filters are provided both by Microsoft and by third-party vendors to provide additional functionality to the system, such as on-access antivirus scanning, file and folder redirection, etc. So the bug check is pointing to fltmgr.sys, but fltmgr.sys is just an "umbrella" that's covering the underlying bad actor.

The APC_INDEX_MISMATCH stop code means that a driver called a routine to disable an APC (asynchronous procedure call) without also calling its matching routine to re-enable the APC when it left a guarded or critical region.

Developers have to be very careful when writing device drivers and it's easy to make mistakes when writing device drivers.

You'd use a kernel debugger with the crash dump to further investigate exactly which thread was the culprit, which would lead you to a particular device driver, which I would bet money needs to be updated.

"Update your drivers" is about all I think we can give you with the data that we have.

Ryan Ries
  • 55,011
  • 9
  • 138
  • 197
  • Thank you very much Ryan for this insight. This has helped me picture the situation alot better. Also I would of uploaded the log file but I was not able to due to my reputation level. That I am sure could of helped you more. Is there a particular kernel debugger that would suggest Ryan? – jayburna688 Jun 19 '14 at 12:56
  • WinDBG is the de-facto kernel debugger for Windows. Well technically kd.exe is, and WinDbg is a GUI that wraps kd.exe and other related tools. It comes with the Windows SDK, DDK, Visual Studio, etc. It's a free download. Load the crash dump file into WinDBG, and start with a `!analyze -v` ... the rabbit hole goes really deep from there. :) – Ryan Ries Jun 19 '14 at 13:18
  • 1
    Also, be careful about sharing your crash dumps with people. They can and often do contain sensitive information that was in a machine's memory at the time it crashed. This includes things like passwords. – Ryan Ries Jun 19 '14 at 13:25