1. Forum
  2. Usenet
  3. MICROSOFT.PUBLIC.WINDBG

  • Windows driver freezing terminal server

    From bharatgade@gmail.com@21:1/5 to All on Fri Mar 22 11:13:09 2019
    There is a kernel level driver installed on a terminal server.It works fine for certain period of time on that terminal sever. later on
    that terminal server itself getting into freezed state where noboday can RDP & web console to connect with server. In my case,
    CPU is always hitting to 100% in freezed state. After unstalling that driver the terminal server works fine or even responds properly always.Even if it is 100% CPU usage and gets slow but still reponds to the RDP & web console.

    That scenario is kind of hard to reproduce it. but still i got successful to fetch complete memory dump out of that machine in that scenario then i analyzed full memory dump using microsoft WinDbg tool. WinDbg tool displayed faulty driver module name and
    call stack as below

    Module Name: MMTEProxy (Installed Driver)

    [0x0] nt!KxWaitForLockOwnerShip + 0x27
    [0x1] MMTEProxy!LutTranslatePort + 0x2c2
    [0x2] MMTEProxy!PerformSocketRedirection + 0xba7
    [0x3] MMTEProxy!TriggerPrByALERedirectInline + 0x244
    [0x4] MMTEProxy!DDProxyBindRedirectClassify + 0x537
    [0x5] tcpip!AlePostProcessClassify + 0x105
    [0x6] NETIO!ProcessCallout + 0x1579f
    [0x7] NETIO!ArbitrateAndEnforce + 0x2c3
    [0x8] NETIO!KfdClassify + 0x879
    [0x9] tcpip!AleInspectBindRequest + 0xa0d71
    [0xa] tcpip!UdpIoControlEndpoint + 0x2b6
    [0xb] afd!AfdTLIoControl + 0x50
    [0xc] afd!AfdTLBindSecurityComplete + 0xbd
    [0xd] afd!AfdTLIoControl + 0x9e
    [0xe] afd!AfdTLBindSecurity + 0xaf
    [0xf] afd!AfdBind + 0x394
    [0x10] afd!AfdDispatchDeviceControl + 0x66
    [0x11] nt!IopXxxControlFile + 0xa4f
    [0x12] nt!NtDeviceIoControlFile + 0x56
    [0x13] nt!KiSystemServiceCopyEnd + 0x13
    [0x14] ntdll!NtDeviceIoControlFile + 0xa
    [0x15] mswsock!WSPBind + 0x251
    [0x16] WS2_32!bind + 0x77

    Since i am not expert in kernel level driver development,But i tried to google about driver. Internally it uses the following lock to perform any operation at process table or session table

    KeAcquireInStackQueuedSpinLock (
    _Inout_ PKSPIN_LOCK SpinLock,
    _Out_ PKLOCK_QUEUE_HANDLE LockHandle
    );

    With help of WinDbg tool, I also checked that there is no any deadlock condition or curretnly held lock by any thread. still i am not getting what causing this issue. whether its lock is not handled properly at code level or some particular situation,
    the above kernel level
    method doesn't work and it never releases lock.

    Please can you help me with this if you know about it.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)