1 2 Previous Next 22 Replies Latest reply on Nov 13, 2017 7:52 PM by Akim_khan Go to original post
      • 15. Re: Server Crash/Reboot: vnetflt.sys
        Cyberfed27 Hot Shot

        Just happened to us on a freshly built 2012 R2 server.


        We use Trend Micro for agent-less AV.

        The DMP file points to the vmware tools driver as the culprit.

        We are going to try uninstalling/reinstalling the VMware tools.

        We have never had any issues ever until now.


        Running ESXi 5.1, build 19000470

        • 16. Re: Server Crash/Reboot: vnetflt.sys
          Matt.B Enthusiast

          Did the VMware tools fix your issue?  We are on ESXi v5.5 build 1892794 and noticed this issue on a small subset of VMs that had their VMware tools upgraded.

          • 17. Re: Server Crash/Reboot: vnetflt.sys
            capsoc Lurker

            We are no longer seeing memory leak issues, but since updating Vmware Tools to 9.4.6 (ESXi 5.5 1892794) we are having a experiencing a small subset of servers getting a black screen of death crash.  We've had to remove Trend Deep Security protection & Vmware Tools VMCI drivers which prevents this black screen of death issue. I hope Vmware addresses this ASAP in a forthcoming patch/bug fix.

            • 18. Re: Server Crash/Reboot: vnetflt.sys
              sofasurfer Lurker

              Hi Guys,

              Check out VMware KB: Windows virtual machine installed with vShield Endpoint Thin Agent (vsepflt.sys) and vShield Endpoint TDI… - we were affected by the memory bug issue in the vshield drivers, upgraded to the latest tools which was supposed to fix this issue, but started to get servers randomly reboot or become totally non-responsive... we contacted VMWare and mentioned that KB article above, and were given a new set of vshield endpoint drivers (vsepflt.sys and vnetflt.sys) - File version 5.5.2, Product version 5.5.2 build- 1904019. We've rolled this out to quite a few affected machines and have had any problems since... VMWare Tech. Support said they were looking at rolling this into a future update - but not the next immediate one.

              Hope this helps.

              • 19. Re: Server Crash/Reboot: vnetflt.sys
                Matt.B Enthusiast

                A couple things worked for us in fixing the issue with vnetflt.sys:

                • For non-ESXi v5.5 VMs, uninstalling VMware tools, reinstalling but using custom option and deselecting the vShield drivers.
                • For ESXi v5.5 VMs, upgrading the VM to virtual hardware version 10.
                • 20. Re: Server Crash/Reboot: vnetflt.sys
                  capsoc Lurker

                  We tried the VM hardware version 10 uplift, but that did not fix it for us.


                  The fix for us was to receive the updated vShield driver from Vmware. We are now awaiting them to release a public ESX update / tools update so we can roll it out to all our Windows VM's.

                  • 21. Re: Server Crash/Reboot: vnetflt.sys
                    vmware088 Lurker

                    Just wanted to provide our feedback as we have had issues with crashes.  BSOD debug points to vnetflt.sys as well.  ESXi 5.1 1900470, Trend Micro Deep Security v9.0.  We could not cleanly uninstall all vmware tools until we deactivated the client from Deep Security Manager.  Only then could we properly remove the vShield drivers.   We could have found this sooner, however received very poor support from VMware initially.  We suspected something with the VMware Tools because it started going crazy after an upgrade.  Tried to uninstall but reminents of vmware tools still there.  VMware Tech's solution was to disable VMware Tools service.  It was days later when I looked in system drivers list in system tools and found that vnetflt.sys was still there and in fact running!  Disabling Tools did not fix.

                    Good news no more crashes...bad news...what now for malware protection.  No confidence in agentless with vshield drivers.


                    Anyway just wanted to give my 2 cents.

                    • 22. Re: Server Crash/Reboot: vnetflt.sys
                      Akim_khan Lurker

                      i have the same issue, let me know if have any concrete solution for it, or recommend to reinstall Vm tool?


                      find the below bugcheck details.


                      *                                                                             *

                      *                        Bugcheck Analysis                                    *

                      *                                                                             *




                      SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)

                      This is a very common bugcheck.  Usually the exception address pinpoints

                      the driver/function that caused the problem.  Always note this address

                      as well as the link date of the driver/image that contains this address.

                      Some common problems are exception code 0x80000003.  This means a hard

                      coded breakpoint or assertion was hit, but this system was booted

                      /NODEBUG.  This is not supposed to happen as developers should never have

                      hardcoded breakpoints in retail code, but ...

                      If this happens, make sure a debugger gets connected, and the

                      system is booted /DEBUG.  This will let us see why this breakpoint is



                      Arg1: ffffffffc0000005, The exception code that was not handled

                      Arg2: fffff880015c0478, The address that the exception occurred at

                      Arg3: fffff8800230f7e8, Exception Record Address

                      Arg4: fffff8800230f050, Context Record Address



                      Debugging Details:






                      DUMP_CLASS: 1



                      DUMP_QUALIFIER: 400



                      BUILD_VERSION_STRING:  7601.23864.amd64fre.win7sp1_ldr.170707-0600



                      SYSTEM_MANUFACTURER:  VMware, Inc.



                      VIRTUAL_MACHINE:  VMware



                      SYSTEM_PRODUCT_NAME:  VMware Virtual Platform



                      SYSTEM_VERSION:  None



                      BIOS_VENDOR:  Phoenix Technologies LTD



                      BIOS_VERSION:  6.00



                      BIOS_DATE:  04/14/2014



                      BASEBOARD_MANUFACTURER:  Intel Corporation



                      BASEBOARD_PRODUCT:  440BX Desktop Reference Platform



                      BASEBOARD_VERSION:  None



                      DUMP_TYPE:  2



                      BUGCHECK_P1: ffffffffc0000005



                      BUGCHECK_P2: fffff880015c0478



                      BUGCHECK_P3: fffff8800230f7e8



                      BUGCHECK_P4: fffff8800230f050



                      EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.





                      fffff880`015c0478 450fb7435c      movzx   r8d,word ptr [r11+5Ch]



                      EXCEPTION_RECORD:  fffff8800230f7e8 -- (.exr 0xfffff8800230f7e8)

                      ExceptionAddress: fffff880015c0478 (vsepflt+0x0000000000013478)

                         ExceptionCode: c0000005 (Access violation)

                        ExceptionFlags: 00000000

                      NumberParameters: 2

                         Parameter[0]: 0000000000000000

                         Parameter[1]: ffffffffffffffff

                      Attempt to read from address ffffffffffffffff



                      CONTEXT:  fffff8800230f050 -- (.cxr 0xfffff8800230f050)

                      rax=ffff0000036e1811 rbx=fffffa800f754a10 rcx=0000000000000010

                      rdx=fffff880015dfac0 rsi=0000000000000002 rdi=0000000000000010

                      rip=fffff880015c0478 rsp=fffff8800230fa20 rbp=0000000000000000

                      r8=0000000000380036  r9=0000000000000002 r10=fffff880009cec40

                      r11=00300032002e002a r12=fffff880013ecc80 r13=fffff880015c0838

                      r14=0000000000000000 r15=fffff880013e6000

                      iopl=0         nv up ei pl nz na pe nc

                      cs=0010  ss=0000  ds=002b  es=002b  fs=0053  gs=002b             efl=00010202


                      fffff880`015c0478 450fb7435c      movzx   r8d,word ptr [r11+5Ch] ds:002b:00300032`002e0086=????

                      Resetting default scope



                      CPU_COUNT: 4



                      CPU_MHZ: a28



                      CPU_VENDOR:  GenuineIntel



                      CPU_FAMILY: 6



                      CPU_MODEL: 3e



                      CPU_STEPPING: 4



                      CPU_MICROCODE: 6,3e,4,0 (F,M,S,R)  SIG: 427'00000000 (cache) 427'00000000 (init)



                      CUSTOMER_CRASH_COUNT:  1






                      PROCESS_NAME:  System



                      CURRENT_IRQL:  0



                      ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.



                      EXCEPTION_CODE_STR:  c0000005



                      EXCEPTION_PARAMETER1:  0000000000000000



                      EXCEPTION_PARAMETER2:  ffffffffffffffff





                      fffff880`015c0478 450fb7435c      movzx   r8d,word ptr [r11+5Ch]



                      BUGCHECK_STR:  0x7E



                      READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800020af100

                      Unable to get MmSystemRangeStart

                      GetUlongPtrFromAddress: unable to read from fffff800020af2e8

                      GetUlongPtrFromAddress: unable to read from fffff800020af498

                      GetPointerFromAddress: unable to read from fffff800020af0b8







                      ANALYSIS_SESSION_TIME:  11-14-2017 09:03:13.0818



                      ANALYSIS_VERSION: 10.0.15063.468 amd64fre



                      LAST_CONTROL_TRANSFER:  from 0000000000000000 to fffff880015c0478




                      fffff880`0230fa20 00000000`00000000 : fffff880`015dfac0 00000000`00380036 00000000`00000002 fffffa80`1b6fc4e0 : vsepflt+0x13478





                      THREAD_SHA1_HASH_MOD_FUNC:  436176c8c3db348c9a9ce1d32fc516db20c6ed24



                      THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  6158c2b9990c53b8693e16f616e7af005ec00417



                      THREAD_SHA1_HASH_MOD:  436176c8c3db348c9a9ce1d32fc516db20c6ed24



                      FAULT_INSTR_CODE:  43b70f45



                      SYMBOL_STACK_INDEX:  0



                      SYMBOL_NAME:  vsepflt+13478



                      FOLLOWUP_NAME:  MachineOwner



                      MODULE_NAME: vsepflt



                      IMAGE_NAME:  vsepflt.sys



                      DEBUG_FLR_IMAGE_TIMESTAMP:  53aa728a



                      STACK_COMMAND:  .cxr 0xfffff8800230f050 ; kb



                      FAILURE_BUCKET_ID:  X64_0x7E_vsepflt+13478



                      BUCKET_ID:  X64_0x7E_vsepflt+13478



                      PRIMARY_PROBLEM_CLASS:  X64_0x7E_vsepflt+13478



                      TARGET_TIME:  2017-11-14T01:13:01.000Z



                      OSBUILD:  7601



                      OSSERVICEPACK:  1000



                      SERVICEPACK_NUMBER: 0



                      OS_REVISION: 0



                      SUITE_MASK:  272



                      PRODUCT_TYPE:  3



                      OSPLATFORM_TYPE:  x64



                      OSNAME:  Windows 7



                      OSEDITION:  Windows 7 Server (Service Pack 1) TerminalServer SingleUserTS






                      USER_LCID:  0



                      OSBUILD_TIMESTAMP:  2017-07-07 20:26:26



                      BUILDDATESTAMP_STR:  170707-0600



                      BUILDLAB_STR:  win7sp1_ldr



                      BUILDOSVER_STR:  6.1.7601.23864.amd64fre.win7sp1_ldr.170707-0600



                      ANALYSIS_SESSION_ELAPSED_TIME:  5ca



                      ANALYSIS_SOURCE:  KM



                      FAILURE_ID_HASH_STRING:  km:x64_0x7e_vsepflt+13478



                      FAILURE_ID_HASH:  {67429edc-8db0-adaf-cbf3-2c17995cb15e}

                      1 2 Previous Next