Just happened to us on a freshly built 2012 R2 server.
We use Trend Micro for agent-less AV.
The DMP file points to the vmware tools driver as the culprit.
We are going to try uninstalling/reinstalling the VMware tools.
We have never had any issues ever until now.
Running ESXi 5.1, build 19000470
Did the VMware tools fix your issue? We are on ESXi v5.5 build 1892794 and noticed this issue on a small subset of VMs that had their VMware tools upgraded.
We are no longer seeing memory leak issues, but since updating Vmware Tools to 9.4.6 (ESXi 5.5 1892794) we are having a experiencing a small subset of servers getting a black screen of death crash. We've had to remove Trend Deep Security protection & Vmware Tools VMCI drivers which prevents this black screen of death issue. I hope Vmware addresses this ASAP in a forthcoming patch/bug fix.
Check out VMware KB: Windows virtual machine installed with vShield Endpoint Thin Agent (vsepflt.sys) and vShield Endpoint TDI… - we were affected by the memory bug issue in the vshield drivers, upgraded to the latest tools which was supposed to fix this issue, but started to get servers randomly reboot or become totally non-responsive... we contacted VMWare and mentioned that KB article above, and were given a new set of vshield endpoint drivers (vsepflt.sys and vnetflt.sys) - File version 5.5.2, Product version 5.5.2 build- 1904019. We've rolled this out to quite a few affected machines and have had any problems since... VMWare Tech. Support said they were looking at rolling this into a future update - but not the next immediate one.
Hope this helps.
A couple things worked for us in fixing the issue with vnetflt.sys:
- For non-ESXi v5.5 VMs, uninstalling VMware tools, reinstalling but using custom option and deselecting the vShield drivers.
- For ESXi v5.5 VMs, upgrading the VM to virtual hardware version 10.
We tried the VM hardware version 10 uplift, but that did not fix it for us.
The fix for us was to receive the updated vShield driver from Vmware. We are now awaiting them to release a public ESX update / tools update so we can roll it out to all our Windows VM's.
Just wanted to provide our feedback as we have had issues with crashes. BSOD debug points to vnetflt.sys as well. ESXi 5.1 1900470, Trend Micro Deep Security v9.0. We could not cleanly uninstall all vmware tools until we deactivated the client from Deep Security Manager. Only then could we properly remove the vShield drivers. We could have found this sooner, however received very poor support from VMware initially. We suspected something with the VMware Tools because it started going crazy after an upgrade. Tried to uninstall but reminents of vmware tools still there. VMware Tech's solution was to disable VMware Tools service. It was days later when I looked in system drivers list in system tools and found that vnetflt.sys was still there and in fact running! Disabling Tools did not fix.
Good news no more crashes...bad news...what now for malware protection. No confidence in agentless with vshield drivers.
Anyway just wanted to give my 2 cents.
i have the same issue, let me know if have any concrete solution for it, or recommend to reinstall Vm tool?
find the below bugcheck details.
* Bugcheck Analysis *
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff880015c0478, The address that the exception occurred at
Arg3: fffff8800230f7e8, Exception Record Address
Arg4: fffff8800230f050, Context Record Address
SYSTEM_MANUFACTURER: VMware, Inc.
SYSTEM_PRODUCT_NAME: VMware Virtual Platform
BIOS_VENDOR: Phoenix Technologies LTD
BASEBOARD_MANUFACTURER: Intel Corporation
BASEBOARD_PRODUCT: 440BX Desktop Reference Platform
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
fffff880`015c0478 450fb7435c movzx r8d,word ptr [r11+5Ch]
EXCEPTION_RECORD: fffff8800230f7e8 -- (.exr 0xfffff8800230f7e8)
ExceptionAddress: fffff880015c0478 (vsepflt+0x0000000000013478)
ExceptionCode: c0000005 (Access violation)
Attempt to read from address ffffffffffffffff
CONTEXT: fffff8800230f050 -- (.cxr 0xfffff8800230f050)
rax=ffff0000036e1811 rbx=fffffa800f754a10 rcx=0000000000000010
rdx=fffff880015dfac0 rsi=0000000000000002 rdi=0000000000000010
rip=fffff880015c0478 rsp=fffff8800230fa20 rbp=0000000000000000
r8=0000000000380036 r9=0000000000000002 r10=fffff880009cec40
r11=00300032002e002a r12=fffff880013ecc80 r13=fffff880015c0838
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0000 ds=002b es=002b fs=0053 gs=002b efl=00010202
fffff880`015c0478 450fb7435c movzx r8d,word ptr [r11+5Ch] ds:002b:00300032`002e0086=????
Resetting default scope
CPU_MICROCODE: 6,3e,4,0 (F,M,S,R) SIG: 427'00000000 (cache) 427'00000000 (init)
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
fffff880`015c0478 450fb7435c movzx r8d,word ptr [r11+5Ch]
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800020af100
Unable to get MmSystemRangeStart
GetUlongPtrFromAddress: unable to read from fffff800020af2e8
GetUlongPtrFromAddress: unable to read from fffff800020af498
GetPointerFromAddress: unable to read from fffff800020af0b8
ANALYSIS_SESSION_TIME: 11-14-2017 09:03:13.0818
ANALYSIS_VERSION: 10.0.15063.468 amd64fre
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff880015c0478
fffff880`0230fa20 00000000`00000000 : fffff880`015dfac0 00000000`00380036 00000000`00000002 fffffa80`1b6fc4e0 : vsepflt+0x13478
STACK_COMMAND: .cxr 0xfffff8800230f050 ; kb
OSNAME: Windows 7
OSEDITION: Windows 7 Server (Service Pack 1) TerminalServer SingleUserTS
OSBUILD_TIMESTAMP: 2017-07-07 20:26:26