Serwer terminali Winflector - alternatywa dla aplikacji Zdalny Pulpit, Citrix XenApp

Forum > Product technical support > Bluescreen when using Mini-filter (c:\Wfmount)

Autor: JHudler
Data: 2022-01-18 13:05:58

 

Recently, (starting 3 weeks ago), our server (Azure hosted) started crashing randomly.

Analyzing the produced crash minidump, it seems that is related to the filter driver (Wfflt appearing in the stack trace).

 # Child-SP          RetAddr               Call Site

00 ffff8e81`aacf1458 fffff802`dddffa29     nt!KeBugCheckEx

01 ffff8e81`aacf1460 fffff802`dddffdd0     nt!KiBugCheckDispatch+0x69

02 ffff8e81`aacf15a0 fffff802`dddfe3d8     nt!KiFastFailDispatch+0xd0

03 ffff8e81`aacf1780 fffff807`d4a19cb9     nt!KiRaiseSecurityCheckFailure+0x2d8

04 ffff8e81`aacf1910 fffff807`d4a1ce70     Wfflt+0x49cb9

05 ffff8e81`aacf1918 ffffbf02`9c01c610     Wfflt+0x4ce70

06 ffff8e81`aacf1920 ffffbf02`9c01c610     0xffffbf02`9c01c610

07 ffff8e81`aacf1928 fffff802`ddc92000     0xffffbf02`9c01c610

08 ffff8e81`aacf1930 ffff8e81`aacf1970     nt!WerLiveKernelInitSystem <PERF>

(nt+0x0)

Unfortunately, I couldn't still identify the user and ocasion when this happens, since we have different customers (companies) using our software remotely with different users.

Currently we are using version 3.9.8.0.

I see that in version 3.9.8.3 there was a fix related to this driver. Is this fix related?

  •   fix in wfflt.sys filter driver (version 1.3.1) responsible for /wfmount file mapping

    • If this is already fixed, we will proceed to upgrade our version, but first I wanted to understand better what kind of fix this version introduced so we don't fall in false expectations.

    Alos, to prevent and/or for better diagnostics, what else can be done?

     
    Autor: Rafal (staff)
    Data: 2022-01-20 12:12:51

    Is there any antyvirus software installed on that machine?

    As we know the winflector wflt driver is not compatible with Sophos and Comodo Antivirus software.

     

     

     

    Please start cmd.exe as administrator (right click on the cmd icon and: Run as administrator)

     

    Then run command: fltmc.exe and send the output.

     

     

     

     
    Autor: JHudler
    Data: 2022-01-20 13:55:09

    > Is there any antyvirus software installed on that machine?

    We are using BitDefender in that host. But I don't believe it may be the crash cause.

    Winflector server is running for a long time now, and the crashes started recently, every other day (or two days stable, one day crash in a random part of the day).

    I believe there is some kind of user behavior that is triggering a hidden bug or something. I'm still trying to find what it is exactly.

    Here is the fltmc output:

    Nome do filtro                    Número de instâncias    Altitude    Quadro

    ------------------------------  -------------  ------------  -----

    DfsDriver                               0       405000         0

    WdFilter                                3       328010         0

    vlflt                                   3       320832         0

    bddevflt                                3       320812         0

    atc                                     5       320781         0

    trufos                                  2       320770         0

    Wfflt                                   1       265000         0

    DfsrRo                                  0       261100         0

    storqosflt                              0       244000         0

    wcifs                                   0       189900         0

    FileCrypt                               0       141100         0

    luafv                                   1       135000         0

    npsvctrig                               1        46000         0

    Wof                                     1        40700         0
    Autor: JHudler
    Data: 2022-01-24 13:47:00

    So, what are the findings? Any feedback on this?
    1


    Zaloguj się aby móc pisać na forum.