需要帮助来了解服务器为何突然崩溃

我想知道为什么我们的服务器突然崩溃了。根据这当某些内核代码尝试关闭无效句柄或受保护的句柄时，可能会发生这种情况。

有什么方法可以了解什么样的手柄可能导致这种情况？

以下是来自 windbg 和 Windows 恢复窗口的信息。

这是来自 windbg 的报告：

Loading Dump File [C:\TEMP\022015-48594-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*c:\debuggers*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\debuggers*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (12 procs) Free x64
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 7601.18229.amd64fre.win7sp1_gdr.130801-1533
Machine Name:
Kernel base = 0xfffff800`0181e000 PsLoadedModuleList = 0xfffff800`01a616d0
Debug session time: Fri Feb 20 10:20:29.194 2015 (UTC - 6:00)
System Uptime: 0 days 20:15:34.826
Loading Kernel Symbols
...............................................................
................................................................
.............
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 93, {a58, 0, 0, 0}

Probably caused by : srv2.sys ( srv2!SrvCloseFile+1d1 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

INVALID_KERNEL_HANDLE (93)
This message occurs if kernel code attempts to close or reference a handle
that is not a valid handle.  Only invalid or protected handles passed to NtClose
will cause this bugcheck, unless bad handle detection is enabled.
Arguments:
Arg1: 0000000000000a58, The handle that NtClose was called with
Arg2: 0000000000000000, A protected handle was closed.
Arg3: 0000000000000000
Arg4: 0000000000000000, The error occurred closing an invalid kernel handle.

Debugging Details:
------------------


CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT_SERVER

BUGCHECK_STR:  0x93

PROCESS_NAME:  System

CURRENT_IRQL:  0

ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre

LAST_CONTROL_TRANSFER:  from fffff80001afee1f to fffff80001893b80

STACK_TEXT:  
fffff880`0946b888 fffff800`01afee1f : 00000000`00000093 00000000`00000a58 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
fffff880`0946b890 fffff800`01b8c604 : 00000000`00000a58 fffffa80`2d5d6990 fffff8a0`00001ad0 00000000`00000a58 : nt! ?? ::NNGAKEGL::`string'+0x31e71
fffff880`0946b920 fffff800`01892e13 : fffffa80`2f1fab50 fffff880`0946b9f0 ffffffff`ffffffff 00000000`000001a0 : nt!ObpCloseHandle+0x94
fffff880`0946b970 fffff800`0188f3d0 : fffff880`05a032c1 fffffa80`2e0697a0 fffff8a0`0734d7f0 ffffffff`ffffffff : nt!KiSystemServiceCopyEnd+0x13
fffff880`0946bb08 fffff880`05a032c1 : fffffa80`2e0697a0 fffff8a0`0734d7f0 ffffffff`ffffffff fffffa80`2e0697a0 : nt!KiServiceLinkage
fffff880`0946bb10 fffff880`05a28f08 : 00000000`00000000 fffffa80`2df46e20 fffff780`00000320 fffffa80`2f02bce0 : srv2!SrvCloseFile+0x1d1
fffff880`0946bbd0 fffff880`05a285d0 : fffffa80`2f02ba00 fffffa80`00000000 fffff880`05a22110 fffffa80`30b1b010 : srv2!Smb2ExecuteClose+0x98
fffff880`0946bc80 fffff880`05a2839a : 00000000`0000000f 00000000`00000006 fffffa80`6aca9310 fffffa80`2f02ba40 : srv2!SrvProcessPacket+0xa0
fffff880`0946bcc0 fffff800`01b31bae : 00000000`0000206c fffffa80`2f1fab50 00000000`00000080 fffffa80`2d5d6990 : srv2!SrvProcWorkerThread+0x15a
fffff880`0946bd40 fffff800`018848c6 : fffff800`01a0ee80 fffffa80`2f1fab50 fffff800`01a1ccc0 00000008`00000008 : nt!PspSystemThreadStartup+0x5a
fffff880`0946bd80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP: 
srv2!SrvCloseFile+1d1
fffff880`05a032c1 48837f1000      cmp     qword ptr [rdi+10h],0

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  srv2!SrvCloseFile+1d1

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: srv2

IMAGE_NAME:  srv2.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4dba2b0a

IMAGE_VERSION:  6.1.7601.17608

FAILURE_BUCKET_ID:  X64_0x93_srv2!SrvCloseFile+1d1

BUCKET_ID:  X64_0x93_srv2!SrvCloseFile+1d1

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:x64_0x93_srv2!srvclosefile+1d1

FAILURE_ID_HASH:  {2ed283b0-a827-9f52-d1e7-a37c5d171413}

Followup: MachineOwner
---------

这是服务器恢复后的消息：

Problem signature:
  Problem Event Name:   BlueScreen
  OS Version:   6.1.7601.2.1.0.274.10
  Locale ID:    1033

Additional information about the problem:

  BCCode:   93
  BCP1: 0000000000000A58
  BCP2: 0000000000000000
  BCP3: 0000000000000000
  BCP4: 0000000000000000
  OS Version:   6_1_7601
  Service Pack: 1_0
  Product:  274_3