Cb Response: Blue Screen 0xD1 Stop error after Windows July patches
search cancel

Cb Response: Blue Screen 0xD1 Stop error after Windows July patches

book

Article ID: 285718

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • BSOD with 0xD1 Stop error
  • WinDbg !analyze -v has an output similar to the below, truncated to important clues.
STACK_TEXT:
ffffd000`20ae42b8 fffff801`1f34ae89 : ffffe001`bc6b9d80 fffff801`1f34ae89 ffffe001`bc6b4ba0 fffff801`1f2be446 : tcpip!TcpPortPoolQueryLocalAddressFunction+0xece02 
ffffd000`20ae42c0 fffff801`1f34af2b : ffffe001`ba668000 00000000`00000002 ffffe001`bb97f138 fffff801`1f2d7363 : tcpip!EnumerateEndpointInAssignment+0x59 
ffffd000`20ae4300 fffff801`1f34aba4 : ffffe001`ba668000 fffff801`1f35508a ffffd000`20ae4448 ffffe001`bbbcd758 : tcpip!EnumerateAndReferenceEndpointInAssignment+0x2b 
ffffd000`20ae4340 fffff801`1f354faf : 00000000`0000c00d ffffe001`ba668000 00000000`0000c00c fffff801`1f2d1e3b : tcpip!InetBeginEnumeratePort+0x80 
ffffd000`20ae43c0 fffff801`1f34add7 : 00000000`00000000 ffffe001`bc6b4c10 ffffd000`20ae4678 ffffd000`20ae4678 : tcpip!InetContinueEnumeratePortPool+0x4f 
ffffd000`20ae4410 fffff801`1f34a24c : 00000000`00000018 ffffe001`bbbcd758 ffffe001`bbbcd098 00000000`00000510 : tcpip!TcpEnumerateListeners+0x1bf 
ffffd000`20ae44b0 fffff801`1e93f2b8 : fffff801`1f46ab18 ffffd000`20ae4600 00000000`00000000 00000000`00000000 : tcpip!TcpEnumerateConnectionType+0x140 
ffffd000`20ae4500 fffff801`1fbc4d91 : ffffe001`bbbcd010 ffffe001`00000070 00000000`01cdf740 ffffe001`0000000a : NETIO!NsiEnumerateObjectsAllParametersEx+0x20d 
ffffd000`20ae46f0 fffff801`1fbc61a9 : 00000000`00000001 00000000`01cdf740 00000000`00000070 00000000`00000000 : nsiproxy!NsippEnumerateObjectsAllParameters+0x201 
ffffd000`20ae48e0 fffff801`1fbc5fbb : ffffe001`bb6c2010 ffffd000`20ae49d1 ffffe001`bbca39b0 ffffe001`bb6c20e0 : nsiproxy!NsippDispatchDeviceControl+0x79 
ffffd000`20ae4920 fffff803`90507e9b : 00000000`00000002 ffffe001`bbca39b0 ffffe001`bbca39b0 0000000c`001f0003 : nsiproxy!NsippDispatch+0x2b

STACK_COMMAND: kb
IMAGE_NAME: NETIO.SYS
FAILURE_BUCKET_ID: AV_NETIO!NsiEnumerateObjectsAllParametersEx

Environment

  • Carbon Black Response: All
  • Windows 7
  • Windows 10
  • Windows Server 2008
  • Windows Server 2012
  • Windows Server 2016

Cause

  • Microsoft Windows July patches included a bug that causes a race condition with network monitoring workload applications such as the Cb Response sensor.
Addresses an issue that may cause some devices running network monitoring workloads to receive the 0xD1 Stop error because of a race condition after installing the July update

Resolution

OSBuildKBFixed
Windows 10 170316299.547https://support.microsoft.com/en-us/help/4338825/windows-10-update-kb4338825https://support.microsoft.com/en-us/help/4345420/windows-10-update-kb4345420
Windows 10 180317134.165https://support.microsoft.com/en-us/help/4338819/windows-10-update-kb4338819https://support.microsoft.com/en-us/help/4345421/windows-10-update-kb4345421
Windows Server 201614393.2363https://support.microsoft.com/en-us/help/4338814/windows-10-update-kb4338814https://support.microsoft.com/en-us/help/4345418/windows-10-update-kb4345418
Windows 1010240.17914https://support.microsoft.com/en-us/help/4338829/windows-10-update-kb4338829https://support.microsoft.com/en-us/help/4345455/windows-10-update-kb4345455
            

Windows 8.1

            

Windows Server 2012 R2

            		Monthly Rolluphttps://support.microsoft.com/en-us/help/4338815/windows-81-update-kb4338815https://support.microsoft.com/en-us/help/4338831/july172018kb4338831osbuildpreviewofmonthlyrollup
            

Windows 8.1

            

Windows Server 2012 R2

            		Security-Only Updatehttps://support.microsoft.com/en-us/help/4338824/windows-81-update-kb4338824https://support.microsoft.com/en-us/help/4345424/improvements-and-fixes-windows-8-1-and-server-2012-r2
            

Windows Server 2012 R2

            		Monthly Rolluphttps://support.microsoft.com/en-us/help/4338830/windows-server-2012-update-kb4338830https://support.microsoft.com/en-us/help/4338816/july172018kb4338816osbuildpreviewofmonthlyrollup
            

Windows 7

            

Windows Server 2008 SP1

            		Security-Only Updatehttps://support.microsoft.com/en-us/help/4338823/windows-7-update-kb4338823https://support.microsoft.com/en-us/help/4345459/stop-error-0xd1-after-a-race-condition-occurs-in-windows-7-service-pac
            

Windows 7

            

Windows Server 2008 SP1

            		Monthly Rolluphttps://support.microsoft.com/en-us/help/4338818/windows-7-update-kb4338818https://support.microsoft.com/en-us/help/4338821/july242018kb4338821osbuildpreviewofmonthlyrollup
Powered by Wolken Software