Server 2019 1809 17763.914 running Remote Desktop Services and all updates are applied.
On reboot, the Windows Defender Firewall is stopped (even though it is set to automatically start) and when I manually start the service (via any command line, windows services, server manager, defender gui etc.) it BSOD with the error of “Critical Processes Stopped”
Any external servers are unable to access IIS sites, but can access them via localhost.
Here is the mini dump:
Microsoft (R) Windows Debugger Version 10.0.18362.1 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\Minidump\010220-4875-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: srv* Executable search path is: Windows 10 Kernel Version 17763 MP (4 procs) Free x64 Product: Server, suite: TerminalServer <20000> Built by: 17763.1.amd64fre.rs5_release.180914-1434 Machine Name: Kernel base = 0xfffff802`2321e000 PsLoadedModuleList = 0xfffff802`23637710 Debug session time: Thu Jan 2 13:07:01.479 2020 (UTC + 10:00) System Uptime: 0 days 0:02:06.011 Loading Kernel Symbols ............................................................... ................................................................ ..................... Loading User Symbols Loading unloaded module list ....... For analysis of this file, run !analyze -v 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* CRITICAL_PROCESS_DIED (ef) A critical system process died Arguments: Arg1: ffff9405b1bd1080, Process object or thread object Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died. Arg3: 0000000000000000 Arg4: 0000000000000000 Debugging Details: ------------------ KEY_VALUES_STRING: 1 PROCESSES_ANALYSIS: 1 SERVICE_ANALYSIS: 1 STACKHASH_ANALYSIS: 1 TIMELINE_ANALYSIS: 1 DUMP_CLASS: 1 DUMP_QUALIFIER: 400 BUILD_VERSION_STRING: 17763.1.amd64fre.rs5_release.180914-1434 SYSTEM_MANUFACTURER: Microsoft Corporation VIRTUAL_MACHINE: HyperV SYSTEM_PRODUCT_NAME: Virtual Machine SYSTEM_SKU: None SYSTEM_VERSION: Hyper-V UEFI Release v4.0 BIOS_VENDOR: Microsoft Corporation BIOS_VERSION: Hyper-V UEFI Release v4.0 BIOS_DATE: 03/13/2019 BASEBOARD_MANUFACTURER: Microsoft Corporation BASEBOARD_PRODUCT: Virtual Machine BASEBOARD_VERSION: Hyper-V UEFI Release v4.0 DUMP_TYPE: 2 BUGCHECK_P1: ffff9405b1bd1080 BUGCHECK_P2: 0 BUGCHECK_P3: 0 BUGCHECK_P4: 0 PROCESS_NAME: svchost.exe CRITICAL_PROCESS: svchost.exe EXCEPTION_RECORD: ffff9405b1bd1640 -- (.exr 0xffff9405b1bd1640) ExceptionAddress: 0000000000000000 ExceptionCode: 00000000 ExceptionFlags: 00000000 NumberParameters: 0 EXCEPTION_CODE: (NTSTATUS) 0xb0333080 - <Unable to get error code text> ERROR_CODE: (NTSTATUS) 0xb0333080 - <Unable to get error code text> CPU_COUNT: 4 CPU_MHZ: a6b CPU_VENDOR: GenuineIntel CPU_FAMILY: 6 CPU_MODEL: 1a CPU_STEPPING: 5 CPU_MICROCODE: 6,1a,5,0 (F,M,S,R) SIG: FFFFFFFF'00000000 (cache) FFFFFFFF'00000000 (init) BLACKBOXBSD: 1 (!blackboxbsd) CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT_SERVER BUGCHECK_STR: 0xEF CURRENT_IRQL: 0 ANALYSIS_SESSION_HOST: INFARMDC01-RDP ANALYSIS_SESSION_TIME: 01-02-2020 14:26:35.0328 ANALYSIS_VERSION: 10.0.18362.1 amd64fre LAST_CONTROL_TRANSFER: from fffff80223aa8e9d to fffff802233d4980 STACK_TEXT: fffffc86`3c830048 fffff802`23aa8e9d : 00000000`000000ef ffff9405`b1bd1080 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx fffffc86`3c830050 fffff802`239ba837 : 00000000`00000001 fffff802`23278039 ffff9405`b1bd1080 fffff802`23270858 : nt!PspCatchCriticalBreak+0xfd fffffc86`3c8300f0 fffff802`2385ca7c : ffff9405`00000000 00000000`00000000 ffff9405`b1bd1080 ffff9405`b1bd1358 : nt!PspTerminateAllThreads+0x15ef33 fffffc86`3c830160 fffff802`2381e1b9 : ffffffff`ffffffff fffffc86`3c830290 ffff9405`b1bd1080 fffff802`232be900 : nt!PspTerminateProcess+0xe0 fffffc86`3c8301a0 fffff802`233e5c05 : 00000000`00001278 ffff9405`b0333080 ffff9405`b1bd1080 fffffc86`3c8303e0 : nt!NtTerminateProcess+0xa9 fffffc86`3c830210 fffff802`233d8690 : fffff802`23405474 fffffc86`3c830b98 fffffc86`3c830b98 fffffc86`3c8303e0 : nt!KiSystemServiceCopyEnd+0x25 fffffc86`3c8303a8 fffff802`23405474 : fffffc86`3c830b98 fffffc86`3c830b98 fffffc86`3c8303e0 00000000`00000000 : nt!KiServiceLinkage fffffc86`3c8303b0 fffff802`233e65a4 : ffff9405`b1bd1640 fffff802`232b6456 00000000`00000000 00000000`00000001 : nt!KiDispatchException+0x1a7284 fffffc86`3c830a60 fffff802`233e498e : ffff9405`b0333080 00000000`00000000 00000264`faf68370 ffff9405`b1b14f01 : nt!KiFastFailDispatch+0xe4 fffffc86`3c830c40 00007ffd`f0fb4720 : 00007ffd`f10094ac 00000000`00000001 00000264`faf230d0 00000264`00000000 : nt!KiRaiseSecurityCheckFailure+0x30e 00000096`ba37f998 00007ffd`f10094ac : 00000000`00000001 00000264`faf230d0 00000264`00000000 00000000`00000120 : 0x00007ffd`f0fb4720 00000096`ba37f9a0 00000000`00000001 : 00000264`faf230d0 00000264`00000000 00000000`00000120 00000264`faf68370 : 0x00007ffd`f10094ac 00000096`ba37f9a8 00000264`faf230d0 : 00000264`00000000 00000000`00000120 00000264`faf68370 00007ffd`f0f9fae8 : 0x1 00000096`ba37f9b0 00000264`00000000 : 00000000`00000120 00000264`faf68370 00007ffd`f0f9fae8 00000000`00000024 : 0x00000264`faf230d0 00000096`ba37f9b8 00000000`00000120 : 00000264`faf68370 00007ffd`f0f9fae8 00000000`00000024 00000001`00000025 : 0x00000264`00000000 00000096`ba37f9c0 00000264`faf68370 : 00007ffd`f0f9fae8 00000000`00000024 00000001`00000025 00000264`faf23278 : 0x120 00000096`ba37f9c8 00007ffd`f0f9fae8 : 00000000`00000024 00000001`00000025 00000264`faf23278 00000096`ba37fd58 : 0x00000264`faf68370 00000096`ba37f9d0 00000000`00000024 : 00000001`00000025 00000264`faf23278 00000096`ba37fd58 00640072`00610068 : 0x00007ffd`f0f9fae8 00000096`ba37f9d8 00000001`00000025 : 00000264`faf23278 00000096`ba37fd58 00640072`00610068 006b0073`00690064 : 0x24 00000096`ba37f9e0 00000264`faf23278 : 00000096`ba37fd58 00640072`00610068 006b0073`00690064 00760065`0064005c : 0x00000001`00000025 00000096`ba37f9e8 00000096`ba37fd58 : 00640072`00610068 006b0073`00690064 00760065`0064005c 005c0065`00630069 : 0x00000264`faf23278 00000096`ba37f9f0 00640072`00610068 : 006b0073`00690064 00760065`0064005c 005c0065`00630069 00000000`00000000 : 0x00000096`ba37fd58 00000096`ba37f9f8 006b0073`00690064 : 00760065`0064005c 005c0065`00630069 00000000`00000000 00000000`00000000 : 0x00640072`00610068 00000096`ba37fa00 00760065`0064005c : 005c0065`00630069 00000000`00000000 00000000`00000000 00000000`00000000 : 0x006b0073`00690064 00000096`ba37fa08 005c0065`00630069 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00760065`0064005c 00000096`ba37fa10 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x005c0065`00630069 THREAD_SHA1_HASH_MOD_FUNC: 4eea4701cef87a9898dd276682cc304560e002d4 THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 2816b2618b7d0b5a47f6e8680612f55f8f11ceaa THREAD_SHA1_HASH_MOD: bc100a5647b828107ac4e18055e00abcbe1ec406 FOLLOWUP_IP: nt!PspCatchCriticalBreak+fd fffff802`23aa8e9d cc int 3 FAULT_INSTR_CODE: ed8440cc SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: nt!PspCatchCriticalBreak+fd FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 0 IMAGE_VERSION: 10.0.17763.914 STACK_COMMAND: .thread ; .cxr ; kb BUCKET_ID_FUNC_OFFSET: fd FAILURE_BUCKET_ID: 0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_b0333080_nt!PspCatchCriticalBreak BUCKET_ID: 0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_b0333080_nt!PspCatchCriticalBreak PRIMARY_PROBLEM_CLASS: 0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_b0333080_nt!PspCatchCriticalBreak TARGET_TIME: 2020-01-02T03:07:01.000Z OSBUILD: 17763 OSSERVICEPACK: 914 SERVICEPACK_NUMBER: 0 OS_REVISION: 0 SUITE_MASK: 131088 PRODUCT_TYPE: 3 OSPLATFORM_TYPE: x64 OSNAME: Windows 10 OSEDITION: Windows 10 Server TerminalServer OS_LOCALE: USER_LCID: 0 OSBUILD_TIMESTAMP: unknown_date BUILDDATESTAMP_STR: 180914-1434 BUILDLAB_STR: rs5_release BUILDOSVER_STR: 10.0.17763.1.amd64fre.rs5_release.180914-1434 ANALYSIS_SESSION_ELAPSED_TIME: 5af7 ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:0xef_svchost.exe_bugcheck_critical_process_b0333080_nt!pspcatchcriticalbreak FAILURE_ID_HASH: {b3d28743-3e5f-4880-17a1-23fcf5396e9a} Followup: MachineOwner ---------
Booting in safe mode (networking) and starting the firewall service is also unsuccessful.
Any ideas on where to look to get the firewall functional again?
Answer
Attribution
Source : Link , Question Author : SkywalkerIsNull , Answer Author : Community