DOCUMENT:Q165404 09-AUG-2001 [winnt] TITLE :NTVDM AV on Servers with Exchange cc:Mail Connector PRODUCT :Microsoft Windows NT PROD/VER:WinNT:4.0 OPER/SYS: KEYWORDS:kbinterop kbWinNT400sp4fix ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Windows NT Server version 4.0 - Microsoft Windows NT Server version 4.0, Terminal Server Edition ------------------------------------------------------------------------------- SYMPTOMS ======== You may receive the following error message on a computer running Windows NT Server version 4.0 and the Microsoft Exchange Connector for Lotus cc:Mail on Microsoft Exchange version 5.0: NTVDM.EXE APPLICATION.... Error the Instruction at 0x0f046f9a, The memory can not be read; A Drwtsn32.log should be created from this error and you should find the following in the log: Application exception occurred: App: exe\ntvdm.dbg (pid=66) When: 10/31/1997 @ 20:2:35.562 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: SERVERNAME User Name: USERNAME Number of Processors: 1 Processor Type: x86 Family 6 Model 1 Stepping 9 Windows Version: 4.0 Current Build: 1381 Current Type: Uniprocessor Free Registered Organization: Equitable Real Estate Registered Owner: Equitable Real Estate *----> Task List <----* 0 Idle.exe 2 System.exe 21 smss.exe 26 csrss.exe 35 winlogon.exe 41 services.exe 44 lsass.exe 68 spoolss.exe 69 INV32CLI.exe 100 llssrv.exe 107 LOCATOR.exe 122 RpcSs.exe 126 AtSvc.exe 85 WUSER32.exe 148 mad.exe 152 dsamain.exe 194 store.exe 203 emsmta.exe 318 ccmc.exe 331 logon.scr.exe 66 ntvdm.exe 256 drwtsn32.exe 0 _Total.exe State Dump for Thread Id 0x144 eax=0000b84a ebx=00000000 ecx=00000000 edx=ffffffff esi=4300b84a edi=00020000 eip=0f0471ba esp=0111fe30 ebp=0111fe3c iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 function: DpmiFreeXmem 0f0471a0 55 push ebp 0f0471a1 8bec mov ebp,esp 0f0471a3 83ec08 sub esp,0x8 0f0471a6 0fb7051c11090f ds:0f09111c=b84a movzx eax,word ptr [VdmTib+0xb6c (0f09111c)] 0f0471ad 56 push esi 0f0471ae 0fb7352011090f ds:0f091120=4300 movzx esi,word ptr [VdmTib+0xb70 (0f091120)] 0f0471b5 c1e610 shl esi,0x10 0f0471b8 0bf0 or esi,eax FAULT ->0f0471ba 8b06 mov eax,[esi] ds:4300b84a=???????? 0f0471bc 8945fc mov [ebp-0x4],eax ss:0213e842=339e068e 0f0471bf 8d45fc lea eax,[ebp-0x4] ss:0213e842=339e068e 0f0471c2 8b4e04 mov ecx,[esi+0x4] ds:4402a250=???????? 0f0471c5 894df8 mov [ebp-0x8],ecx ss:0213e842=339e068e 0f0471c8 8d4df8 lea ecx,[ebp-0x8] ss:0213e842=339e068e 0f0471cb 51 push ecx 0f0471cc 50 push eax 0f0471cd e8aa090000 call DpmiFreeVirtualMemory (0f047b7c) 0f0471d2 85c0 test eax,eax 0f0471d4 7d0c jge DpmiFreeXmem+0x42 (0f0471e2) 0f0471d6 800d4011090f01 ds:0f091140=56 or byte ptr [VdmTib+0xb90 (0f091140)],0x1 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0111fe30 0f001227 00c74b9a 0111ff3c 0f001339 0f0025ac ntvdm!DpmiFreeXmem [omap] (FPO: [0,0,0]) 0111fe3c 0f001339 0f0025ac 00000208 015003d0 7ffdf000 ntvdm!DpmiDispatch [omap] (FPO: [0,0,0]) 0111fe40 0f0025ac 00000208 015003d0 7ffdf000 00000000 ntvdm!EventVdmBop [omap] (FPO: [0,0,0]) 0111fe3c 0f001339 0f0025ac 00000208 015003d0 7ffdf000 ntvdm!cpu_simulate [omap] (FPO: Non-FPO [0,59,3]) 0111fe40 0f0025ac 00000208 015003d0 7ffdf000 00000000 ntvdm!EventVdmBop [omap] (FPO: [0,0,0]) 0111ff3c 0f007dad ffffffff 0111ff80 0f00c474 00000003 ntvdm!cpu_simulate [omap] (FPO: Non-FPO [0,59,3]) 0111ff48 0f00c474 00000003 015003d0 00000208 0000001f ntvdm!host_main [omap] (FPO: Non-FPO [0,2,1]) 0111ff80 0f00e92f 00000003 015003d0 01500410 00000208 ntvdm!main [omap] (FPO: Non-FPO [2,8,3]) 0111ffc0 77f1b304 00000208 0000001f 7ffdf000 c0000005 ntvdm!mainCRTStartup [omap] 0111fff0 00000000 0f00e85d 00000000 00000000 77fa5aa0 kernel32!BaseProcessStart (FPO: Non-FPO [1,8,3]) 00000000 0070018b 036e0016 0070018b 0070018b 020e06b9 ntvdm!__wargv CAUSE ===== Windows NT Virtual DOS Machine does not check the DPMI function for invalid handles that free extended memory before those handles are passed to DPMI. The DpmiFreeXmem() function will try to free the memory pointed to by the invalid handle, which causes an unhandled access violation. RESOLUTION ========== To resolve this problem, obtain the latest service pack for Windows NT 4.0 or Windows NT Server 4.0, Terminal Server Edition. For additional information, please see the following article in the Microsoft Knowledge Base: Q152734 How to Obtain the Latest Windows NT 4.0 Service Pack STATUS ====== Microsoft has confirmed this to be a problem in Windows NT 4.0 and Windows NT Server 4.0, Terminal Server Edition. This problem was first corrected in Windows NT 4.0 Service Pack 4.0 and Windows NT Server 4.0, Terminal Server Edition Service Pack 4. ====================================================================== Keywords : kbinterop kbWinNT400sp4fix Technology : kbWinNTsearch kbWinNT400search kbWinNTSsearch kbWinNTS400search kbWinNTS400 kbNTTermServ400 kbNTTermServSearch Version : WinNT:4.0 Issue type : kbbug Solution Type : kbfix ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2001.