This article contains troubleshooting information to help you resolve Stop error messages (these error messages are displayed on a blue screen).
Things to Try
Before you call Microsoft Support
Try the following methods to troubleshoot Stop error messages:
Review the "bugcheck" code that you find in the event logs. Search for the specific Stop error codes to see whether there are any known issues, resolutions, or workarounds for the problem.
Does the error message indicate any specific driver in regards to the problem? If so, update the driver in question.
Take a detailed look at the event logs on the system. Are you seeing any indication of a service starting or stopping before the crash occurred? Is this service behavior consistent across all instances of the crash? If so, you can contact the software vendor for the service to receive updated versions of the software to check whether this resolves the problem.
Try to identify whether you have made any software or hardware change or modification. You may want to consider the option to roll back the changes or use the change management to follow standard practices to revert to the last working state. Additionally, you may want to contact the software or hardware vendor for more help.
As a best practice, we recommend that you make sure that the BIOS is updated and that hardware and memory tests are performed.
Are you observing behavior that is related to the crashes, and do you believe that you can trigger the crash? Did you reach out to the software vendor for any updated version of the software or drivers that may be triggering the crash?
Make sure that you save the memory dump files for review. These dump files have been validated by using DumpChk and are not corrupted or invalid. You can verify the memory dump by using the Microsoft DumpChk (Crash Dump File Checker) tool. For more information, go to the following Knowledge Base article:
Make sure that you install the latest Windows updates, cumulative updates, and rollup updates.
Upload the memory dumps that you have verified by using the DmpChk memory dump collector. This diagnostic tool collects the last five machine mini-dump files from the past 30 days. It collects machine memory dump files from a computer and checks for known solutions.
For more information about Machine Memory Dump Collector, go to the following Knowledge Base article:
STOP 0x0000007F or UNEXPECTED_KERNEL_MODE_TRAP This bug check indicates that the Intel CPU generated a trap and the kernel failed to catch this trap. This trap could be a bound trap (a trap the kernel is not permitted to catch) or a double fault (a fault that occurred while processing an earlier fault, which always results in a system failure).
STOP 0x0000003B or SYSTEM_SERVICE_EXCEPTION This error has been linked to excessive paged pool usage and may occur due to user-mode graphics drivers crossing over and passing bad data to the kernel code.
STOP 0x0000001E or KMODE_EXCEPTION_NOT_HANDLED The Windows kernel detected an illegal or unknown processor instruction, often the result of invalid memory and access violations caused by faulty drivers or hardware devices. The error message often identifies the offending driver or device. If the error occurred immediately after installing a driver or service, try disabling or removing the new addition.
STOP 0x000000D1 or DRIVER_IRQL_NOT_LESS_OR_EQUAL A driver tried to access an address that is pageable (or that is completely invalid) while the IRQL was too high. This bug check is usually caused by drivers that have used improper addresses.
STOP 0x00000050 or PAGE_FAULT_IN_NONPAGED_AREA This stop error occurs after the installation of faulty hardware or in the event of failure of installed hardware (usually related to defective RAM, be it main memory, L2 RAM cache, or video RAM). Another common cause is the installation of a faulty system service. Antivirus software can also trigger this error, as can a corrupted NTFS volume.
STOP 0x00000024 or NTFS_FILE_SYSTEM A problem occurred within the NTFS file-system driver. A similar Stop error, 0x23, exists for FAT32 drives. The most likely cause is a hardware failure in a disk or disk controller. Check all physical connections to all hard disks in the system and run Check Disk.
STOP 0x0000007B or INACCESSIBLE_BOOT_DEVICE This stop error occurs when Windows has trouble reading from the hard disk. This error can be caused by a faulty device driver. You may also try running your antivirus. This bugcheck does not create a dump file.
STOP 0x0000009F or DRIVER_POWER_STATE_FAILURE This bug check indicates that the driver is in an inconsistent or invalid power state.
STOP 0x0000000A or IRQL_NOT_LESS_OR_EQUAL This bug check is issued if paged memory (or invalid memory) is accessed when the IRQL is too high. The error that generates this bug check usually occurs after the installation of a faulty device driver, system service, or BIOS.
When you receive a Stop error message (a fatal system error message) in Windows, the computer enters debug mode for troubleshooting. The error message appears on a blue screen, and the first few lines are similar to the following sample error message.
Windows 7 and earlier versions
Windows 8 and later versions
What is a bugcheck or system crash?
When Windows cannot continue its operations safely, the system stops all operations to ensure safety to data/prevent corruptions. This system freeze is caused by a kernel mode component (driver) calling either of the functions KeBugCheck(...) or KeBugCheckEx(...). This causes what is commonly called the "Blue Screen of Death (BSOD)," a "bugcheck," or a system crash.
System Crash Dumps
When the system crashes, the memory contents at the time of the crash are written to a file on the hard disk. This file is called a crash dump. The page file or dedicated dump file is used to write a crash dump file (memory.dmp). To get useful information from the dump file and to prevent it from being corrupted or incomplete, the page file or the dedicated dump file must be large enough to handle the kind of crash dump that is selected. Make sure that the page file is configured appropriately so that the memory dump can be saved correctly.
For more information about how to understand bugchecks and crash dumps, see the following Performance Team Blog articles:
Obtaining blue screen information after a memory dump file is created:
A Windows-based operating system writes an event log message that includes bugcheck information. The following is an example of the event log entry:
Event ID: 1001 Source: BugCheck Description: The computer has rebooted from a bugcheck. The bugcheck was: 0xc00000E2 (0xffffffffffffffff, 0x0000000000000001, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP.
Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Essentials, Windows Server 2012 R2 Foundation, Windows Server 2012 R2 Standard, Microsoft Hyper-V Server 2012 R2, Windows Server 2012 Datacenter, Windows Server 2012 Essentials, Windows Server 2012 Foundation, Windows Server 2012 Standard, Microsoft Hyper-V Server 2012, Windows 10 Enterprise, released in July 2015, Windows 10 Enterprise 2015 LTSB, Windows 10 Pro, released in July 2015, Windows 10 Education, released in July 2015, Windows 10 IoT Enterprise 2015 LTSB, Windows 8.1 Enterprise, Windows 8.1 Pro, Windows 8 Enterprise, Windows 8 Pro, Windows Server 2008 R2 Service Pack 1, Windows 7 Service Pack 1