BSOD Critical_Process_Died after enabling Windows Defender Firewall

Question

BSOD Critical_Process_Died after enabling Windows Defender Firewall

Server 2019 1809 17763.914 running Remote Desktop Services and all updates are applied.

On reboot, the Windows Defender Firewall is stopped (even though it is set to automatically start) and when I manually start the service (via any command line, windows services, server manager, defender gui etc.) it BSOD with the error of "Critical Processes Stopped"

Any external servers are unable to access IIS sites, but can access them via localhost.

Here is the mini dump:

Microsoft (R) Windows Debugger Version 10.0.18362.1 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\010220-4875-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 17763 MP (4 procs) Free x64
Product: Server, suite: TerminalServer <20000>
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Machine Name:
Kernel base = 0xfffff802`2321e000 PsLoadedModuleList = 0xfffff802`23637710
Debug session time: Thu Jan  2 13:07:01.479 2020 (UTC + 10:00)
System Uptime: 0 days 0:02:06.011
Loading Kernel Symbols
...............................................................
................................................................
.....................
Loading User Symbols
Loading unloaded module list
.......
For analysis of this file, run !analyze -v
1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

CRITICAL_PROCESS_DIED (ef)
        A critical system process died
Arguments:
Arg1: ffff9405b1bd1080, Process object or thread object
Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
Arg3: 0000000000000000
Arg4: 0000000000000000

Debugging Details:
------------------


KEY_VALUES_STRING: 1


PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING:  17763.1.amd64fre.rs5_release.180914-1434

SYSTEM_MANUFACTURER:  Microsoft Corporation

VIRTUAL_MACHINE:  HyperV

SYSTEM_PRODUCT_NAME:  Virtual Machine

SYSTEM_SKU:  None

SYSTEM_VERSION:  Hyper-V UEFI Release v4.0

BIOS_VENDOR:  Microsoft Corporation

BIOS_VERSION:  Hyper-V UEFI Release v4.0

BIOS_DATE:  03/13/2019

BASEBOARD_MANUFACTURER:  Microsoft Corporation

BASEBOARD_PRODUCT:  Virtual Machine

BASEBOARD_VERSION:  Hyper-V UEFI Release v4.0

DUMP_TYPE:  2

BUGCHECK_P1: ffff9405b1bd1080

BUGCHECK_P2: 0

BUGCHECK_P3: 0

BUGCHECK_P4: 0

PROCESS_NAME:  svchost.exe

CRITICAL_PROCESS:  svchost.exe

EXCEPTION_RECORD:  ffff9405b1bd1640 -- (.exr 0xffff9405b1bd1640)
ExceptionAddress: 0000000000000000
   ExceptionCode: 00000000
  ExceptionFlags: 00000000
NumberParameters: 0

EXCEPTION_CODE: (NTSTATUS) 0xb0333080 - <Unable to get error code text>

ERROR_CODE: (NTSTATUS) 0xb0333080 - <Unable to get error code text>

CPU_COUNT: 4

CPU_MHZ: a6b

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 1a

CPU_STEPPING: 5

CPU_MICROCODE: 6,1a,5,0 (F,M,S,R)  SIG: FFFFFFFF'00000000 (cache) FFFFFFFF'00000000 (init)

BLACKBOXBSD: 1 (!blackboxbsd)


CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT_SERVER

BUGCHECK_STR:  0xEF

CURRENT_IRQL:  0

ANALYSIS_SESSION_HOST:  INFARMDC01-RDP

ANALYSIS_SESSION_TIME:  01-02-2020 14:26:35.0328

ANALYSIS_VERSION: 10.0.18362.1 amd64fre

LAST_CONTROL_TRANSFER:  from fffff80223aa8e9d to fffff802233d4980

STACK_TEXT:  
fffffc86`3c830048 fffff802`23aa8e9d : 00000000`000000ef ffff9405`b1bd1080 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
fffffc86`3c830050 fffff802`239ba837 : 00000000`00000001 fffff802`23278039 ffff9405`b1bd1080 fffff802`23270858 : nt!PspCatchCriticalBreak+0xfd
fffffc86`3c8300f0 fffff802`2385ca7c : ffff9405`00000000 00000000`00000000 ffff9405`b1bd1080 ffff9405`b1bd1358 : nt!PspTerminateAllThreads+0x15ef33
fffffc86`3c830160 fffff802`2381e1b9 : ffffffff`ffffffff fffffc86`3c830290 ffff9405`b1bd1080 fffff802`232be900 : nt!PspTerminateProcess+0xe0
fffffc86`3c8301a0 fffff802`233e5c05 : 00000000`00001278 ffff9405`b0333080 ffff9405`b1bd1080 fffffc86`3c8303e0 : nt!NtTerminateProcess+0xa9
fffffc86`3c830210 fffff802`233d8690 : fffff802`23405474 fffffc86`3c830b98 fffffc86`3c830b98 fffffc86`3c8303e0 : nt!KiSystemServiceCopyEnd+0x25
fffffc86`3c8303a8 fffff802`23405474 : fffffc86`3c830b98 fffffc86`3c830b98 fffffc86`3c8303e0 00000000`00000000 : nt!KiServiceLinkage
fffffc86`3c8303b0 fffff802`233e65a4 : ffff9405`b1bd1640 fffff802`232b6456 00000000`00000000 00000000`00000001 : nt!KiDispatchException+0x1a7284
fffffc86`3c830a60 fffff802`233e498e : ffff9405`b0333080 00000000`00000000 00000264`faf68370 ffff9405`b1b14f01 : nt!KiFastFailDispatch+0xe4
fffffc86`3c830c40 00007ffd`f0fb4720 : 00007ffd`f10094ac 00000000`00000001 00000264`faf230d0 00000264`00000000 : nt!KiRaiseSecurityCheckFailure+0x30e
00000096`ba37f998 00007ffd`f10094ac : 00000000`00000001 00000264`faf230d0 00000264`00000000 00000000`00000120 : 0x00007ffd`f0fb4720
00000096`ba37f9a0 00000000`00000001 : 00000264`faf230d0 00000264`00000000 00000000`00000120 00000264`faf68370 : 0x00007ffd`f10094ac
00000096`ba37f9a8 00000264`faf230d0 : 00000264`00000000 00000000`00000120 00000264`faf68370 00007ffd`f0f9fae8 : 0x1
00000096`ba37f9b0 00000264`00000000 : 00000000`00000120 00000264`faf68370 00007ffd`f0f9fae8 00000000`00000024 : 0x00000264`faf230d0
00000096`ba37f9b8 00000000`00000120 : 00000264`faf68370 00007ffd`f0f9fae8 00000000`00000024 00000001`00000025 : 0x00000264`00000000
00000096`ba37f9c0 00000264`faf68370 : 00007ffd`f0f9fae8 00000000`00000024 00000001`00000025 00000264`faf23278 : 0x120
00000096`ba37f9c8 00007ffd`f0f9fae8 : 00000000`00000024 00000001`00000025 00000264`faf23278 00000096`ba37fd58 : 0x00000264`faf68370
00000096`ba37f9d0 00000000`00000024 : 00000001`00000025 00000264`faf23278 00000096`ba37fd58 00640072`00610068 : 0x00007ffd`f0f9fae8
00000096`ba37f9d8 00000001`00000025 : 00000264`faf23278 00000096`ba37fd58 00640072`00610068 006b0073`00690064 : 0x24
00000096`ba37f9e0 00000264`faf23278 : 00000096`ba37fd58 00640072`00610068 006b0073`00690064 00760065`0064005c : 0x00000001`00000025
00000096`ba37f9e8 00000096`ba37fd58 : 00640072`00610068 006b0073`00690064 00760065`0064005c 005c0065`00630069 : 0x00000264`faf23278
00000096`ba37f9f0 00640072`00610068 : 006b0073`00690064 00760065`0064005c 005c0065`00630069 00000000`00000000 : 0x00000096`ba37fd58
00000096`ba37f9f8 006b0073`00690064 : 00760065`0064005c 005c0065`00630069 00000000`00000000 00000000`00000000 : 0x00640072`00610068
00000096`ba37fa00 00760065`0064005c : 005c0065`00630069 00000000`00000000 00000000`00000000 00000000`00000000 : 0x006b0073`00690064
00000096`ba37fa08 005c0065`00630069 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00760065`0064005c
00000096`ba37fa10 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x005c0065`00630069


THREAD_SHA1_HASH_MOD_FUNC:  4eea4701cef87a9898dd276682cc304560e002d4

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  2816b2618b7d0b5a47f6e8680612f55f8f11ceaa

THREAD_SHA1_HASH_MOD:  bc100a5647b828107ac4e18055e00abcbe1ec406

FOLLOWUP_IP:
nt!PspCatchCriticalBreak+fd
fffff802`23aa8e9d cc              int     3

FAULT_INSTR_CODE:  ed8440cc

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!PspCatchCriticalBreak+fd

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  0

IMAGE_VERSION:  10.0.17763.914

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  fd

FAILURE_BUCKET_ID:  0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_b0333080_nt!PspCatchCriticalBreak

BUCKET_ID:  0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_b0333080_nt!PspCatchCriticalBreak

PRIMARY_PROBLEM_CLASS:  0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_b0333080_nt!PspCatchCriticalBreak

TARGET_TIME:  2020-01-02T03:07:01.000Z

OSBUILD:  17763

OSSERVICEPACK:  914

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  131088

PRODUCT_TYPE:  3

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 Server TerminalServer

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  unknown_date

BUILDDATESTAMP_STR:  180914-1434

BUILDLAB_STR:  rs5_release

BUILDOSVER_STR:  10.0.17763.1.amd64fre.rs5_release.180914-1434

ANALYSIS_SESSION_ELAPSED_TIME:  5af7

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0xef_svchost.exe_bugcheck_critical_process_b0333080_nt!pspcatchcriticalbreak

FAILURE_ID_HASH:  {b3d28743-3e5f-4880-17a1-23fcf5396e9a}

Followup:     MachineOwner
---------

Booting in safe mode (networking) and starting the firewall service is also unsuccessful.

Any ideas on where to look to get the firewall functional again?

windows-server-2019

bsod

windows-defender

asked on Server Fault Jan 2, 2020 by

SkywalkerIsNull

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0