Patrick Domingues

The notification of a server down can get anyone uncomfortable. This particular server not it only being the DC and primary DNS  and DHCP Server with no fail-over leads to some very upset clients onto why their internet is not working and external medical clients not able to access critical hosted information...I'm glad that this server was a Virtual Machine which made the job a whole lot easier on getting this thing up and running.

This server wasn't scheduled for any sort of patching and it decided to push a patch after reboot?... This patch KB4093118 on Win Server 2012 R2 caused the following BSOD Driver_IRQL_NOT_LESS_OR_EQUAL (TCPIP.sys)... so the issue was with a Nic Driver, every time it booted it BSOD. Since this was a Virtual Machine we opened up the Hyper-v Manager and within the settings of the virtual machine we removed the network adapter. Booted the system into windows just fine with no BSOD. We mounted a partition with some driver updates to presumably resolve the issue... After a reboot with the adapter we were still BSODing. We cleared all tcp ip stacks and ran a series of commands which did not resolve the issue.

We decided to review if their were any patches applied and what we found was KB4093118 installed... We attempted to remove the patch and it failed no matter how many different ways we went about it! Our only option was to restore this virtual machine from backup. After the successful restore we booted up the virtual machine and it started to install pending updates. It seems that KB4093118 was pending for a while after it reinstalled the server went right back into BSOD loop until we removed the nic adapter. Lead myself back to the patches and decided to remove the same patch that was applied and this time it removed successfully. Some how the previously installation must of been corrupted. We applied the Nic Adapter back onto the virtual machine and started up the server. New Pending Patch successor patch of the KB4093118 applied automatically during boot and there was no more BSOD. Moral of the story, keep a hard lock down on BSOD potential causing patches.