===dump information=== 2: kd> !mex.t Process Thread CID UserTime KernelTime ContextSwitches Wait Reason Time State System (ffffe0002ba30900) ffffe0002d5fc040 4.73c 0s 141ms 4564 Executive 0s Running on CPU 2

Child-SP Return Call Site Info
0 ffffd000d1f70498 fffff802d7e03bd2 nt!KeBugCheckEx+0x0
1 ffffd000d1f704a0 fffff802d7cdd2b9 nt!MiSystemFault+0x10a3d2
2 ffffd000d1f70540 fffff802d7ddfc2f nt!MmAccessFault+0x769
3 ffffd000d1f70700 fffff800facf7360 nt!KiPageFault+0x12f TrapFrame @ ffffd000d1f70700 4 ffffd000d1f70890 fffff800facf72a5 srv!SrvOs2FeaToNt+0x48
5 ffffd000d1f708c0 fffff800fad1869b srv!SrvOs2FeaListToNt+0x125
6 ffffd000d1f70910 fffff800fad218ba srv!SrvSmbOpen2+0xc3
7 ffffd000d1f709b0 fffff800fad24b2e srv!ExecuteTransaction+0x2ca
8 ffffd000d1f709f0 fffff800facb284f srv!SrvSmbTransactionSecondary+0x40b
9 ffffd000d1f70a90 fffff800facb2a20 srv!SrvProcessSmb+0x237
a ffffd000d1f70b10 fffff800facf1ac8 srv!SrvRestartReceive+0x114
b ffffd000d1f70b50 fffff802d819dd92 srv!WorkerThread+0x5248
c ffffd000d1f70bd0 fffff802d7d86c70 nt!IopThreadStart+0x26
d ffffd000d1f70c00 fffff802d7ddbfc6 nt!PspSystemThreadStartup+0x58
e ffffd000d1f70c60 0000000000000000 nt!KxStartSystemThread+0x16

2: kd> .trap ffffd000d1f70700 NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000000 rbx=0000000000000000 rcx=ffffe00030c94000 rdx=ffffc0013fdc709a rsi=0000000000000000 rdi=0000000000000000 rip=fffff800facf7360 rsp=ffffd000d1f70890 rbp=ffffc0013fdc7095 r8=0000000000000000 r9=0000000000000000 r10=0000000000000200 r11=ffffe00030c94000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na po nc srv!SrvOs2FeaToNt+0x48: fffff800facf7360 c60300 mov byte ptr [rbx],0 ds:0000000000000000=??

2: kd> lmvm srv Browse full module list start end module name fffff800faca5000 fffff800fad33000 srv (private pdb symbols) c:\symbols\srv.pdb\665B8481A81740C59F71C54C0DD24E762\srv.pdb Loaded symbol image file: srv.sys Image path: \SystemRoot\System32\DRIVERS\srv.sys Image name: srv.sys Browse all global symbols functions data Timestamp: Thu Jul 24 19:43:27 2014 (53D0F15F) CheckSum: 0006F7BA ImageSize: 0008E000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

2: kd> vertarget Windows 8.1 Kernel Version 9600 MP (8 procs) Free x64 Product: LanManNt, suite: TerminalServer SingleUserTS Built by: 9600.17415.amd64fre.winblue_r4.141028-1500 Machine Name: "D0AP2002" Kernel base = 0xfffff802d7c85000 PsLoadedModuleList = 0xfffff802d7f5e250 Debug session time: Wed Feb 28 11:22:40.306 2018 (UTC + 8:00) System Uptime: 0 days 7:01:13.511

dump来看,服务器反复蓝屏是由于srv漏洞引起的。给所有的2012R2服务器安装KB4012213以修复漏洞,否则机器可能会感染wannacry病毒。

安装KB4012213 https://www.catalog.update.microsoft.com/Search.aspx?q=4012213

安装以上补丁可以解决反复蓝屏问题