Phone Lines icon GFI Support

Articles in this section

See more

GFI FaxMaker Server Crashes with the Error: "A critical system process died"

Author: Luis Fernandes Updated

Overview

This article outlines the root cause and the resolution of a GFI FaxMaker server crash.

 

Environment

GFI FaxMaker 2014 or higher.

 

Root Cause

Shex.exe is a process introduced during the GFI FaxMaker FaxServer SR3 project and its task is to spawn 3rd party applications which convert the files (such as pdf, doc). As part of this process, shex.exe enumerates the PID's of the child processes spawned by itself (such as winword.exe, Acro32.exe) when it encounters a document which fails to convert and the document conversion timeout is exceeded.

On Microsoft Windows 2008 server, the following scenario was noticed:

  • Winlogon.exe / csrss.exe process is created when a user logs on to a machine.
  • The parent process responsible for these two processes terminates.
  • This leaves winlogon / csrss 'orphan' but still linked with the Parent's PID (which is now free)
  • Where if the shex.exe is assigned the same PID as the Parent process, winlogon.exe and csrss.exe are terminated as well.

NOTE: It only manages to terminate the winlogon.exe as no access is given to terminate csrss.exe. There is a high probability that one of the machines is having the sessions 'closed automatically' because of the winlogon.exe termination (triggered by shex.exe). This is the error message that will be generated;

## CRITICAL_PROCESS_DIED (ef) A critical system process died Arguments: Arg1: ffffe0006bcfe080, Process object or thread object Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died. Arg3: 0000000000000000 Arg4: 0000000000000000 0: kd> !process ffffe0006bcfe080 0 PROCESS ffffe0006bcfe080 SessionId: 0 Cid: 01b4 Peb: 7ff6423f7000 ParentCid: 0160 DirBase: 10c4a6000 ObjectTable: ffffc000d5070c00 HandleCount: 84. Image: wininit.exe \\\ >>> Thread Dump - Thread Address ffffe0006d957080 /// !t ffffe000`6d957080 Thread !tu ffffe000`6d957080 !k ffffe000`6d957080 !ku ffffe000`6d957080 !kp ffffe000`6d957080 !kpu ffffe000`6d957080 !THREAD ffffe0006d957080 Cid 0854.0e40 Teb: 000000007fdb4000 Win32Thread: fffff9014076e4d0 RUNNING on processor 0 Not impersonating DeviceMap ffffc000d6321c00 Owning Process ffffe0006d3ab740 Image: fmserver.exe Attached Process N/A Image: N/A Wait Start TickCount 11876669 Ticks: 0

Resolution

  • There is a hotfix available.

Confirmation

Once the hotfix has been applied, the GFI FaxMaker Server will not crash with the above error message.