Windows Spooler keeps failing. Event log points to ntdll.dll

  • Thread starter Thread starter Richard MXR
  • Start date Start date
R

Richard MXR

Guest
Printer queues getting blocked up on windows Server 2012 R2



Windows\System32\spool\PRINTERS, lists .SHD and .SPL files which can be removed by stopping the spooler service and deleting, however this isnt something i'd like to carry on doing.


Looking at the event viewer i can see the following information


Log Name: Application

Source: Application Error

Date: 17/02/2021 09:30:12

Event ID: 1000

Task Category: (100)

Level: Error

Keywords: Classic

User: N/A

Computer: MOTHERSHIP.ThorpesJoinery.local

Description:

Faulting application name: spoolsv.exe, version: 6.3.9600.19727, time stamp: 0x5ed1b596

Faulting module name: ntdll.dll, version: 6.3.9600.19678, time stamp: 0x5e82c88a

Exception code: 0xc0000005

Fault offset: 0x0000000000031c25

Faulting process ID: 0x63d4

Faulting application start time: 0x01d703a99294fef7

Faulting application path: C:\Windows\System32\spoolsv.exe

Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report ID: bb9edde7-7102-11eb-80f1-1866da76e3a8

Faulting package full name:

Faulting package-relative application ID:

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

<System>

<Provider Name="Application Error" />

<EventID Qualifiers="0">1000</EventID>

<Level>2</Level>

<Task>100</Task>

<Keywords>0x80000000000000</Keywords>

<TimeCreated SystemTime="2021-02-17T09:30:12.000000000Z" />

<EventRecordID>11104898</EventRecordID>

<Channel>Application</Channel>

<Computer>MOTHERSHIP.ThorpesJoinery.local</Computer>

<Security />

</System>

<EventData>

<Data>spoolsv.exe</Data>

<Data>6.3.9600.19727</Data>

<Data>5ed1b596</Data>

<Data>ntdll.dll</Data>

<Data>6.3.9600.19678</Data>

<Data>5e82c88a</Data>

<Data>c0000005</Data>

<Data>0000000000031c25</Data>

<Data>63d4</Data>

<Data>01d703a99294fef7</Data>

<Data>C:\Windows\System32\spoolsv.exe</Data>

<Data>C:\Windows\SYSTEM32\ntdll.dll</Data>

<Data>bb9edde7-7102-11eb-80f1-1866da76e3a8</Data>

<Data>

</Data>

<Data>

</Data>

</EventData>

</Event>


Look at the report in C:\ProgramData\Microsoft\Windows\WER\ReportQueue shows the following report:



Version=1

EventType=APPCRASH

EventTime=132580278130039226

ReportType=2

Consent=1

ReportIdentifier=bb9edde8-7102-11eb-80f1-1866da76e3a8

IntegratorReportIdentifier=bb9edde7-7102-11eb-80f1-1866da76e3a8

NsAppName=spoolsv.exe

Response.type=4

Sig[0].Name=Application Name

Sig[0].Value=spoolsv.exe

Sig[1].Name=Application Version

Sig[1].Value=6.3.9600.19727

Sig[2].Name=Application Timestamp

Sig[2].Value=5ed1b596

Sig[3].Name=Fault Module Name

Sig[3].Value=ntdll.dll

Sig[4].Name=Fault Module Version

Sig[4].Value=6.3.9600.19678

Sig[5].Name=Fault Module Timestamp

Sig[5].Value=5e82c88a

Sig[6].Name=Exception Code

Sig[6].Value=c0000005

Sig[7].Name=Exception Offset

Sig[7].Value=0000000000031c25

DynamicSig[1].Name=OS Version

DynamicSig[1].Value=6.3.9600.2.0.0.272.7

DynamicSig[2].Name=Locale ID

DynamicSig[2].Value=2057

DynamicSig[22].Name=Additional Information 1

DynamicSig[22].Value=bf4f

DynamicSig[23].Name=Additional Information 2

DynamicSig[23].Value=bf4f78aad5733975a2d4a853429d7085

DynamicSig[24].Name=Additional Information 3

DynamicSig[24].Value=4138

DynamicSig[25].Name=Additional Information 4

DynamicSig[25].Value=41383c32be03997a2a5bb6d32047ae38

UI[2]=C:\Windows\System32\spoolsv.exe

UI[5]=Check online for a solution (recommended)

UI[6]=Check for a solution later (recommended)

UI[7]=Close

UI[8]=Spooler SubSystem App stopped working and was closed

UI[9]=A problem caused the application to stop working correctly. Windows will notify you if a solution is available.

UI[10]=&Close

LoadedModule[0]=C:\Windows\System32\spoolsv.exe

LoadedModule[1]=C:\Windows\SYSTEM32\ntdll.dll

LoadedModule[2]=C:\Windows\system32\KERNEL32.dll

LoadedModule[3]=C:\Windows\system32\hmpalert.dll

LoadedModule[4]=C:\Windows\system32\KERNELBASE.dll

LoadedModule[5]=C:\Windows\system32\USER32.dll

LoadedModule[6]=C:\Windows\system32\msvcrt.dll

LoadedModule[7]=C:\Windows\SYSTEM32\sechost.dll

LoadedModule[8]=C:\Windows\system32\RPCRT4.dll

LoadedModule[9]=C:\Windows\System32\DNSAPI.dll

LoadedModule[10]=C:\Windows\SYSTEM32\powrprof.dll

LoadedModule[11]=C:\Windows\system32\GDI32.dll

LoadedModule[12]=C:\Windows\system32\SspiCli.dll

LoadedModule[13]=C:\Windows\system32\WS2_32.dll

LoadedModule[14]=C:\Windows\system32\NSI.dll

LoadedModule[15]=C:\Windows\system32\SophosAV\SOPHOS~1.DLL

LoadedModule[16]=C:\Windows\system32\PSAPI.DLL

LoadedModule[17]=C:\Windows\system32\ADVAPI32.dll

LoadedModule[18]=C:\Windows\SYSTEM32\ualapi.dll

LoadedModule[19]=C:\Windows\SYSTEM32\ESENT.dll

LoadedModule[20]=C:\Windows\SYSTEM32\ntmarta.dll

LoadedModule[21]=C:\Windows\system32\SHELL32.dll

LoadedModule[22]=C:\Windows\SYSTEM32\combase.dll

LoadedModule[23]=C:\Windows\system32\SHLWAPI.dll

LoadedModule[24]=C:\Windows\SYSTEM32\kernel.appcore.dll

LoadedModule[25]=C:\Windows\System32\CRYPTBASE.dll

LoadedModule[26]=C:\Windows\System32\bcryptPrimitives.dll

LoadedModule[27]=C:\Windows\system32\mswsock.dll

LoadedModule[28]=C:\Windows\System32\clusapi.dll

LoadedModule[29]=C:\Windows\System32\cryptdll.dll

LoadedModule[30]=C:\Windows\System32\IPHLPAPI.DLL

LoadedModule[31]=C:\Windows\System32\WINNSI.DLL

LoadedModule[32]=C:\Windows\System32\rasadhlp.dll

LoadedModule[33]=C:\Windows\System32\fwpuclnt.dll

LoadedModule[34]=C:\Windows\System32\localspl.dll

LoadedModule[35]=C:\Windows\system32\CRYPT32.dll

LoadedModule[36]=C:\Windows\System32\srvcli.dll

LoadedModule[37]=C:\Windows\SYSTEM32\cfgmgr32.dll

LoadedModule[38]=C:\Windows\System32\CRYPTSP.dll

LoadedModule[39]=C:\Windows\System32\SPOOLSS.DLL

LoadedModule[40]=C:\Windows\system32\WINTRUST.dll

LoadedModule[41]=C:\Windows\system32\SETUPAPI.dll

LoadedModule[42]=C:\Windows\System32\bcrypt.dll

LoadedModule[43]=C:\Windows\system32\MSASN1.dll

LoadedModule[44]=C:\Windows\system32\winspool.drv

LoadedModule[45]=C:\Windows\System32\PrintIsolationProxy.dll

LoadedModule[46]=C:\Windows\System32\hpinksts7212LM.dll

LoadedModule[47]=C:\Windows\system32\ole32.dll

LoadedModule[48]=C:\Windows\system32\OLEAUT32.dll

LoadedModule[49]=C:\Windows\System32\USERENV.dll

LoadedModule[50]=C:\Windows\System32\VERSION.dll

LoadedModule[51]=C:\Windows\System32\Secur32.dll

LoadedModule[52]=C:\Windows\System32\profapi.dll

LoadedModule[53]=C:\Windows\System32\HPLTLM5.DLL

LoadedModule[54]=C:\Windows\System32\HPDiscoPM7212.dll

LoadedModule[55]=C:\Windows\System32\wsnmp32.dll

LoadedModule[56]=C:\Windows\System32\WININET.dll

LoadedModule[57]=C:\Windows\System32\iertutil.dll

LoadedModule[58]=C:\Windows\System32\SS0ELMON.DLL

LoadedModule[59]=C:\Windows\System32\tcpmon.dll

LoadedModule[60]=C:\Windows\System32\snmpapi.dll

LoadedModule[61]=C:\Windows\System32\usbmon.dll

LoadedModule[62]=C:\Windows\system32\DEVOBJ.dll

LoadedModule[63]=C:\Windows\System32\WSDMon.dll

LoadedModule[64]=C:\Windows\System32\wsdapi.dll

LoadedModule[65]=C:\Windows\System32\webservices.dll

LoadedModule[66]=C:\Windows\System32\FirewallAPI.dll

LoadedModule[67]=C:\Windows\SYSTEM32\clbcatq.dll

LoadedModule[68]=C:\Windows\System32\FunDisc.dll

LoadedModule[69]=C:\Windows\System32\XmlLite.dll

LoadedModule[70]=C:\Windows\System32\fdPnp.dll

LoadedModule[71]=C:\Windows\System32\ATL.DLL

LoadedModule[72]=C:\Windows\System32\msxml6.dll

LoadedModule[73]=C:\Windows\system32\drvstore.dll

LoadedModule[74]=C:\Windows\system32\WSDCHNGR.DLL

LoadedModule[75]=C:\Windows\System32\deviceassociation.dll

LoadedModule[76]=C:\Windows\System32\dhcpcsvc6.DLL

LoadedModule[77]=C:\Windows\System32\dhcpcsvc.DLL

LoadedModule[78]=C:\Windows\System32\WSDPrintProxy.dll

LoadedModule[79]=C:\Windows\System32\WINHTTP.dll

LoadedModule[80]=C:\Windows\System32\webio.dll

LoadedModule[81]=C:\Windows\system32\kerberos.DLL

LoadedModule[82]=C:\Windows\system32\spool\PRTPROCS\x64\winprint.dll

LoadedModule[83]=C:\Windows\SYSTEM32\gpapi.dll

LoadedModule[84]=C:\Windows\system32\spool\PRTPROCS\x64\hpippdga.dll

LoadedModule[85]=C:\Windows\System32\DSROLE.dll

LoadedModule[86]=C:\Windows\System32\HTTPAPI.dll

LoadedModule[87]=C:\Windows\system32\DEVRTL.dll

LoadedModule[88]=C:\Windows\system32\SPINF.dll

LoadedModule[89]=C:\Windows\System32\win32spl.dll

LoadedModule[90]=C:\Windows\System32\cscapi.dll

LoadedModule[91]=C:\Windows\System32\netutils.dll

LoadedModule[92]=C:\Windows\system32\rsaenh.dll

LoadedModule[93]=C:\Windows\System32\WINSTA.dll

LoadedModule[94]=C:\Windows\System32\ADMWPROX.DLL

LoadedModule[95]=C:\Windows\System32\bidispl.dll

LoadedModule[96]=C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll

LoadedModule[97]=C:\Windows\SYSTEM32\prntvpt.dll

LoadedModule[98]=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\Comctl32.dll

LoadedModule[99]=C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_c918c7324e70f27d\Amd64\PrintConfig.dll

LoadedModule[100]=C:\Windows\System32\tcpmib.dll

LoadedModule[101]=C:\Windows\System32\mgmtapi.dll

LoadedModule[102]=C:\Windows\system32\napinsp.dll

LoadedModule[103]=C:\Windows\system32\NLAapi.dll

LoadedModule[104]=C:\Windows\System32\winrnr.dll

LoadedModule[105]=C:\Windows\system32\SPFILEQ.dll

LoadedModule[106]=C:\Windows\System32\logoncli.dll

LoadedModule[107]=C:\Windows\System32\NTDSAPI.dll

LoadedModule[108]=C:\Windows\System32\DSPARSE.dll

LoadedModule[109]=C:\Windows\System32\ACTIVEDS.dll

LoadedModule[110]=C:\Windows\System32\adsldpc.dll

LoadedModule[111]=C:\Windows\system32\WLDAP32.dll

LoadedModule[112]=C:\Windows\system32\adsldp.dll

LoadedModule[113]=C:\Windows\SYSTEM32\sxs.dll

LoadedModule[114]=C:\Windows\system32\spool\DRIVERS\x64\3\FXSUI.DLL

LoadedModule[115]=C:\Windows\SYSTEM32\NETAPI32.dll

LoadedModule[116]=C:\Windows\system32\spool\DRIVERS\x64\3\FXSWZRD.dll

LoadedModule[117]=C:\Windows\SYSTEM32\wkscli.dll

LoadedModule[118]=C:\Windows\SYSTEM32\TAPI32.dll

LoadedModule[119]=C:\Windows\system32\IMM32.dll

LoadedModule[120]=C:\Windows\system32\spool\DRIVERS\x64\3\FXSTIFF.dll

LoadedModule[121]=C:\Windows\system32\MSCTF.dll

LoadedModule[122]=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.19394_none_62486577ecb635cf\comctl32.dll

LoadedModule[123]=C:\Windows\system32\spool\DRIVERS\x64\3\FXSRES.DLL

LoadedModule[124]=C:\Windows\system32\spool\DRIVERS\x64\3\FXSAPI.DLL

LoadedModule[125]=C:\Windows\system32\spool\DRIVERS\x64\3\FXSDRV.DLL

LoadedModule[126]=C:\Windows\System32\sfc.dll

LoadedModule[127]=C:\Windows\System32\sfc_os.DLL

LoadedModule[128]=C:\Windows\system32\msv1_0.DLL

LoadedModule[129]=C:\Windows\System32\WTSAPI32.dll

LoadedModule[130]=C:\Windows\system32\spool\DRIVERS\x64\3\UniDrvUI.dll

LoadedModule[131]=C:\Windows\system32\spool\DRIVERS\x64\3\hpbytxUI14.dll

FriendlyEventName=Stopped working

ConsentKey=APPCRASH

AppName=Spooler SubSystem App

AppPath=C:\Windows\System32\spoolsv.exe

NsPartner=windows

NsGroup=windows8

ApplicationIdentity=F4F633B2764DF050CA8D19973DDDAE54




I'm not entirely sure what i should be looking at here but if anyone could give me some guidance as to what's causing the print spooler to become unresponsive.

Continue reading...
 
You must log in or register to reply here.

Similar threads

1
Recurring daily error within the windows problem reports. Windows 10 doesn't restart or crash wasn't even aware this was happening until I checked the
Replies
0
Views
5
1234569KJ
1
T
Weird Error in Event Log
Replies
0
Views
8
TOG Avenged7x
T
S
HP Universal Printer Driver ps-x64-7.1.0.25570 Crash after Windows 11 Pro 2023-11 Update
Replies
0
Views
16
Steve Rogers (CAP)
S
T
Weird Error in Event Log
Replies
0
Views
9
TOG Avenged7x
T
E
How do I fix Event Viewer Application Error ID 1000
Replies
0
Views
4
Elvis Zhao
E
Back
Top