BSOD in tcpip6.sys under Windows XP SP3

  • Thread starter Thread starter Martin Katz
  • Start date Start date
M

Martin Katz

This problem occurs in both Windows XP SP2 and Windows XP SP3. It can happen
several times per day and might be due to a malformed packet attack. It seems
to be related to ICMPv6 packets.

The error is DRIVER_IRQL_NOT_LESS_OR_EQUAL

Technical information:
*** STOP: 0x00000001 (0x0000002C, 0x00000002, 0x00000001, 0xF546F712)
*** tcpip6.sys - Address F546F712 base at F544C000, Datestamp 4892582a

The version of tcpip6.sys is 5.1.2600.5512 (installed by SP3).

I cannot turn off IPv6 entirely, because Outlook 2007 uses it.
Does anybody have a suggestion about a workaround or getting a patch?
 
Martin Katz said:
This problem occurs in both Windows XP SP2 and Windows XP SP3. It can happen
several times per day and might be due to a malformed packet attack. It seems
to be related to ICMPv6 packets.

The error is DRIVER_IRQL_NOT_LESS_OR_EQUAL

Technical information:
*** STOP: 0x00000001 (0x0000002C, 0x00000002, 0x00000001, 0xF546F712)
*** tcpip6.sys - Address F546F712 base at F544C000, Datestamp 4892582a

The version of tcpip6.sys is 5.1.2600.5512 (installed by SP3).

I cannot turn off IPv6 entirely, because Outlook 2007 uses it.
Does anybody have a suggestion about a workaround or getting a patch?
Click to expand...

Before going to indeepth troubleshooting try the easy way first!
Update the Motherboard driver specially the NIC to the latest stable driver
and Run A thorough scan for malware and Viruses.
Test your RAM for Faulty Bits or bad Bits in memory and see if that will
eleminate those options from the list.
Read the minidumps that can shed some light on the causer, my hunch goes for
this: ntkrpamp.exe which mean bad image.
Disbale the TCPIP6 in the registry:
[-]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents =
DWORD 0xFF

Or uninstall the Protocol by running this command:
ipv6 uninstall
Or this:
netsh interface ipv6 uninstall
Then Set the Outlook to use the TCPIPV4.

How to disable certain Internet Protocol version 6 (IPv6) components
http://support.microsoft.com/kb/929852/en-us
Information about IPv6
http://www.microsoft.com/technet/network/ipv6/ipv6faq.mspx

HTH,
nass
 
Thank you for suggestons. This is a new installation of Windows XP sp3
(slipstreamed) in a newly formatted partition. The drivers are all up to
date. I have already disabled (external) TCPIP6 in the registry. Apparently,
this does not disable tunnelling ICMPv6 (even though IP6 tunnelling is
disabled).

With Norton firewall, I blocked ICMPv6. Unfortunately, Norton AV kept
deleting inappropriate files, so I switched firewall programs and the problem
returned.

I will have to look into how to tell Outlook to use IPv4. I have already
scanned for malware with four different tools. I will do thorough memory
testing (I havn't done that for a while).

The only other thing I can think of is that I have Visual Studio installed,
and that might replace part of the TCP/IP stack.

Martin
 
I have taken most of those steps. This is a newly installed copy of Windows
XP SP3 with all drivers up to date. It is unlikely to be a memory problem,
because the problem is not sensative to load order and was active under two
different SPs. However, checking the memory is a good suggestion.

I will also look into how to tell Outlook not to use IPv6. I have already
turned off (external) IPv6 in the registry and stopped the IPv6 helper
service. When I stop the IPv6 driver, then Outlook stops responding.

When I used Norton firewall, I disabled ICMPv6 and that solved the problem.
However, Norton AV was doing nasty things to my system. When I switched
firewalls and AV the problem reappeared.

Thanks,
Martin Katz
 
Whta about Renaming the tcpip6.sys to tcpip6.sys.old in this path:
C:\Windows\System32\Drivers\tcpip6.sys.old
And see if that will eliminate the issue or as I said the Minidumps will
help to pin point what initiating tcpipv6.sys to start and cause this error.


Martin Katz said:
Thank you for suggestons. This is a new installation of Windows XP sp3
(slipstreamed) in a newly formatted partition. The drivers are all up to
date. I have already disabled (external) TCPIP6 in the registry. Apparently,
this does not disable tunnelling ICMPv6 (even though IP6 tunnelling is
disabled).

With Norton firewall, I blocked ICMPv6. Unfortunately, Norton AV kept
deleting inappropriate files, so I switched firewall programs and the problem
returned.

I will have to look into how to tell Outlook to use IPv4. I have already
scanned for malware with four different tools. I will do thorough memory
testing (I havn't done that for a while).

The only other thing I can think of is that I have Visual Studio installed,
and that might replace part of the TCP/IP stack.

Martin

nass said:
Before going to indeepth troubleshooting try the easy way first!
Update the Motherboard driver specially the NIC to the latest stable driver
and Run A thorough scan for malware and Viruses.
Test your RAM for Faulty Bits or bad Bits in memory and see if that will
eleminate those options from the list.
Read the minidumps that can shed some light on the causer, my hunch goes for
this: ntkrpamp.exe which mean bad image.
Disbale the TCPIP6 in the registry:
[-]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents =
DWORD 0xFF

Or uninstall the Protocol by running this command:
ipv6 uninstall
Or this:
netsh interface ipv6 uninstall
Then Set the Outlook to use the TCPIPV4.

How to disable certain Internet Protocol version 6 (IPv6) components
http://support.microsoft.com/kb/929852/en-us
Information about IPv6
http://www.microsoft.com/technet/network/ipv6/ipv6faq.mspx

HTH,
nass
Click to expand...
Click to expand...
 
I already tried renaming tcpip6.sys. That broke both Outlook and Norton AV
(strangely, the OS didn't complain). I have checked that the file is the
correct version, etc. Ideally, I want to use IPv6/Teredo for some other
things (but I can give them up).

I have the Eset firewall locked tightly against IPv6-ICMP (as they call it).
I had forgotten to add a separate rule to deny ICMPv6 addressed to localhost
(::1). The last crash didn't leave me a dump file. If it crashes again, I
will definitely use the dump to try and figure out what is happening. Now, on
to memory tests!

Martin
--
Ph.D. in Computer Science.
Senior R&D software engineer


nass said:
Whta about Renaming the tcpip6.sys to tcpip6.sys.old in this path:
C:\Windows\System32\Drivers\tcpip6.sys.old
And see if that will eliminate the issue or as I said the Minidumps will
help to pin point what initiating tcpipv6.sys to start and cause this error.


Martin Katz said:
Thank you for suggestons. This is a new installation of Windows XP sp3
(slipstreamed) in a newly formatted partition. The drivers are all up to
date. I have already disabled (external) TCPIP6 in the registry. Apparently,
this does not disable tunnelling ICMPv6 (even though IP6 tunnelling is
disabled).

With Norton firewall, I blocked ICMPv6. Unfortunately, Norton AV kept
deleting inappropriate files, so I switched firewall programs and the problem
returned.

I will have to look into how to tell Outlook to use IPv4. I have already
scanned for malware with four different tools. I will do thorough memory
testing (I havn't done that for a while).

The only other thing I can think of is that I have Visual Studio installed,
and that might replace part of the TCP/IP stack.

Martin

nass said:
Before going to indeepth troubleshooting try the easy way first!
Update the Motherboard driver specially the NIC to the latest stable driver
and Run A thorough scan for malware and Viruses.
Test your RAM for Faulty Bits or bad Bits in memory and see if that will
eleminate those options from the list.
Read the minidumps that can shed some light on the causer, my hunch goes for
this: ntkrpamp.exe which mean bad image.
Disbale the TCPIP6 in the registry:
[-]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents =
DWORD 0xFF

Or uninstall the Protocol by running this command:
ipv6 uninstall
Or this:
netsh interface ipv6 uninstall
Then Set the Outlook to use the TCPIPV4.

How to disable certain Internet Protocol version 6 (IPv6) components
http://support.microsoft.com/kb/929852/en-us
Information about IPv6
http://www.microsoft.com/technet/network/ipv6/ipv6faq.mspx

HTH,
nass
Click to expand...
Click to expand...
Click to expand...
 
Martin Katz said:
Thank you for suggestons. This is a new installation of Windows XP sp3
(slipstreamed) in a newly formatted partition. The drivers are all up to
date. I have already disabled (external) TCPIP6 in the registry.
Apparently,
this does not disable tunnelling ICMPv6 (even though IP6 tunnelling is
disabled).

With Norton firewall, I blocked ICMPv6. Unfortunately, Norton AV kept
deleting inappropriate files, so I switched firewall programs and the
problem
returned.
Click to expand...
So install Norton Firewall without the AV if that will help solve the
problem.
I will have to look into how to tell Outlook to use IPv4. I have already
scanned for malware with four different tools. I will do thorough memory
testing (I havn't done that for a while).

The only other thing I can think of is that I have Visual Studio
installed,
and that might replace part of the TCP/IP stack.
Click to expand...
Visual Studio should have nothing to do with the ipv6 stack.
 
Back
Top