Memory Leak and STOP Screens Using Intermediate NDIS Drivers

• Microsoft Windows NT Server version 4.0
• Microsoft Windows NT Workstation version 4.0

SYMPTOMS

When intermediate (layered) NDIS miniport drivers are in use on Windows NT 4.0, you may experience one or both of the following:

• A memory leak in kernel non-paged pool memory. Over time, memory may be depleted to the point where system stability is compromised.
• You may receive the following blue-screen STOP error message with parameters that indicate the bad instruction is in the Ndis.sys driver:

        STOP: 0x0000000A (0x00000014, 0x00000002, 0x00000000, 0xFCBA1062).
        IRQL_NOT_LESS_OR_EQUAL (* Address fcba1062 has base at fcb95000 -
        NDIS.SYS)
  

CAUSE

Intermediate drivers are typically add-ons that layer themselves over hardware drivers as a filter to provide additional functionality, such as data encryption or other value added services. The Ndis.sys driver included in Windows NT 4.0 has been found to have some deficiencies when such intermediate drivers are used.

RESOLUTION

You can work around this problem by removing any unnecessary filter drivers.

To resolve this problem, obtain the hotfix below, or wait for the next service pack.

NOTE: Service Pack 3 must be applied to Windows NT 4.0 prior to applying this fix.

This hotfix has been posted to the following Internet location:

   ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/
   hotfixes-postSP3/ndis-fix

STATUS

Microsoft has confirmed this to be a problem in Windows NT version 4.0. A supported fix is now available, but has not been fully regression-tested and should be applied only to systems experiencing this specific problem. Unless you are severely impacted by this specific problem, Microsoft recommends that you wait for the next Service Pack that contains this fix. Contact Microsoft Technical Support for more information.