HI,

We have had a few abends lately on our BM 3.8 server.
They happen every few days and then proxy.nlm abends e couple of times
until the server becomes unresponsive and has to be rebooted.
We have a NetWare 6.5 SP6 server with BM3.8 SP5.
I have included our proxy.cfg as well.

Anyone can help me analyze this abend?

Novell Open Enterprise Server, NetWare 6.5
PVER: 6.50.06

Server NMGN-03 halted Wednesday, 14 November 2007 0:20:22,992
Abend 1 on P00: Server-5.70.06: Page Fault Processor Exception (Error code
00000002)

Registers:
CS = 0060 DS = 007B ES = 007B FS = 007B GS = 007B SS = 0068
EAX = 928ED064 EBX = 04306004 ECX = 00000320 EDX = 9291F56C
ESI = 928EDAF8 EDI = 92920000 EBP = 0457B244 ESP = 8BDFCEC4
EIP = 9B97603E FLAGS = 00010006
9B97603E F3A4 REP MOVSB
EIP in PROXY.NLM at code start +000CB03Eh
Access Location: 0x92920000

The violation occurred while processing the following instruction:
9B97603E F3A4 REP MOVSB
9B976040 8BC7 MOV EAX, EDI
9B976042 5E POP ESI
9B976043 5F POP EDI
9B976044 C3 RET
9B976045 849C0000008B4B TEST [EAX+EAX+4B8B0000], BL
9B97604C 0851E8 OR [ECX-18], DL
9B97604F 005756 ADD [EDI+56], DL
9B976052 8B7C240C MOV EDI, [ESP+0C]
9B976056 8B742410 MOV ESI, [ESP+10]



Running process: Server 25 Process
Thread Owned by NLM: SERVER.NLM
Stack pointer: 8BDFCF40
OS Stack limit: 8BDF5000
Scheduling priority: 67371008
Wait state: 50500F0 Waiting for work
Stack: --04306B1C ?
--9291F56C ?
9B8C34FB (PROXY.NLM|DNSProxyFinishedTunnel+3CB)
--9291F56C ?
--928ED064 ?
--00000DB4 (LOADER.NLM|KernelAddressSpace+DB4)
--2B6204C3 ?
--00000000 (LOADER.NLM|KernelAddressSpace+0)
--00000000 (LOADER.NLM|KernelAddressSpace+0)
--04306B1C ?
--8705060E ?
--2B621004 ?
9B8E36B2 (PROXY.NLM|IPTunnelUDPProcessReply+1D2)
--04306B1C ?
--00000000 (LOADER.NLM|KernelAddressSpace+0)
--928ED064 ?
--00000DB4 (LOADER.NLM|KernelAddressSpace+DB4)
--928EDE18 ?
--0000001C (LOADER.NLM|KernelAddressSpace+1C)
--8C7EF000 ?
--0000022C (LOADER.NLM|KernelAddressSpace+22C)
--0001FFFF (LOADER.NLM|BIOSDriveCount+5EFB)
00365D01 (SERVER.NLM|CallAESRoutineWithEsiSet+9)
--2B621004 ?
--0D550EE6 ?
--9D6AC100 ?
9B90EE40 (PROXY.NLM|CallrsCallBacks+0)
9B90EE80 (PROXY.NLM|CallrsCallBacks+40)
--2B621004 ?
00365C72 (SERVER.NLM|StartWorkToDo+23)
--2B621004 ?
--0D550EE6 ?
--9D6AC100 ?
--00000000 (LOADER.NLM|KernelAddressSpace+0)
--00000000 (LOADER.NLM|KernelAddressSpace+0)
002179AA (SERVER.NLM|WorkerThread+4F6)
--2B621004 ?
--00000000 (LOADER.NLM|KernelAddressSpace+0)
--8F11F500 ?
--00000000 (LOADER.NLM|KernelAddressSpace+0)
--8F11F500 ?
00224938 (SERVER.NLM|TcoNewSystemThreadEntryPoint+40)
--8F11F500 ?
--00000000 (LOADER.NLM|KernelAddressSpace+0)
--00000000 (LOADER.NLM|KernelAddressSpace+0)
--00000000 (LOADER.NLM|KernelAddressSpace+0)
--00000000 (LOADER.NLM|KernelAddressSpace+0)
--00007F80 (LOADER.NLM|KernelAddressSpace+7F80)
--00000000 (LOADER.NLM|KernelAddressSpace+0)
--8BDE302C ?
0036BADE (SERVER.NLM|SwitchStacksAndCall+44)
--FE00C000 (LOADER.NLM|OSAllocMemory+C000)
--8BDE9F28 ?
--00002008 (LOADER.NLM|KernelAddressSpace+2008)
--34343434 ?
--00007F80 (LOADER.NLM|KernelAddressSpace+7F80)
--00000000 (LOADER.NLM|KernelAddressSpace+0)
--8BDE302C ?
0036BADE (SERVER.NLM|SwitchStacksAndCall+44)
--FE00C000 (LOADER.NLM|OSAllocMemory+C000)
--8BDE9F28 ?
--00002008 (LOADER.NLM|KernelAddressSpace+2008)
--34343434 ?
--65657246 ?
--65657246 ?
--65657246 ?
--65657246 ?
--65657246 ?
--65657246 ?
--65657246 ?
--34343434 ?
--65657246 ?
--65657246 ?
--65657246 ?
--65657246 ?
--65657246 ?
--65657246 ?
--65657246 ?
--65657246 ?

Proxy.cfg:
; revision 27, Craig Johnson, oct. 30, 2006
; http://www.craigjconsulting.com
;
; settings for patched BM 3.7 and 3.8 servers (Should be fine with earlier
; versions, though some settings will do nothing if the version of proxy
; doesn't support them). This version includes settings through bm38fp3b.
; You can patch BorderManager 3.5 and 3.6 with certain portions
; of BorderManage 3.7 patches - see tip #1 at www.craigjconsulting.com

; See Novell TID 10059667 for documentation on many of these options.

; Depending on your BorderManager version and patch level, many of
; these settings may be at the default values.

; New section for http tunneling control added after BM38SP2A patch
; See the readme in that, and later, patches for explanation of this
; feature, which relates to security. The setting here is the most
; secure (disables tunneling on all ports, except port 443)
;

[Tunneling]
; this entry allows you to control the ports being tunneled.
; Set the value to 1 to enable control, 0 to disable it.
; You will have to add port number entries for any non-standard port
; number used in HTTPS URL's to make them work through proxy if this
; feature is enabled. This feature definitely affects transparent
; proxy ability to tunnel HTTPS.
; If =1, and you try to connect using HTTPS to a port other than
; 443, as in NRM for instance (port 8009), you will get an
; error message in the browser.
EnableTunnelingControl=0

; this entry allows you to log denied tunneling requests to
; sys:etcproxytunnel.log. =0 disables logging, =1 enables it.
EnableTunnelingControlLog=1

[HttpTunnelingAllowed]
; the example entries below allow ports 443, 444 (often specified
; for SSL Proxy Authenticaiton, 8009 (for NRM), 2200 (Apache Web Manager
; and 52443 (for iFolder) to be tunneled. Port 443 is enabled by default.
;port<x>=<port #>
port1=8009
port2=52443
port3=2200
; use 444 for ssl proxy authentication
port4=444
; allow 1494 thru for Citrix apps in browsers
port5=1494
; allow 1863 (Pidgin to MSN)
port6=1863

;
; New section (from BM38SP2A) allowing webwasher to be used as an upstream
proxy
; See latest patch readme for instructions on this.
;[X-Authenticated-User]
;EnableXAuthenticatedUserHTTPHeader = 1
;LDAPServer=x.x.x.x
;LdapTypeUserName=1
;
[BM Cookie]
BM_Forward_Cookie=0
;
[HTTP Streaming]
;The line below fixes the HTTP streaming bug,
;but breaks WindowsUpdate, unless using proxy dated 2003 or later.
; You should have persistent connections enabled in NWADMN32, BorderManager
; Setup, HTTP Proxy Details.
ResetOriginServerConnAfterClientReset=1

[TransparentHTTPS]
;Next entry allows later versions of Transparent Proxy to listen on
HTTPS/SSL
HTTPSPort1=443

[Object Cache]
cut thru no CLH length=0


[Extra Configuration]
;From the BM38SP4_IR4 patch. Re-enable scheduled downloads. If you have
some sort of memory leak,
;disable this setting (=0). If you want to allow scheduled downloads or
use Option 22 on the
; proxy console screen, you need to enable (=1) this setting with the IR4
or later patches.
;EnableScheduledDownload=1

;Will pass thru HTTP 1.1 content with out touching it. Because
BorderManager is not
;fully http1.1 compatible, this switch may fix issues you are having with
http 1.1 sites.
;Major code improvements in this area were made starting with BM38SP5.
SendHTTP11Request=1

;From the post-BM38SP4 patch BM38SP4_IR4.EXE, if FTP to a remote WinFTP
server using
;BorderManager fails, use the following
;EnableSendListBeforeData=1

;From the post-BM38SP4 patch BM38SP4_IR4.EXE, this setting moves the
(annoying)
;ICP Parent Down messages from the console prompt to the ICP Statistics
window.
;noIcpParentDownAlert=1

; From the post-BM38SP3 patch BM38SP3_ir1.exe, this setting allows notice
of grace
; login / password expiration for SSL Proxy authentication
GraceLoginNotification=1

; From the post-BM38SP3 patch BM38SP3_ir1.exe, this setting allows user
names to show
; in the extended logs.
LogUserNameInExtendedLog=1

; Starting with the BM38FP3E/BM37FP4E patches, allow notification of
; expired password/grace logins in SSL Proxy Authentication
GraceLoginNotification=1

; Starting with the BM38FP3E/BM37FP4E patches, fix user names not showing
; up in extended logs
LogUserNameInExtendedLog=1

; From the BM38FP3C patch, fixes malformed CONNECT request
; sent to back end web server
; (lower case N needed for at least some proxy versions)
NoDummySlashUpstream=1
noDummySlashUpstream=1

; From the BM38FP3C/BM37FP4D patch, fixes 403 forbidden errors
; randomly generated after installing bm37sp3
DonotSendIPToACL =1

; New addition from BM38FP3B/BM37FP4D, allowing custom logout page
; when you logout through http://x.x.x.x:1959/cmd/BM-Logout
CustomErrorPages=1

; New additiom from BM37FP4D, to avoid data read Timeout
; errors (HTTP 504 Gateway Timeout), when you
; post large files to remote WebAccess server
; (=1 turns on this feature, but may cause other problems)
SupportLargePostRequest=0

; This entry works only for BorderManager 3.8, enabling Nsure Audit
logging for proxies
; When Nsure audit logging is enabled, you should disable common, extended
and indexed logging
;EnableNsureAuditLogging=1
;
; Next entry (for proxycfg.dll version from Jan 7, 2004 or later) allows
generic
; proxy to use port 25, to replace Mail Proxy
;AllowGTCPProxyToUsePort25=1
;
; Next entry (for proxy version SMTP1, Jan 7, 2004 or later) allows
; a custom banner to be displayed in a SMTP HELO (mail proxy)
;BM_SMTP_Banner="This is a test BM SMTP Banner.Any unauthorized use of
this software would lead to legal action against the user."
;
; This entry (requires BM37FP3D or later to work) is supposed to help
proxy unload cleanly and quickly
ResBadAddressLoopBreak=1
;
; Next entry (from BM37FP3 patch) fixes caching issue with multiple
browsers on one PC
DonotCache4ContEncoding=1
;
; Next entry (from BM37Sp2) attempts to fix problems with proxy not
unloading
SCacheDestroyYieldInterval=200
;
; Next entry (from BM37Sp2) fixes problem browsing certain web sites
DoNotSendExtraCRLF = 1
;
; Next entry (from BM37Sp2) fixes problem browsing certain web sites
EnableIncomplete302ResponseFix = 0
;
; Next entry fixes a potential ABEND in BM37SP1
EnableHTTPSLogging=0
;
; Next entry prevents Macintosh tunneling to bypass rules
AllowHTTPTunneling=0
;
; Next entry fixes Macintosh SSL Proxy authentication problem
new302Redirect=1
;
DoNotCacheWhenCookieFound=1
;
; (Changed from Rev. 25 and earlier) If you have a problem with certain
web sites loading
; very slowly, showing broken links and occasional '500 internal server'
proxy errors, this
; setting may fix that.
PassContentLength=1
;
IgnoreContentLength=1
;
IgnoreContentLengthCheck=1
;
OC_IgnoreContentLengthFlag=1
;
AckWithNoDataOnSYN=1
;
; The following option prevents many abends
IgnoreDuplicateChill=1
;
RestartTimeoutAfterEverySend=1
;
EnableICSPassThruFix=1
;
TurnOffPersistantPassThru=1
;
EnableNoCachePassThru=1
;
TransparentProxySupportsVirtualServers=1
;
DiscardAcceptRanges=1
;
AllowSecond220Respond=1
;
CodeRedWorkAround=1
;
UseSimplifiedErrorPage=0
;
ResolveProxyIPAddress=0
;
ScanVirusPatterns=1
;
; If this is =0, requests without a domain name
; will have the server's domain name appended
DoNotCreateFullyQualifiedHostNames=1
;
HTTPSAuthenticationSwitch=0
;
; following line should cause proxy to unload
; without saving cache memory to disk
DoNotSaveMemoryCacheDuringUnload=1
;
Line_Terminator=CR
;
; New feture from BM38FP3A patch, to help control spam
; via mail proxy
EnableAntispamFeature=1
;
; Next two entries are for BM37SP1 or later servers and deal
; with terminal services cookie-based authentication
; Uncomment to use that feature (see patch readme)
; Note: Terminal services authentication does not work if
; you configure the browser not to proxy requests to the
; BorderManager server IP address (or to the entire local
; subnet, including the BorderManager address).
;EnableTerminalServerAuthentication=1
;RedirectHTTPSRequest=1
;
;
; Next sections about 'authentication' are for BM37SP1 or
; later servers and deal with terminal services
; cookie-based authentication
;[Authentication Subnets]
;PrivateSubnet1=10.0.0.0/255.0.0.0
;PrivateSubnet2=10.4.5.100/255.255.252.0
;PrivateSubnet3=164.99.145.98/255.255.252.0

;[Authentication Ranges]
;PrivateRange1=100.25.4.5-100.25.4.60
;PrivateRange2=20.1.1.1-20.4.5.25
;
;[Authentication Addresses]
;PrivateAddr1=24.0.4.5
;PrivateAddr2=45.3.45.6
;PrivateAddr3=44.5.6.8
;
; Next sections are for Mail Proxy.
; If you have Mail Proxy in BorderManager 3.8, you
; can use multiple (internal) mail domain support.
; If you have earlier versions, you can only have
; a single mail domain.
;
; Next Section is for Mail Proxy on BorderManager 3.7 or earlier
;[BM Mail Proxy]
;BM_Domain=yourdomain.com
;BM_Incoming_Relay=0
;BM_Proxy_Domain=servername.yourdomain.com


; Next section is for Mail Proxy on BorderManager 3.8 with
; and multiple domain support. Use your smtp server IP address(es)
; and domain names. See the additional commands for antispam
; and exceptions in the [ExtraConfiguration] section, for BM38FP3B
; and later patches.
;[Multiple Domain Support]
;MultiDomain1=192.168.10.250/yourdomain.com
;MultiDomain2=192.168.10.250/yourdomain2.com


; Next section, from BM38FP3A, controls spam through Mail Proxy, if
; EnableAntispamFeature=1 is set in the extraconfiguration section
; Following are the *exception list* for trusted domains
[Antispam Domain List]
;Examples:
;AntispamDomain1=www.cnn.com
;AntispamDomain2=www.bbc.com
; It may be useful to put your own domain in there.

; The remaining sections are essentially default settings to allow
; BorderManager and its miniwebserver to function correctly.


; NSURE Audit section comes from the BM38SP4_IR4 patch.
;[Nsure Audit]
; Enable=1
; EnableUserAgentLogging=1
; EnableErrorMessageDisplay=1
;
; Description of the above flags:
; Enable=1: Enables the Nsure Audit logging
; EnableUserAgentLogging=1: Logs the UserAgent
; information.
;
; EnableErrorMessageDisplay=1: Displays Nsure Audit
; initializaion error messages on the server
; console.




[Buffer Tracking]
Enable=0

[MiniWeb Server]
Port-Number=1959
Root-Directory=SYS:ETCPROXYDATA

[MiniWeb Server: Mime Types]
Content-Type: text/html=htm,html
Content-Type: text/plain=txt,text,cla,class
Content-Type: image/gif=gif
Content-Type: image/jpeg=jpg,jpeg,jpe,jfif,pjpeg,pjp
Content-Type: image/tiff=tiff,tif
Content-Type: image/x-xbitmap=xbm
Content-Type: video/x-msvideo=avi
Content-Type: video/quicktime=qt,mov,moov
Content-Type: video/x-mpeg2=mpv2,mp2v
Content-Type: video/mpeg=mpeg,mpg,mpe,mpv,vbs,mpegv
Content-Type: audio/x-pn-realaudio=ra,ram
Content-Type: audio/x-mpeg=mpega,mp2,mpa,abs
Content-Type: audio/x-wav=wav
Content-Type: audio/x-aiff=aif,aiff,aifc
Content-Type: application/x-ns-proxy-autoconfig=pac

[Log Format]
Delimiter-Character=space

; The virus pattern configuration section allows you to have
; the Reverse Proxy block requests with certain patterns
; in the HTML code. Most of these patterns listed below
; are for Code Red and NIMDA viruses. The proxy
; can also 'autodetect' viruses and add them to a list.
; See Novell's AppNote on this from Sept. 2002.
;

[Virus Pattern Configuration]
EnablePatternAutoUpdate=1
MaxNoOfVirusPatterns=128
NoOfVirusPatterns=28
PatternSize=16
PatternStartOffset=1
VirusPattern0=scripts/..%252f.
VirusPatternoffset10=0
VirusPatternvalue10=0
VirusPatternoffset20=0
VirusPatternvalue20=0
VirusPatternorigLength0=57
VirusPattern1=scripts/..%c1%1c
VirusPatternoffset11=0
VirusPatternvalue11=0
VirusPatternoffset21=0
VirusPatternvalue21=0
VirusPatternorigLength1=58
VirusPattern2=scripts/..%c0%2f
VirusPatternoffset12=0
VirusPatternvalue12=0
VirusPatternoffset22=0
VirusPatternvalue22=0
VirusPatternorigLength2=58
VirusPattern3=scripts/..%c0%af
VirusPatternoffset13=0
VirusPatternvalue13=0
VirusPatternoffset23=0
VirusPatternvalue23=0
VirusPatternorigLength3=58
VirusPattern4=scripts/..%%35c.
VirusPatternoffset14=0
VirusPatternvalue14=0
VirusPatternoffset24=0
VirusPatternvalue24=0
VirusPatternorigLength4=57
VirusPattern5=scripts/root.exe
VirusPatternoffset15=0
VirusPatternvalue15=0
VirusPatternoffset25=0
VirusPatternvalue25=0
VirusPatternorigLength5=33
VirusPattern6=MSADC/root.exe?/
VirusPatternoffset16=0
VirusPatternvalue16=0
VirusPatternoffset26=0
VirusPatternvalue26=0
VirusPatternorigLength6=31
VirusPattern7=d/winnt/system32
VirusPatternoffset17=0
VirusPatternvalue17=0
VirusPatternoffset27=0
VirusPatternvalue27=0
VirusPatternorigLength7=41
VirusPattern8=c/winnt/system32
VirusPatternoffset18=0
VirusPatternvalue18=0
VirusPatternoffset28=0
VirusPatternvalue28=0
VirusPatternorigLength8=41
VirusPattern9=_mem_bin/..%255c
VirusPatternoffset19=0
VirusPatternvalue19=0
VirusPatternoffset29=0
VirusPatternvalue29=0
VirusPatternorigLength9=78
VirusPattern10=_vti_bin/..%255c
VirusPatternoffset110=0
VirusPatternvalue110=0
VirusPatternoffset210=0
VirusPatternvalue210=0
VirusPatternorigLength10=78
VirusPattern11=msadc/..%255c../
VirusPatternoffset111=0
VirusPatternvalue111=0
VirusPatternoffset211=0
VirusPatternvalue211=0
VirusPatternorigLength11=106
VirusPattern12=scripts/..%%35%6
VirusPatternoffset112=0
VirusPatternvalue112=0
VirusPatternoffset212=0
VirusPatternvalue212=0
VirusPatternorigLength12=59
VirusPattern13=scripts/..%25%35%
VirusPatternoffset113=0
VirusPatternvalue113=0
VirusPatternoffset213=0
VirusPatternvalue213=0
VirusPatternorigLength13=61
VirusPattern14=scripts/..%255c..
VirusPatternoffset114=0
VirusPatternvalue114=0
VirusPatternoffset214=0
VirusPatternvalue214=0
VirusPatternorigLength14=57
VirusPattern15=scripts/..%c1%9c.
VirusPatternoffset115=0
VirusPatternvalue115=0
VirusPatternoffset215=0
VirusPatternvalue215=0
VirusPatternorigLength15=58
VirusPattern16=scripts/root.exe
VirusPatternoffset116=0
VirusPatternvalue116=0
VirusPatternoffset216=0
VirusPatternvalue216=0
VirusPatternorigLength16=81
VirusPattern17=scripts/httpodbc
VirusPatternoffset117=0
VirusPatternvalue117=0
VirusPatternoffset217=0
VirusPatternvalue217=0
VirusPatternorigLength17=30
VirusPattern18=MSADC/root.exe?/
VirusPatternoffset118=0
VirusPatternvalue118=0
VirusPatternoffset218=0
VirusPatternvalue218=0
VirusPatternorigLength18=79
VirusPattern19=MSADC/httpodbc.d
VirusPatternoffset119=0
VirusPatternvalue119=0
VirusPatternoffset219=0
VirusPatternvalue219=0
VirusPatternorigLength19=28
VirusPattern20="c/httpodbc.dll H"
VirusPatternoffset120=0
VirusPatternvalue120=0
VirusPatternoffset220=0
VirusPatternvalue220=0
VirusPatternorigLength20=24
VirusPattern21=d/winnt/system32
VirusPatternoffset121=0
VirusPatternvalue121=0
VirusPatternoffset221=0
VirusPatternvalue221=0
VirusPatternorigLength21=92
VirusPattern22="d/httpodbc.dll H"
VirusPatternoffset122=0
VirusPatternvalue122=0
VirusPatternoffset222=0
VirusPatternvalue222=0
VirusPatternorigLength22=24
VirusPattern23=scripts/..%255c.
VirusPatternoffset123=0
VirusPatternvalue123=0
VirusPatternoffset223=0
VirusPatternvalue223=0
VirusPatternorigLength23=108
VirusPattern24=scripts/.%255c..
VirusPatternoffset124=0
VirusPatternvalue124=0
VirusPatternoffset224=0
VirusPatternvalue224=0
VirusPatternorigLength24=39
VirusPattern25=scripts/..%252f.
VirusPatternoffset125=0
VirusPatternvalue125=0
VirusPatternoffset225=0
VirusPatternvalue225=0
VirusPatternorigLength25=116
VirusPattern26=scripts/..%252f.
VirusPatternoffset126=0
VirusPatternvalue126=0
VirusPatternoffset226=0
VirusPatternvalue226=0
VirusPatternorigLength26=39
VirusPattern27=default.ida?XXXX
VirusPatternoffset127=0
VirusPatternvalue127=0
VirusPatternoffset227=0
VirusPatternvalue227=0
VirusPatternorigLength27=385