Windows OS crashes (BSOD) with a DPC_WATCHDOG_VIOLATION (133) Stop error message.
DPC_WATCHDOG_VIOLATION (133) Stop error message
Probably caused by : SYMNETS.SYS / IDSvia64.sys
The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL
Windows Server 2012-based computer with SEP (Symantec Endpoint Protection) networking components installed.
These crashes can occur when a driver hits the Deferred Procedure Call (DPC) timeout. With Symantec Endpoint Protection's (SEP) network drivers, this can occur when there are a large number of concurrent/active connections. The SEP network drivers have a connection table that tracks active network connections and when this table grows large, the drivers take longer to query information about these connections, thus reaching the DPC timeout.
This issue is fixed in Symantec Endpoint Protection (SEP) 14.3 MP1. For information on how to obtain the latest build of Symantec Endpoint Protection, see Download the latest version of Symantec software here.
Workarounds:
While the above fix should address the issue for most use cases, a DPC timeout can still be reached on extremely busy servers. For these systems, you can use SEP without the related networking components:
Other
There is a related Microsoft article and hotfix: You receive a "DPC_WATCHDOG_VIOLATION (133)" Stop error message on a Windows Server 2012-based computer
Note that the hotfix above will install on Server 2012 but not on 2012 R2 ("The update is not applicable to your computer"). But the net result of the hotfix is to add the following registry values, which can be done manually on 2012 R2:
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\
DpcWatchdogPeriod=REG_DWORD 0003a980 (hexidecimal)
DpcTimeout=REG_DWORD 00000000
The intent of these registry values is to increase the DPC Timeout that causes the crash message. With these values in place, reboot the affected machine. Crashes may no longer occur, but sluggish performance may be noted during periods of high network activity.
ESCRT-3642