Print spooler service crash case

Though there could be numerous reasons for Print Spooler service stopping unexpectedly. Sometimes, it stops as soon as you start it or it stops (crashes) when a user gives a print command.

The incident I am going to share here applies to both the aforementioned scenarios.

The first thing you should do while troubleshooting any issue is to check the System and Application event log. This is what I found in

System log

 Log Name:      System
 Source:        Service Control Manager
 Date:          12/20/2018
 Event ID:      7031
 Task Category: None
 Level:         Error
 Keywords:      Classic
 User:          N/A
 Computer:      xxxxxxxx
 Description:
 The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  
The following corrective action will be taken in 60000 milliseconds: Restart the service.

Application log

Log Name: Application
Source: Application Error
Date: 12/20/2018
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: xxxxxxxx
Description:
Faulting application name: spoolsv.exe, version: 10.0.14393.2097, time stamp: 0x5a820a92
Faulting module name: sdf2mdu.dll, version: 6.4.36.24, time stamp: 0x50f05058

 

Investigation

Find the faulting module

If you look into the event log details, you would find the faulting DLL file name in the Application Error event. In our case it is sdf2mdu.dll. It could be something else in your case.

NOTE: If the faulting module is ntdll.dll, then do not follow this troubleshooting step. NTDLL is one of the core Windows modules and should not be tampered with.

Find the printer driver associated with the module

You can google (or bing) the module name and find the manufacturer name and even the driver name. But, to get more accurate information, I recommend you to search registry under the following key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Environments 

The result should show the name of the keys with the printer driver name on the left. In the right pane, it should show you the value that you searched. This key name is your printer driver associated with the faulty module.

Find the printers using the printer driver

You can find the printers using the found driver in the Print Management Console or search again in the registry under the key:  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers

Solution

  • Find the DLL file in C: drive and rename all instances. Rename it to anything else. I usually suffix _old
  • Uninstall the driver package. It might remove the printer configuration, so might wanna note it down or back it up.
  • Find the latest version of drivers, compatible with the Operating system and install.
  • If it still has the issue, find a generic or universal driver from the same manufacturer and use that one.

 

Happy Troubleshooting!