One way to help isolate the cause of this problem is to perform a clean boot. See M281770, M310353, and M316434 for information on performing a clean boot.
See the link to "STOP - 0x00000020" for general information on troubleshooting this problem.
This error typically indicates an abnormal behavior of one of the drivers installed on that system. An abnormal behavior indicates a bug in the driver software. The best thing to do is to obtain the latest drivers (If the error just started, try to identify what new software/drivers were installed on the system before this.)
Some technical details from the Windows DDK, not that useful for a network administrator:
This indicates that an asynchronous procedure call (APC) was still pending when a thread exited. The following parameters are displayed on the blue screen.
1. The address of the APC found pending during exit
2. The thread's APC disable count
3. The current IRQL
The key data item is the thread's APC disable count (Parameter 2). If this is non-zero, it will indicate the source of the problem.
The APC disable count is decremented each time a driver calls KeEnterCriticalRegion, KeInitializeMutex, or FsRtlEnterFileSystem. The APC disable count is incremented each time a driver calls KeLeaveCriticalRegion, KeReleaseMutex, or FsRtlExitFileSystem.
Since these calls should always be in pairs, this value should be zero when a thread exits. A negative value indicates that a driver has disabled APC calls without re-enabling them. A positive value indicates that the reverse is true.
If you ever see this error, be very suspicious of all drivers installed on the machine — especially unusual or non-standard drivers.
This current IRQL (Parameter 3) should be zero. If it is not, that a driver's cancellation routine may have caused this bug check by returning at an elevated IRQL. In this case, carefully note what was running (and what was closing) at the time of the crash, and note all of the installed drivers at the time of the crash. The cause in this case is usually a severe bug in a driver.
Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.
Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.