Troubleshooting Windows Servers
 
HomeCalendarFAQSearchMemberlistUsergroupsRegisterLog in
Useful Links
Search
 
 

Display results as :
 
Rechercher Advanced Search
Latest topics
» Acquista Viagra. negozi viagra generico
Thu Aug 04, 2011 9:01 am by Guest

» Comprare Viagra. erica carnea viagra generico
Thu Aug 04, 2011 5:53 am by Guest

» how to get fans for your facebook page xf
Thu Aug 04, 2011 4:12 am by Guest

» Acquisto Viagra. scegliere viagra generico
Wed Aug 03, 2011 9:43 pm by Guest

» life of luxury video slot
Wed Aug 03, 2011 6:41 pm by Guest

» buy facebook fans f5
Wed Aug 03, 2011 5:54 pm by Guest

» Wellnigh as tatty as files
Wed Aug 03, 2011 7:24 am by Guest

» benefits of garlic
Wed Aug 03, 2011 3:41 am by Guest

» гинекологическое оборудование
Mon Aug 01, 2011 4:42 pm by Guest

Navigation
 Portal
 Index
 Memberlist
 Profile
 FAQ
 Search
Forum
Affiliates
free forum
 



Share | 
 

 Using Memory Dump Files to analyze STOP Errors

View previous topic View next topic Go down 
AuthorMessage
Admin
Admin


Posts : 35
Join date : 2008-12-16

PostSubject: Using Memory Dump Files to analyze STOP Errors   Sun Dec 21, 2008 3:40 pm

Memory dump files record detailed information about the state of your operating system when the Stop error occurred. You can analyze memory dump files manually by using debugging tools or by using automated processes provided by Microsoft. The information you obtain can help you understand more about the root cause of the problem.

You can use the Error Reporting Service to upload your memory dump file information to Microsoft. You can also use the following debugging tools to manually analyze your memory dump files:
• Microsoft Kernel Debugger (Kd.exe)
• Microsoft WinDbg Debugger (WinDbg.exe)

As an additional troubleshooting option, you can configure your system to write an entry in the System log when a Stop error occurs.

Using the Error Reporting Service
When enabled, the Error Reporting Service monitors your operating system for faults related to operating system components and applications. Using the Error Reporting Service enables you to obtain more information about the problem or condition that caused the Stop error.
When a Stop error occurs, Windows Server 2003 displays a Stop message and writes diagnostic information to the memory dump file specified on the Advanced tab of the System Properties dialog box (as described in "Configuring Memory Dump Files" earlier in this chapter). For reporting purposes, the operating system also saves a small memory dump file. The next time you start your system by using normal mode or Safe Mode with Networking and log on to Windows Server 2003 as an Administrator, the Error Reporting Service gathers information about the problem and performs the following actions.

Shutdown Event Tracker appears
The Shutdown Event Tracker, although it is not directly related to the Error Reporting Service, appears immediately after an administrator authenticates to the system after a Stop error or other unexpected shutdown. This dialog box allows the administrator to add information about the Stop error to the event. The Stop error number and parameters are automatically added to the Comment field. After the administrator clicks OK, an event with the information is added to the System log with an Event ID of 1076. The normal logon process begins after the Shutdown Event Tracker is closed.

Displays an alert
Once the desktop environment has started, the Error Reporting Service displays a dialog box stating that the system has recovered from a serious error.

Provides the option to send a problem report
You can click Send Error Report or Don't Send. You also have the option to view the data the error report contains and can even view the location of the XML file that will be transmitted to Microsoft. This XML report contains the version and language of Windows Server 2003 you are using, and a list of all devices and drivers loaded in the system at the time the Stop error occurred.
If you click Send Error Report, the Error Reporting Service anonymously sends the report, which includes the small memory dump file that was just generated and the XML report, to Microsoft by using a Secure Socket Layer (SSL) encrypted session. You might be prompted to provide additional information to complete your error report. An error report contains information about what your operating system was doing when the problem occurred. Microsoft uses error report information to improve the quality of Windows Server 2003 in the form of product updates or future software revisions.
After the report has been uploaded, you are directed to the Online Crash Analysis Web site. If available, an analysis of the Stop error is provided. Depending on the nature of the error, you might be able to track the status of the Stop error.

To enable the Error Reporting Service for Stop errors
1. In Control Panel, double-click System, and then click the Advanced tab.
2. Click Error Reporting to display the Error Reporting
3. Click Enable error reporting.
4. Make sure the Windows operating system check box is selected.

The operating system always writes a supplemental small memory dump file when a Stop error occurs. Therefore, the Error Reporting Service can send a problem report with small memory dump file information, even if you have configured your system to generate kernel or complete memory dump files.

The Group Policy Object Editor can customize the Error Reporting Service in several useful ways. One of the most useful ways to customize the Error Reporting Service is to configure it to upload error reports without prompting an administrator. Error reports can be stored on a shared folder, which is useful for analyzing errors that occur across several different servers. Administrators can then analyze errors that occur across several different servers and filter which reports are sent to Microsoft for analysis. For more information about additional reporting options provided by the Error Reporting Service, see “System and program error reporting overview” in Help and Support Center for Windows Server 2003.

Using the Online Crash Analysis Web Site

You can use the Windows Online Crash Analysis Web site to track the status of unresolved error reports uploaded to Microsoft by the Error Reporting Service.
To visit the Windows Online Crash Analysis Web site, click the Online Crash Analysis Web Site link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources. If you are using Error Reporting, the Error Reporting Service client automatically directs you to the Windows Online Crash Analysis Web site when you log on to Windows Server 2003 in normal mode or Safe Mode with Networking Information sent to Microsoft includes the following:
• System information. Includes the operating system version and language.
• Hardware data. Includes the number of processors installed and the amount of RAM available.
• Date and time information. Indicates when the Stop error event occurred.
• Stop message information. Includes the error number and additional parameters that describe the Stop error.
• List of drivers running on the system. Identifies the modules in memory when the Stop error occurred. Device driver information sent includes the file name, date, version, size, and manufacturer.
• Processor context information for the process that stopped. Includes the processor and hardware state, performance counters, multiprocessor packet information, deferred procedure call information, and interrupts.
• Kernel context information for the process that stopped. Includes offset of the directory table and the page frame number database, which describes the state of every physical page in memory.
• Kernel context information for the thread that stopped. Identifies registers, interrupt request levels, and includes pointers to operating system data structures.
• Kernel-mode call stack information for the interrupted thread. Consists of a series of memory locations and includes a pointer to the initial location.

If you need an immediate response before analysis of your dump file is complete, you can search the Microsoft Knowledge Base or submit a request to the Microsoft Product Support Services Web site. For more information about Microsoft Product Support Services, see the Microsoft Product Support Services link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.

Using Symbol Files and Debuggers
You can also analyze memory dump files by using a kernel debugger. Kernel debuggers are primarily intended to be used by developers for in-depth analysis of application behavior. However, kernel debuggers are also useful tools for administrators who are troubleshooting Stop errors. In particular, kernel debuggers can be used to analyze memory dump files after a Stop error has occurred.

A debugger is a program that enables users with the Debug programs user right (by default, only the Administrators group) to step through software instructions, examine data, and check for certain conditions. The following are two examples of kernel debuggers that you can obtain from Microsoft.

Kernel Debugger
Kernel Debugger (Kd.exe) is a command-line debugging tool that you can use to analyze a memory dump file written to disk when a Stop message occurs. Kernel Debugger requires that you install symbol files on your system.

WinDbg Debugger
WinDbg Debugger (WinDbg.exe) provides functionality similar to Kernel Debugger, but uses a GUI interface.
Both tools enable users with the Debug programs user right to analyze the contents of a memory dump file and debug kernel-mode and user-mode programs and drivers. Kernel Debugger and WinDbg Debugger are just a few of the many tools included in the Debugging Tools for Windows installation.
The rest of this section will discuss WinDbg usage.

Using WinDbg to Troubleshoot Stop Errors
To use WinDbg to analyze a crash dump, first install the debugging tools. Go to the Debugging Tools link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources and follow the instructions on the Microsoft Debugging Tools Web site.
To gather the most information from a memory dump file, provide the debugger access to symbol files. Symbol files enable the debugger to match memory addresses to human-friendly module and function names. The simplest way to provide the debugger access to symbol files is to configure the debugger to access the Microsoft Internet-connected symbol server.

To configure the debugger to use the Microsoft symbol server
1. Click the Start button, point to All Programs, point to Debugging Tools for Windows, and then click WinDbg.
2. On the File menu, click Symbol File Path.
3. In the Symbol path box, type: SRV*localpath*http://msdl.microsoft.com/download/symbols
where localpath is a path on the hard disk that the debugger will use to store the downloaded symbol files. The debugger will automatically create localpath when you analyze a dump file. For example, to store the symbol files in C:\Websymbols, set the symbol file path to SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols.
Alternatively, you can download the symbol files to your system for debugging when you have disconnected from the Internet.

To download symbol files for offline use
1. Go to the Driver Development Kits link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.
2. Find the symbol package that matches your version and processor type. Click the link to download the symbol package.
3. Follow the on-screen instructions to install the symbol files.

Note
Debuggers do not require access to symbol files to extract the Stop error number and parameters from a memory dump file. Often, the debugger can also identify the source of the Stop error without access to symbols.


To analyze a memory dump file
1. Click the Start button, point to All Programs, point to Debugging Tools for Windows, and then click WinDbg.
2. On the File menu, click Open Crash Dump.
3. Type the location of the memory dump file, and then click Open. By default, this location is %systemroot%\memory.dmp.
4. In the Save Workspace Information dialog box, click No.
Two windows will appear. The Disassembly window shows the assembly command that was executing when the Stop error occurred. This is generally not useful for high-level troubleshooting.
5. Select the Command window.

The Command window displays feedback from the debugger and allows you to issue additional commands. When a crash dump is opened, the Command window automatically displays the output of the !analyze command. In many cases, this default information is sufficient to isolate the cause of the Stop error. For more detailed information about the Stop error, type !analyze -v in the kd box of the Command window, and then press ENTER. This command will show the Stop message, which includes a description of the Stop error and the Stop error parameters.
Back to top Go down
View user profile http://serverunleashed.forumotion.com
 
Using Memory Dump Files to analyze STOP Errors
View previous topic View next topic Back to top 
Page 1 of 1
 Similar topics
-
» You Can't Put Your Arms Around A Memory/Hurtin' [official]
» Stop The Fighting- Cornerhouse Hi Fi
» Shoot Superman!!!
» Anyone heard of Sarepta?
» Drumming Tips For Everyone

Permissions in this forum:You cannot reply to topics in this forum
Server Unleashed :: STOP Errors :: Using Memory Dump Files to analyze STOP Errors-
Jump to: