Hello All, This week I wanted to share something with you that we have started using in support when we need to generate a dump file for a crashing process. Normally we would use something like ADPlus or ProcDump, or previously Dr. Watson (back in windows 2000 and 2003). Starting with Windows Server 2008 and Windows Vista with Service Pack 1 (SP1), Windows Error Reporting (WER) can be configured so that full user-mode dumps are collected and stored locally after a user-mode application crashes. This feature is not enabled by default. Enabling the feature requires administrator privileges. Being that some sites prefer not to install additional software on their servers for this purpose, I wanted to share with you the steps to enable Windows Error Reporting:
To enable and configure the feature, use the following registry values under the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps key
All that is needed is 2 entries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\DumpFolder with a REG_EXPAND_SZ Key with the value of the folder path to store the dumps.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\DumpType with a REG_DWORD Value with the value of 2.
Here are all the options from the MSDN article. Note below you can actually fine tune what apps you wants to capture dumps for. By default It will capture all crashes
These registry values represent the global settings. You can also provide per-application settings that override the global settings.
To create a per-application setting, create a new key for your application under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps (for example, HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps\MyApplication.exe).
Add your dump settings under the MyApplication.exe key. If your application crashes, WER will first read the global settings, and then will override any of the settings with your application-specific settings.
After an application crashes and prior to its termination, the system will check the registry settings to determine whether a local dump is to be collected. After the dump collection has completed, the application will be allowed to terminate normally. If the application supports recovery, the local dump is collected before the recovery callback is called.
These dumps are configured and controlled independently of the rest of the WER infrastructure. You can make use of the local dump collection even if WER is disabled or if the user cancels WER reporting. The local dump can be different than the dump sent to Microsoft
Direct Link
http://msdn.microsoft.com/en-us/library/windows/desktop/bb787181(v=vs.85).aspx
Be sure to check back next week for even MORE great tips - and if you didnt alreay view last week's post, please be sure to go back and take a look, and register for the FREE Service Desk Migration webinar coming up soon!
Have a great week everyone!
Jon Israel
Principal Support Engineer
CA Technologies
Images used in this post: