Solved

Cannot read .dmp log. Symbols not loading.

Posted on 2008-10-02
11
826 Views
Last Modified: 2010-04-21
I am currently trying to read a .dmp file for a crash we had a couple days ago. I'm running a Dell Poweredge 2950, Windows Server 2003 R2 SP 1. Every time I try to read the file it tells me "Unable to load image \Windows\system32\ntkrnlpa.exe, Win32 error 0n2"

Then it tells me that I don't have the correct symbols loaded.

I am using this path to open windows debugger, "windbg -y c:\windows\symbols -i c:\i386 -z c:windows\minidump\mini092409-01.dmp"

I have tried using the following symbol files with no luck.
http://msdl.microsoft.com/download/symbols/packages/windows2003/Windows2003_sp1.x86.fre.rtm.symbols.exe
http://msdl.microsoft.com/download/symbols/packages/windows2003/Windows2003_sp1.x86.chk.rtm.symbols.exe
http://msdl.microsoft.com/download/symbols/packages/windows2003/Windows2003_sp1.x86.fre.rtm.SPOnly.exe
http://msdl.microsoft.com/download/symbols/packages/windows2003/Windows2003_sp1.x86.chk.rtm.SPOnly.exe
0
Comment
Question by:nstd-sts
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
11 Comments
 
LVL 4

Expert Comment

by:asrdias
ID: 22629221
point the debugger to http://msdl.microsoft.com/downloads/symbols

If you need help with the memory dump post the minidump file here I have symbols for it for sure.
0
 
LVL 4

Expert Comment

by:asrdias
ID: 22629255
Correction:

The location is: http://msdl.microsoft.com/download/symbols

0
 
LVL 1

Author Comment

by:nstd-sts
ID: 22633169
Ah, I forgot to mention this is on a system with no internet access for security reasons.
0
What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

 
LVL 4

Expert Comment

by:asrdias
ID: 22633438
You need to use Symchk then:

Copy the Windows\system32 binaries from that system into a temp forder on a system with internet access.

Then use symchk on that folder to download the symbols and bild the symbol cache that you will then use with the debugger by setting the debugger symbol path to that symbol cache folder.


Using the SymChk.exe utility to download symbols
You can use the SymChk.exe utility to verify symbols and to build a local symbol cache in a convenient, noninvasive way. The SymChk.exe utility is included with the Debugging Tools for Windows package. SymChk.exe is a command-line tool. You may want to add the folder of the Debugging Tools for Windows package to the PATH environment variable on your system so that you can access this tool easily from any command prompt.

To use the SymChk.exe utility to download symbol files for all of the components in the Windows\System32 folder, use the following command-line command:

symchk /r c:\windows\system32 /s SRV*c:\symbols\*http://msdl.microsoft.com/download/symbols

In this example: " /r c:\windows\system32 finds all symbols for files in the System32 folder and any subfolders.

" /s SRV*c:\symbols*http://msdl.microsoft.com/download/symbols specifies the symbol path to use for symbol resolution. In this case, c:\symbols is the local folder where the symbols will be copied from the symbol server.

To obtain more information about the command-line options for SymChk.exe, type symchk /? at a command prompt. Other options include the ability to specify the name or the process ID (PID) of an executable file that is running.

Cheers
0
 
LVL 1

Author Comment

by:nstd-sts
ID: 22633506
That sounds like it would be a pretty good solution. However the problem is I can't copy any information from this system to one with an internet connection due to the fact that this system is classified and copying anything from it to an unclass system is not going to happen. Blarg!!! All I want to do is look at this log file and see why the system crashed!!!!!!!!!

Any other ideas?
0
 
LVL 4

Expert Comment

by:asrdias
ID: 22633782
And that includes the memory dump it self right ?

Then you can try Remote Debugging if you can connect to that server internaly from a workstation:

Remote Debugging
Doing remote debugging using WinDbg is easy and can be done in one of a number of ways. In the following, debugging server is the debugger running on the machine where youd like to debug; debugging client is the debugger controlling the session.

Using the debugger: You need CDB, NTSD or WinDbg on the server. A WinDbg client can connect to any of CDB, NTSD and WinDbg, and vice versa. The server and client have choices of TCP and named pipes for communication protocol.
To start a server:
WinDbg server npipe:pipe=pipename (note: multiple clients can connect), or
from within WinDbg: .server npipe:pipe=pipename (note: single client can connect)
You can start multiple server sessions using multiple protocols. You can password-protect a session.

To connect from a client:
WinDbg -remote npipe:server=Server, pipe=PipeName[,password=Password]
from within WinDbg: File->Connect to Remote Session: for connection string, enter npipe:server=Server, pipe=PipeName [,password=Password]
Using remote.exe: remote.exe uses named pipes for communicating. If you use a console-based application like KD, CDB or NTSD, you could use remote.exe to do remote debugging. Note: use @q (not q) to quit the client without quitting the server.
To start a server:
Remote.exe /s cdb p <pid> test1
To connect from a client:
Remote.exe /c <machinename> test1
test1 above is the arbitrary named pipe name we chose.

Server will display who all are connected from which servers and commands executed. You can quit the server by issuing qq; or quit the client using File->Exit. Youd need to belong to the Debugger Users user group and the server has to allow remote connectivity if you want to remote-debug.



0
 
LVL 4

Expert Comment

by:asrdias
ID: 22633812
Post the version of the missing symbol and the exact binary name. Maybe I can retrive it from the public cache.
0
 
LVL 1

Author Comment

by:nstd-sts
ID: 22634361
How would I find the missing symbol and binary name? This is the first time I've ever had to deal with this stuff.
0
 
LVL 4

Accepted Solution

by:
asrdias earned 500 total points
ID: 22634446
ok.

Try the following:

Open Windbg from the Start menu programs shortcut

Goto File menu and Symbol file path and input there the symbolf file path for the symbols you have downloaded.

Goto File menu open crash dump and open the minidump.

What is the result?

Because i am guessing that as you are specifing the -i switch pointing to i386 and the kernel image there is diffrent from the one actually running it fails.

This way the debugger will look for the image on the System32 folder and should be able to find it.
Let me know how it goes...

0
 
LVL 4

Expert Comment

by:asrdias
ID: 22634535
A side note...

A minidump file does not contain as much information as a full crash dump file, but it contains enough information to perform basic debugging operations. To read a minidump file, you must have the binaries and symbol files available for the debugger. The binaries are the binaries from the system that actually created that minidump and obviously the binaries that were in execution at that point in time.

0
 
LVL 1

Author Closing Comment

by:nstd-sts
ID: 31502472
In the end I was able to open it straight from the debug program without using all the command line stuff. Looks like a driver issue that can be fixed with either a hotfix or installing SP2.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
Viewers will learn the different options available in the Backstage view in Excel 2013.
The viewer will learn how to create two correlated normally distributed random variables in Excel, use a normal distribution to simulate the return on different levels of investment in each of the two funds over a period of ten years, and, create a …

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question