[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Blue Screen without a minidump

Posted on 2008-10-06
6
Medium Priority
?
2,343 Views
Last Modified: 2012-06-22
Our file server blue screened last Friday.  

----------------------------------------------------------------------------------------------------------------------
Event Type:      Information
Event Source:      Save Dump
Event Category:      None
Event ID:      1001
Date:            03/10/2008
Time:            4:08:34 PM
User:            N/A
Computer:      EXCH01
Description:
The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000008e (0xc0000005, 0xbf89d693, 0xaf645b3c, 0x00000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
----------------------------------------------------------------------------------------------------------------------

----------------------------------------------------------------------------------------------------------------------
Event Type:      Information
Event Source:      Save Dump
Event Category:      None
Event ID:      1005
Date:            03/10/2008
Time:            4:08:34 PM
User:            N/A
Computer:      EXCH01
Description:
Unable to produce a minidump file from the full dump file.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
----------------------------------------------------------------------------------------------------------------------

There is a MEMORY.DMP in C:\WINDOWS.

Is there an easy way to read MEMORY.DMP?
0
Comment
Question by:lrkwalkers
6 Comments
 
LVL 5

Expert Comment

by:chops_uk
ID: 22648459
0
 
LVL 4

Accepted Solution

by:
placebo69a earned 1800 total points
ID: 22648461
Hi there!
First off, you should know that figuring out what caused a crash from a memory dump is a dip into forensics and can take a lot of effort. Most people prefer to let microsoft do the dirty work for them but usually that takes a very long time and sometimes yields no result. If you are resigned to analyse the minidump yourself here's how you get started:
First of all, get microsoft's debugging tools right here. Install these on your system.
Once you have downloaded and installed these tools, go to start, all programs, Debugging Tools For Windows, Windbg. Once you open Windbg, you will presented with a blank screen. Click on File, Symbol File Path. Here you will enter the symbols path. Symbols are needed to effectively debug. Don't have symbols? Get them right here.
Enter in this path and click OK. Now, go to File, Save Workspace so that your symbols path is saved for future use. Now what you want to do is locate your memory dumps. They are usually located in %systemroot%/minidump (in my case C:/windows/minidump).

If you notice, they are usually named the date, and then a -*number* to indicate the order of minidumps that day. My example is called Mini061904-01.dmp (it happened today).

Inside of Windbg, go to File, Open Crash Dump and load the file. You will get a message to save base workspace information. Choose no.

Now you will get a debugging screen. Now it takes a little bit to run it, as the symbols have to be downloaded as they are needed.

Example: BugCheck 86427532, {1db, 2, 3, b} <--This is your stop code
The information following the bugcheck number and codes usually helps narrow down the cause of the crash, naming a file or object as the probable cause.
Use !analyze -v to get detailed debugging information on the file or object which caused the crash. The DEFAULT_BUCKET_ID in this detailed debugging information is the error header and the information immediately following it is the detailed memory stack operations before and after the crash.
Happy hunting! :)


0
 

Author Comment

by:lrkwalkers
ID: 22648466
I'll try dump check tomorrow.

placebo - I didn't get a minidump.  Can I use the same tools on the memory.dmp?
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 1

Assisted Solution

by:ashexpert4u
ashexpert4u earned 200 total points
ID: 22648538
Hi,

In simple terms-
1). Download the debugging tool called 'windbg'
2). Click on File, specify the File path (c:\windows\minidump)
3). Select an option for Open File Dump, Map the Dump File
4). This will take a while to diplay information.
Once it's done you'll be fine debugging the information.

Cheers!
0
 
LVL 1

Assisted Solution

by:ashexpert4u
ashexpert4u earned 200 total points
ID: 22648556
Hi,

Here is an URL address to download the Debugging tool from windows. Hope this helps...

http://www.microsoft.com/whdc/devtools/debugging/installx86.Mspx

Cheers!
0
 
LVL 4

Expert Comment

by:placebo69a
ID: 22675152
Yes, you can use the same tools on the larger dump. It just takes a longer time to process all those gigs of data so you need to be patient.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question