Step by step guide to troubleshooting Blue Screen crashes (Server 2003, XP)

Hey guys, new to the site and it's my 1st question so please be patient!

I've run into the dreaded BSOD many times over the years. Usually it was after a driver change or was pretty obviously faulty hardware. However once and awhile I spend way too much time with trial and error troubleshooting when I know I should be looking at logs or dumps or those cryptic 00000000x44 type numbers that it displays.

My question to the Experts:

Can you please provide a Step by Step Guide to diagnosing and resolving BSOD crashes? I realize this is a bit vague. If the answer is OS specific I'm interested in Windows Server 2003 primarily but also XP Pro. I'm looking for something like:

Step 1 - make sure XYZ is turned on for future crashes
Step 2 - go to this folder to find the dump file and .....
Step 3 - start with the error codes. This block means it's a driver...
Step 3 - look at the 000000x44 numbers and plug them into website located at...

I know a lot of this information is a Google click or 3 away but for me, the benefit of this service is I really don't have time to chase down and compile the info myself (hence paying to have access to Experts with the knowledge in their heads).

I do have a specific crash in mind (Windows 2003 Server reboots itself once a week) and I can post more info about that but since I know BSODs will happen in my future I'd like to be armed with a clear procedure for resolving them.

If that procedure ends up being "post your log here and we'll have a look" that's Ok but I suspect there should be clues I can find myself if I know where/when/what to look at.
Who is Participating?
>What if the dump files don't help? I've read that 50% of the time it just points to Windows components that aren't really the problem <

You are absolutely correct, but for the 'right 50%' WinDbg is an excellent piece of software!

There is absolutely no need to call MS at this stage, usually between us all we'll find a solution.

If you wish to study my earlier links you'll find the guidelines that some of us use to analyse a Stop dump, it's normally quite straightforward as described in the "Windows system crashes" link above.

Bad RAM, as you intimate, is quite often the cause & would hopefully be diagnosed by WinDbg.  Most popular RAM Tester>
memtest86+  v2.11 :
This article shows you what the BSOD codes mean >>

As a first thing, you can look into the Windows 2003 Server and Win XP Pro event logs. You can access them by: start->run->eventvwr

That will contain messages with an error code which will give you more information about the error.

Another question on EE might also help:

I am also going to suggest an online scan with Kaspersky Online Scanner based at: for both the server and the winxp machine.

Hope it helps.

You are very welcome to read and use these comments for XP crash dump analysis ... they are a sample of those i compiled, to help others like yourself > 

There should be a dump of the state of your system at the time it crashed.
The dumps are normally located in c:\windows\minidump\    
or  %systemroot%\minidump\

You may need to disable auto restart:
Right click My Computer > Properties > Advanced > Startup and Recovery Settings and uncheck Automatically Restart.

If you cannot reach Windows, you can turn off the 'Automatic reboot on error' option by selecting the Advanced Options Menu at bootup.  Keep press/releasing the F8 function key and you'll reach a menu where you can select the option "Disable Automatic restart on system failure".

If you see no minidump>
Enable Minidump's in Windows XP:

"How to read the small memory dump files that Windows creates for debugging":

The !analyze -v command will probably be your most used command.

You can download windbg from this microsoft website.

A good article here>
"Windows system crashes":
Please note the comments on page 2 "Getting the debugger".

Basic but good>
Debugging Tools and Symbols: Getting Started:

clarityclarkAuthor Commented:
Thanks for the replies!  I was looking for more of a step by step answer but It sounds like what you are both saying is:

1. Make sure memory dumps are turned on
2. Check Event Log
3. Analyze the dump files
4. (this one I'm adding myself) Scan for bad memory

What if the dump files don't help? I've read that 50% of the time it just points to Windows components that aren't really the problem (some 3rd party code is asking the Windows code to do something invalid).

Then what? Is there a place that will tell me what the BSOD codes mean? For example 0000000x44 means a Stop code which typically means..... etc. etc. ??

5. Is my final step to call Microsoft? Is that a useful, worthwhile solution? Will they analyze BSOD messages and give detailed information? What cost is typically associated with this?

Building the above step by step process is really what I'm after here.
BSOD's can be caused by either hardware problems (like RAM, video card, etc) or software conflict or because of a virus (some viruses can register themselves as device drivers) and the BSOD logs/dumps might give an indication of what the problem can be.

Sometimes, it can be that due to a virus, some legitimate Windows OS driver cannot function properly and will crash the computer. The dump will normally point to the offending file and that is what we can use to analyse the problem.

Experts at EE are able to help you with analysis of the BSOD dumps and you can post a question in the appropriate categories to be helped by experts. All you need to make sure is that you can generate these dumps for analysis. I normally open these dumps in GVIM (its my favorite editor) and convert them to Hex-code which seperates the numbers and the text and it allows me to browse through the dumps without going through much binary stuff.

I have never contacted Microsoft for an analysis, so cannot comment on it.

Hope it helps.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.