Solved

Step by step guide to troubleshooting Blue Screen crashes (Server 2003, XP)

Posted on 2009-05-14
5
846 Views
Last Modified: 2012-08-14
Hey guys, new to the site and it's my 1st question so please be patient!

I've run into the dreaded BSOD many times over the years. Usually it was after a driver change or was pretty obviously faulty hardware. However once and awhile I spend way too much time with trial and error troubleshooting when I know I should be looking at logs or dumps or those cryptic 00000000x44 type numbers that it displays.

My question to the Experts:

Can you please provide a Step by Step Guide to diagnosing and resolving BSOD crashes? I realize this is a bit vague. If the answer is OS specific I'm interested in Windows Server 2003 primarily but also XP Pro. I'm looking for something like:

Step 1 - make sure XYZ is turned on for future crashes
Step 2 - go to this folder to find the dump file and .....
Step 3 - start with the error codes. This block means it's a driver...
or
Step 3 - look at the 000000x44 numbers and plug them into website located at...

I know a lot of this information is a Google click or 3 away but for me, the benefit of this service is I really don't have time to chase down and compile the info myself (hence paying to have access to Experts with the knowledge in their heads).

I do have a specific crash in mind (Windows 2003 Server reboots itself once a week) and I can post more info about that but since I know BSODs will happen in my future I'd like to be armed with a clear procedure for resolving them.

If that procedure ends up being "post your log here and we'll have a look" that's Ok but I suspect there should be clues I can find myself if I know where/when/what to look at.
0
Comment
Question by:clarityclark
  • 2
  • 2
5 Comments
 
LVL 16

Assisted Solution

by:warturtle
warturtle earned 100 total points
ID: 24383708
As a first thing, you can look into the Windows 2003 Server and Win XP Pro event logs. You can access them by: start->run->eventvwr

That will contain messages with an error code which will give you more information about the error.

Another question on EE might also help: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_21835548.html?sfQueryTermInfo=1+10+2003+bsod+window

I am also going to suggest an online scan with Kaspersky Online Scanner based at: http://www.kaspersky.co.uk/virusscanner for both the server and the winxp machine.

Hope it helps.
0
 
LVL 27

Assisted Solution

by:Jonvee
Jonvee earned 150 total points
ID: 24384702

You are very welcome to read and use these comments for XP crash dump analysis ... they are a sample of those i compiled, to help others like yourself >

There should be a dump of the state of your system at the time it crashed.
The dumps are normally located in c:\windows\minidump\    
or  %systemroot%\minidump\

You may need to disable auto restart:
Right click My Computer > Properties > Advanced > Startup and Recovery Settings and uncheck Automatically Restart.

If you cannot reach Windows, you can turn off the 'Automatic reboot on error' option by selecting the Advanced Options Menu at bootup.  Keep press/releasing the F8 function key and you'll reach a menu where you can select the option "Disable Automatic restart on system failure".

If you see no minidump>
Enable Minidump's in Windows XP:
http://www.cakewalk.com/Support/ProblemReporter/minidump.asp

"How to read the small memory dump files that Windows creates for debugging":
http://support.microsoft.com/kb/315263

The !analyze -v command will probably be your most used command.

You can download windbg from this microsoft website.
http://www.microsoft.com/whdc/devtools/debugging/default.mspx

A good article here>
"Windows system crashes":
http://www.networkworld.com/news/2005/041105-windows-crash.html
Please note the comments on page 2 "Getting the debugger".

Basic but good>
Debugging Tools and Symbols: Getting Started:
http://www.microsoft.com/whdc/devtools/debugging/debugstart.mspx

0
 

Author Comment

by:clarityclark
ID: 24440592
Thanks for the replies!  I was looking for more of a step by step answer but It sounds like what you are both saying is:

1. Make sure memory dumps are turned on
2. Check Event Log
3. Analyze the dump files
4. (this one I'm adding myself) Scan for bad memory

What if the dump files don't help? I've read that 50% of the time it just points to Windows components that aren't really the problem (some 3rd party code is asking the Windows code to do something invalid).

Then what? Is there a place that will tell me what the BSOD codes mean? For example 0000000x44 means a Stop code which typically means..... etc. etc. ??

5. Is my final step to call Microsoft? Is that a useful, worthwhile solution? Will they analyze BSOD messages and give detailed information? What cost is typically associated with this?

Building the above step by step process is really what I'm after here.
0
 
LVL 16

Assisted Solution

by:warturtle
warturtle earned 100 total points
ID: 24440902
BSOD's can be caused by either hardware problems (like RAM, video card, etc) or software conflict or because of a virus (some viruses can register themselves as device drivers) and the BSOD logs/dumps might give an indication of what the problem can be.

Sometimes, it can be that due to a virus, some legitimate Windows OS driver cannot function properly and will crash the computer. The dump will normally point to the offending file and that is what we can use to analyse the problem.

Experts at EE are able to help you with analysis of the BSOD dumps and you can post a question in the appropriate categories to be helped by experts. All you need to make sure is that you can generate these dumps for analysis. I normally open these dumps in GVIM (its my favorite editor) and convert them to Hex-code which seperates the numbers and the text and it allows me to browse through the dumps without going through much binary stuff.

I have never contacted Microsoft for an analysis, so cannot comment on it.

Hope it helps.
0
 
LVL 27

Accepted Solution

by:
Jonvee earned 150 total points
ID: 24441630
>What if the dump files don't help? I've read that 50% of the time it just points to Windows components that aren't really the problem <

You are absolutely correct, but for the 'right 50%' WinDbg is an excellent piece of software!

There is absolutely no need to call MS at this stage, usually between us all we'll find a solution.

If you wish to study my earlier links you'll find the guidelines that some of us use to analyse a Stop dump, it's normally quite straightforward as described in the "Windows system crashes" link above.

Bad RAM, as you intimate, is quite often the cause & would hopefully be diagnosed by WinDbg.  Most popular RAM Tester>
memtest86+  v2.11 :
http://www.memtest.org/
 
This article shows you what the BSOD codes mean >>
http://aumha.org/win5/kbestop.htm

0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now