How to collect user-mode crash dumps with Windows Error Reporting to help diagnose problems with Enterprise Vault
Description
If an application crashes, it is sometimes necessary to obtain a crash dump to assist in the investigation of the issue. A crash dump is a type of memory dump that can be triggered at the point of failure, so the state of the program can be saved and investigated later to find the root cause of the crash.
Starting in Windows Server 2008, Microsoft introduced a mechanism to obtain crash dumps via Windows Error Reporting (WER). It can be configured by using the LocalDumps registry key. The official documentation from Microsoft can be found here.
WER allows us to use different configuration settings per application (executable / .exe), by creating sub-keys under the LocalDumps key, named after the executable, and adding the configuration values to the sub-key. This way, we can precisely target a single executable and avoid unnecessary overhead or disk space.
Example
StorageOnlineOpns.exe is crashing and generating the following event in the Windows Application Event Log:
Log Name: Application
Source: Application Error
Event ID: 1000
Level: Error
Description:
Faulting application name: StorageOnlineOpns.exe, version: 14.4.0.1207, time stamp: 0x63f4e724
Faulting module name: SHELL32.dll, version: 10.0.14393.5980, time stamp: 0x6459bdb6
Exception code: 0xc0000409
Fault offset: 0x001a7f91
Faulting process id: 0x2b04
Faulting application start time: 0x01da0ccf7117e80f
Faulting application path: C:\Program Files (x86)\Enterprise Vault\StorageOnlineOpns.exe
Faulting module path: C:\Windows\System32\SHELL32.dll
Report Id: ea2a14f0-c3e0-40a3-8d57-f7cffed54168
Faulting package full name:
Faulting package-relative application ID:
To capture a full dump the next time StorageOnlineOpns.exe crashes, create the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\StorageOnlineOpns.exe
Then create the following values:
Name: DumpType
Type: REG_DWORD
Value: 2
Name: DumpFolder
Type: REG_EXPAND_SZ
Value: [Path to existing folder]
Note: If the DumpFolder value is not created, the path defaults to %LOCALAPPDATA%\CrashDumps for the user running the application (the vault service account typically)
Fig 1: DumpType value is set to 2 (for full dump) and DumpFolder value set to d:\dumps, and the settings apply when StorageOnlineOpns.exe crashes.
There is no need to reboot.
If another process is crashing, add that process's executable name as a sub-key of LocalDumps and then configure the desired settings in that key.
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.