Creating user-mode crash dumps on production machine

Prabhat Tandon, Support Escalation Engineer, brings this amazing write up summarising his experience while working with one of his customers.

Recently I was troubleshooting an intermittent, hard to reproduce application crash in the production environment. We had a restriction to install debuggers. In such situation, Windows Error Reporting (WER) comes as a handy tool. Here are the settings that we need:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\ManagedCorruption.exe]

"DumpFolder"= REG_EXPAND_SZ: C:\WERDumps

"DumpCount"=dword:00000005

"DumpType"=dword:00000002

Here you need to replace the ‘ManagedCorruption’ with your executable. You can also change the path C:\WERDumps as per your preference.

We made the necessary entries on customer’s machine, but the dumps were not created when the application crashed. The same settings were working fine on other machines, but not on the production machine. What do we do now?

On further research we found that “Windows Error Reporting Service” was disabled on the machine.

Here is how you can verify:

1. Start->Run->services.msc
2. Select “Windows Error Reporting Service”.
3. Set its startup type to “Manual (Trigger Start)” : 

 

 

 

Once we enabled the service, the dumps were collected successfully.

This is particularly very useful in situations like Fatal Execution Engine error where the application doesn’t throw exceptions. So make sure that “Windows Error Reporting Service” is enabled on the machine.

 

Here is the MSDN article which speaks about Collecting User-Mode Dumps