Windows Troubleshooting – Special Pool

The Windows Support team has a new YouTube channel, “Windows Troubleshooting”.  The first set of videos cover debugging blue screens. In this video, Bob Golding, Senior Escalation Engineer, describes how the Special Pool Windows diagnostics tool catches drivers that corrupt memory. Bob also introduces how memory is organized in the system for allocating memory for…

0

Interpreting Event 153 Errors

Hello my name is Bob Golding and I would like to share with you a new event that you may see in the system event log.  Event ID 153 is an error associated with the storage subsystem. This event was new in Windows 8 and Windows Server 2012 and was added to Windows 7 and…

22

Hotfix to Enable Mini-Filter Performance Diagnostics With XPerf for Windows Server 2008R2

Greetings ntdebugging community, Bob here again and today I would like to let everyone know about a new feature implemented in Windows Server 2008 R2’s kernel and filter manager binaries released in knowledge base article 2666390.   Beginning with this update, a minifilter that is adversely affecting system performance can be identified in Windows 2008…

2

What Should Never Happen... Did

Hi, this is Bob Golding; I wanted to write a blog about an interesting hardware issue I ran into. Hardware problems can be tricky to isolate. I recently came across one that I thought was interesting and gave an example of how to trace code execution.  The machine executed the filler “int 3” instructions generated…

1

LUN Discovery in a Nutshell

The way the disk configuration is determined on a Windows system is by a process called “discovery”.  If the disk configuration is ISCSI or Fibre the process is very similar.  I will describe the process on each and you will see they are very similar.  To simplify things this blog will not describe multipath facilities,…

1

Understanding Storage Timeouts and Event 129 Errors

Greetings fellow debuggers, today I will be blogging about Event ID 129 messages.  These warning events are logged to the system event log with the storage adapter (HBA) driver’s name as the source.  Windows’ STORPORT.SYS driver logs this message when it detects that a request has timed out, the HBA driver’s name is used in…

11

Storport ETW Logging to Measure Requests Made to a Disk Unit

Greetings NTDEBUGGING community, Bob here again, and today I would like to let everyone know about a new feature implemented in the STORPORT.SYS binaries released in the following KB articles: ·         KB 979764 (Windows Server 2008) ·         KB 978000 (Windows Server 2008 R2)   Beginning with these new versions, it is now possible to measure…

10

Critical Device Database TIP

On a fairly regular basis, Bob Golding, our resident GES storage guru, sends out debugging tips to our group. We thought our blog readers would find value in these tips so we’re posting one here. Let us know what you think of the nugget. Thanks, Ron Introduction Hi everyone, Bob here.  Today I thought we’d…

6

Using Xperf to investigate slow I/O issues

Debuggers, Here’s another short video of the type of triage possible with Xperf, this time Bob shows us how to track down a slow I/O issue. Since I/O Manager is instrumented at IoCallDriver and IoCompleteRequest we can often use this information to diagnose a Slow I/O or SAN issue. The steps to enable the tracing…

2

How it Works: DLL Injection

  Introduction   Hi everyone, this is Bob again.  I recently worked on an issue where the interaction of two threads in Winlogon led to a bugcheck.  One thread was a Winlogon thread initializing GDI.  The interesting thing about this scenario is how the other thread ended up in this process.       What…

7