deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-22 05:43:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
Files
7da0590489989f4e88eae9ad6fe6c0ffc941e34a
windows-itpro-docs/windows/client-management/generate-kernel-or-complete-crash-dump.md
John Liu a8680be7fe CAT Auto Pulish for Windows Release Messages - 20190910123725 (#1079) 
* Update waas-servicing-differences.md

Added two clarifications regarding Windows 10 preview updates.  I have consistently fielded questions about why they are 'missing' in people's enterprise environments.  It almost always boils down to one of these two notes: they either weren't published to WSUS or they are looking for the word 'Preview' in the title.

* Update windows/deployment/update/waas-servicing-differences.md

Looks great, thanks Johan!

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update waas-servicing-differences.md

Implement the MarkDown standard of using 1 space between the indent marker > and the [!Note] markers

* Update windows/deployment/update/waas-servicing-differences.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/deployment/update/waas-servicing-differences.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/deployment/update/waas-servicing-differences.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* Updated the document

Updated the steps in the document related to Windows Analytics Solutions.

Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4392

* Update windows/deployment/update/windows-analytics-FAQ-troubleshooting.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* Update windows/deployment/update/windows-analytics-FAQ-troubleshooting.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update autopilot-support.md

Remove redundant line (PFE was the old term for an Ecosystem PM).  And added new alias for Ecosystem PMs (after discussing all this with the Ecosystem PM managers).

* Terminology Correction

Terminology Correction

* Incorrect Command Line Arguments

According to this doc https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-command-line-options the correct command line argument for ignoring dismissable warnings is /Compat IgnoreWarning not /compat /ignore warning as specified here in the docs. Also, the same incorrect message is included in the setupdiag.exe, so when the report is generated, it is providing incorrect guidance.

* Update mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md

* Enterprise Mode schema: duplicate https usage

- Resolve duplicate use of https where both http and https was intended
- MarkDown code fence XML tag corrections
- Replace HTML `<br>` codes with NewLine
- Remove redundant space at the end of the version 2 file

Resolves #4769

* Update: NewLine changes

- Remove extraneous NewLine breaks
- Remove missed HTML `<br>` code

* Update credential-guard-manage.md

* Update event-5155.md

* Update windows-autopilot-requirements.md

Separated the Windows Autopilot deployment service and Windows Activation items into two separate rows to make it easier to read.

* Update upgrade-mbam2.5-sp1.md

* finish

* Update windows/security/threat-protection/auditing/event-5155.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/event-5155.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/event-5155.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/event-5155.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/event-5155.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/event-5155.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/event-5155.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/event-5155.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/event-5155.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/event-5155.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/event-5155.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* Update kiosk-mdm-bridge.md

* Windows Update resources: add MD code block

Description:

The list of manual regsvr32.exe commands becomes translated in other
languages, to the extent that extra words appear among the commands.
This is an attempt to mitigate this behavior in the machine translation,
by adding a MarkDown code block around the list of commands.

Proposed changes:
- Add MD code block around the long list of regsvr32.exe commands
- Remove blank space characters at the end of each line (cosmetic)

issue ticket reference or closure:
Ref. #4800 (Spanish "translation" of commands)
Ref. #3569, #3570, #3571, #3572, #3574, #3575
( [LOC] Back-Translation "regsvr32.exe [...]" )

* MetaData update: convert ^M (2x) to NewLine

- replaced Ctrl-M character with NewLine in MetaData

* Update mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* comment

* Clarify the registry key needed to set tags

* Update microsoft-defender-atp-mac-install-with-intune.md

adding troubleshooting step for common 'no license found' issue

* Add page for Audit Token Right Adjusted

* Windows/What's New: amend broken link in See Also

The first link under "See Also",
"What's New in Windows Server, version 1903" ,
is broken because it points to the wrong directory for the file
'whats-new-in-windows-server-1903' which resides in the new directory
/get-started-19/ instead of the old directory /get-started/.

This directory difference is only present in the docs.microsoft.com
pages, not on Github. The links are therefore pointing directly to the
docs.microsoft.com pages instead of being relative to the Github
directory structure.

Broken link:
https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1903

Operative link:
https://docs.microsoft.com/windows-server/get-started-19/whats-new-in-windows-server-1903

Closes #4784

* Update TOC.md

* Added multifactor unlock

Added multifactor unlock feature update using Passport for work CSP.

Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4700

* Added policies for 1803 and 1809 (1903 not out yet)

https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3912

* Fix typo

* Actually fix typos

* Windows Defender Antivirus: amend broken link

From the issue ticket
> Set-mppreference is configured with dead URL. (#4831)

- The link "Use the [Set-MpPreference][]" is broken,
  but without the empty brackets it will work as expected.
- Removing the redundant empty brackets after the next link too.

Closes #4831

* Update windows/client-management/new-policies-for-windows-10.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* Update windows/client-management/new-policies-for-windows-10.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* Update upgrading-to-mbam-25-sp1-from-mbam-25.md

* Update windows/client-management/new-policies-for-windows-10.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update windows/client-management/new-policies-for-windows-10.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update windows/client-management/new-policies-for-windows-10.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update windows/client-management/new-policies-for-windows-10.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* URL addition of OWA

Added URL for OWA attachment protection using WIP

Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3747

* Update windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Fixed text

"Automated investigation" instead of "Alert"

* Update waas-overview.md

Corrected a typo

* Update windows/deployment/update/waas-overview.md

Makes sense.

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* edit

* Update microsoft-recommended-block-rules.md

updated typo in description.

* Update windows/security/threat-protection/auditing/audit-token-right-adjusted.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* note ragarding Company Portal change

https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3843

info found here: https://blogs.technet.microsoft.com/cbernier/2018/03/08/windows-information-protection-adding-the-intune-company-portal-for-windows-as-an-exempt-app/

* Update microsoft-defender-atp-mac-install-with-intune.md

* Microsoft Defender ATP: amend copy-paste error

When using Microsoft Intune as part of the Defender ATP setup,
it will become necessary to configure some controlled folder access.
This bug looks like it could have been transferred from one of the
other pages during editing, but I could not locate it easily enough.

Anyway, the correct part of this step is to refer to
-- Controlled folder access --
exactly as the page name points to.

Thanks to jcampos79 for discovering this text-based bug.

Closes #4854

* Updated how to disable HVCI

Prior guidance to disable HVCI was outdated

* Update windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* update content of upgrade mbam2.5 sp1

* Removed bullet

Removed bullet as it was not making any sense.

* format setting

a minor format setting

* Update windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* Update windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* sample script syntax error due to ASCII codes for quotes

sample script filter syntax contained ASCII codes for single quotes instead of actual quotes, causing the Get-CimInstance commands to error out.

* Update how-windows-update-works.md: amend typo

Simple typo correction, along with a few MarkDown
codestyle corrections for MD blockquote (`>`) indenting.

- typo correction: initates -> initiates
- codestyle corrections:
  3 MarkDown blockquote indentations amended

Thanks to Jessie Gouw (jessiegouw) for reporting the typo.

Closes #4866

* Moved '.' syntax description to a separate table

* fixes #4760, broken table

The formatting was broken because a pipe character was in the wrong place. There was also an extra row due to double spacing below the table.

* Enterprise Mode schema: convert Important notes

As previously discussed in this PR, I have converted the
**Important** section headings by using their MarkDown equivalent
> [!IMPORTANT] (as well as adding the blockquote for its text content).

* Update text in windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md

Per review.

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update text in windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md

Per review.

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Spelled out acronym, fixed typo

* pull from public to private and fix warnings

* CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_20190910100213 (#1073)

* pull from public to private and fix warnings

* CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_20190910112417 (#1077)

* Cat auto publish 20190910112417 (#1081)

* Merge changes from master to live (#950)

* v 1.6

* removed a known issue

* removed references to CB, CBB

* Latest changes for publish today (#949)

* Merge from master to live (#956)

* safety checkin

* added location for group policy object

* replaced reboot w/ restart

* safety commit for some initial noodlings

* restructured to emphasize new policy; connected to TOC

* adjusting heading levels

* fixing tables

* Latest change for August 20 (#955)

* CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_20190823163336 (#980) (#981)

* CAT Auto Pulish for Windows Release Messages - 20190829112356 (#1007)

* Update deploy-the-latest-firmware-and-drivers-for-surface-devices.md

* add table

* CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_20190829102107 (#1006)

* CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_20190829175859 (#1012) (#1013)

* CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_20190830100739 (#1018) (#1019)

* CAT Auto Pulish for Windows Release Messages - 20190903135254 (#1033)

* SIEM connector: change alert notion to Detection

* update casing and redirects

* remove space json file

* fix json

* CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_20190903123340 (#1031)

* CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_20190906173611 (#1061) (#1062)

* CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_20190910100213 (#1073) (#1074)

* CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_20190910112417
2019-09-10 13:41:31 -07:00

5.4 KiB
Raw Blame History

title, description, ms.prod, ms.sitesec, ms.topic, author, ms.localizationpriority, ms.author, ms.date, ms.reviewer, manager
title description ms.prod ms.sitesec ms.topic author ms.localizationpriority ms.author ms.date ms.reviewer manager
Generate a kernel or complete crash dump Learn how to generate a kernel or complete crash dump. w10 library troubleshooting Deland-Han medium delhan 8/28/2019 dcscontentpm

Generate a kernel or complete crash dump

A system crash (also known as a “bug check” or a "Stop error") occurs when Windows can't run correctly. The dump file that is produced from this event is called a system crash dump.

A manual kernel or complete memory dump file is useful when you troubleshoot several issues because the process captures a record of system memory at the time of a crash.

Set up page files

See Support for system crash dumps for the page file size requirement for system crash dump.

Enable memory dump setting

You must be logged on as an administrator or a member of the Administrators group to complete this procedure. If your computer is connected to a network, network policy settings may prevent you from completing this procedure.

To enable memory dump setting, follow these steps:

  1. In Control Panel, select System and Security > System.

  2. Select Advanced system settings, and then select the Advanced tab.

  3. In the Startup and Recovery area, select Settings.

  4. Make sure that Kernel memory dump or Complete memory dump is selected under Writing Debugging Information.

  5. Restart the computer.

Note

You can change the dump file path by edit the Dump file field. In other words, you can change the path from %SystemRoot%\Memory.dmp to point to a local drive that has enough disk space, such as E:\Memory.dmp.

Tips to generate memory dumps

When the computer crashes and restarts, the contents of physical RAM are written to the paging file that is located on the partition on which the operating system is installed.

Depending on the speed of the hard disk on which Windows is installed, dumping more than 2 gigabytes (GB) of memory may take a long time. Even in a best case scenario, if the dump file is configured to reside on another local hard drive, a significant amount of data will be read and written to the hard disks. This can cause a prolonged server outage.

Note

Use this method to generate complete memory dump files with caution. Ideally, you should do this only when you are explicitly requested to by the Microsoft Support engineer. Any kernel or complete memory dump file debugging should be the last resort after all standard troubleshooting methods have been completely exhausted.

Manually generate a memory dump file

Use the NotMyFault tool

If you can log on while the problem is occurring, you can use the Microsoft Sysinternals NotMyFault tool. To do this, follow these steps:

  1. Download the NotMyFault tool.

  2. Select Start, and then select Command Prompt.

  3. At the command line, run the following command:

    notMyfault.exe /crash

Note

This operation generates a memory dump file and a D1 Stop error.

Use NMI

On some computers, you cannot use keyboard to generate a crash dump file. For example, Hewlett-Packard (HP) BladeSystem servers from the Hewlett-Packard Development Company are managed through a browser-based graphical user interface (GUI). A keyboard is not attached to the HP BladeSystem server.

In these cases, you must generate a complete crash dump file or a kernel crash dump file by using the Non-Maskable Interrupt (NMI) switch that causes an NMI on the system processor.

To do this, follow these steps:

Important

Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.

  1. In Registry Editor, locate the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl

  2. Right-click CrashControl, point to New, and then click DWORD Value.

  3. Type NMICrashDump, and then press Enter.

  4. Right-click NMICrashDump, and then select Modify.

  5. In the Value data box, type 1, and then select OK.

  6. Restart the computer.

  7. Hardware vendors, such as HP, IBM, and Dell, may provide an Automatic System Recovery (ASR) feature. You should disable this feature during troubleshooting. For example, if the HP and Compaq ASR feature is enabled in the BIOS, disable this feature while you troubleshoot to generate a complete Memory.dmp file. For the exact steps, contact your hardware vendor.

  8. Enable the NMI switch in the BIOS or by using the Integrated Lights Out (iLO) Web interface.

    Note

    For the exact steps, see the BIOS reference manual or contact your hardware vendor.

  9. Test this method on the server by using the NMI switch to generate a dump file. You will see a STOP 0x00000080 hardware malfunction.

Use the keyboard

Forcing a System Crash from the Keyboard

Use Debugger

Forcing a System Crash from the Debugger