Windows 2008 R2 No Crash Dumps

Question

I've been searching for a while and finding many old articles but also found one with a Regedit to enable the dumping of .dmp files, which isn't doing it.

Instructions I used are from Microsoft, Collecting User-Mode Dumps (MSDN)

According to Symantec no re-boot is required.

I created it for both: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\LocalDumps and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps.

All I get is a report.wer file. No dump. The event log is writing exceptions about every minute and about every 30 minutes the app pool dies, so I'm trying to get the details on where the problem is coming from.

Anyone know why those keys aren't working? Does the report.wer provide anything useful for me? One StackOverflow post said SOS extension and when I search for it Microsoft points me to download WinDbg which I already installed. A lot of instructions I find from 2008 and older seem out-dated.

Edit: I managed to get dump files by running the debugging tool on the server. But there's so much wrong information out there on how to get the actual code info that none of it is working.

I've tried adding the symbols path to my pdb files and I've tried

• .loadby sos clr
• .loadby sos
• !CLRStack
• !analyze -v

and all I get is wrong symbols.

Answer 1

WER won't catch crash dumps if there is no crash at all. You know that a process can exit normally, when you think it crashes.

If you do want to learn why a process exits (normally or abnormally), the most reliable way I can think of is to utilize Debug Diag (which is built specifically for IIS),

http://msdn.microsoft.com/en-us/library/ff420662.aspx

Note that you probably should use Debug Diag 2.0 at this moment, and must add Kernel32!ExitProcess and Kernel32!TerminateProcess as breakpoints.