Often Administrators or System Engineers are stumped when they see exception errors and have different thoughts running in their mind as to what has caused this exception . Many ignore them and close the application window and restart the system. But this doesn’t help if the error again knocks the door.
I would say a good administrator has to understand the windows architecture to analyze the issue and troubleshoot the issue , I understand the timelines , stress, pressure but eventually if you hit the right spot , the problem gets resolved.
What is an Exception?
Exception can be caused due to different components in windows operating system.. An exception is an event which occurs during the program execution which stops the normal execution of instructions and a relevant exception handling technique will be used to handle these exceptions .Exception can be caused either by Hardware and Software
Software Exception / Application Level Exception :
When you see a software exception , it might be because of the following reasons
· Your application / driver tries to write to an read-only page.
· Every program will be assigned its own address space and if your program access memory out of assigned memory space, you could experience an exception.
· Guard-Page , this is very interesting feature provided by Microsoft which is use to monitor growing data structures and if your application tries to access the Guard-page you would see a Blue Screen or BSOD STATUS_GUARD_PAGE_VIOLATION exception
· Most famous OUT OF MEMORY Exception occurs due to applications ( managed / unmanaged )
Action To Be Taken:
Most of the time these exceptions are handled, you will see an event in event viewer followed by the module name, or a BSOD with the bug check ID, so there is not much System Engineers or administrators has little to do when they see exceptions , report the exception to the in-house development team or to external development teams.
System Administrator / System Engineer Tools :
When you see a BSOD on windows server, do not panic. BSOD doesn’t mean that the system has crashed, operating system enters stop state , it doesn’t process any instruction , it does by calling a function ( keBugCheckEx).
For memory exceptions / BSOD a relevant dump should be generated for analysis. Please follow the below link to configure the same
please do follow the below steps which will not automatically restart the server when crash occurs.
1. Right-click “My Computer” and select “Properties” on the desktop
2. Click on the “Advanced”
3. Click “Settings” in the area of “Startup and Recovery”
4. In the prompt dialog box, uncheck the “Automatically restart” in the area of “System failure”
5. Click OK
The second utility I would suggest system administrators or engineers is ADPlus , this is a console based script used to generate memory dumps and logs. This utility eases the task of administrator by using –notify switch.
ADPlus can be configured in Hang mode or Crash mode , engineers can configure ADPlus prior to the exception / error so that when an application error occurs a relevant dump will be generated under C:TempCrash_Mode_Date_Time
If you want to debug common issues like Illegal Instruction , Unknown Exception , Stack Overflow , Access Violation exceptions you can configure ADPlus tool in crash mode . There are many other exceptions which can be debugged using this tool but I am writing this document exclusively for system engineers and administrators.
Note: Start ADPlus in crash mode before the process throws exception or becomes unstable
If you are hardcore debugger and want to analyze memory stack of a process or troubleshoot 100% CPU utilization , then I would suggest using ADPlus in Hang mode which will dump complete process memory
Note: Start ADPlus in hang mode after the process / application hangs.
Please use ADPlus –help to understand the switches and try using them , its fun !
ADPlus -hang –p <PID> or ADPlus –hang –pn <processname>
ADPlus –crash –p <PID> or ADPlus –crash –pn <processname>
You can use tasklist from command prompt to get PID / Processname
Tips About ADPlus:
ADPlus is best configured for exceptions
ADPlus is a replacement for UserDump.exe
With ADPlus you can analyze multiple process using –p <PID> -p <PID> -p <PID>
Below are the screen shots of using ADPlus utility.
As a system administrators / Engineers I would suggest rather force to learn system architecture widely, this will bring more insight about the communication and you can have good hold on windows Operating system. Microsoft has and is supporting to achieve this by giving us the best tools in world.
ADPlus utility is the part of Debugging Tools For Windows package. You could download and install from below location
After you install the tools , you need to navigate to the below directory and run adplus.vbs which will pop up a warning and you need to select No and proceed.
Upon which you will see Windows Script Host window opened , Press OK and continue
You need to attach the process either in Hang mode or in Crash mode depending on the requirement
In my example , I will be using Notepad.exe . As I said earlier you can run Tasklist to find the PID of the application. And observer the command , I am using ADPlus in Crash mode, once you attach the process hit Enter
After you attach the process using ADPlus command in Crash mode to an application , the utility starts logging the information of all the threads in the process / processes.
And you would see a minimized shell window for each of the process <please check the below screen> *this window is called as debugger window. During this stage ADPlus utility is monitoring the process for crash exceptions such as ( Invalid handle, Illegal Instruction, Unknown Exception … etc ) , and the below window closes only for 2 reasons
a) Manually detaching the debugger : To manually detach the debugger and dump all the threads related to the process press CTRL +C “on the below debugger window “
b) When the above said exceptions occur.
After you hit CTRL+C the dump gets generated under “C:Program FilesDebugging Tools for Windows (x86) “ folder along with date and time, Please find the screen shot below
Alright ! , so you are done with successfully capturing the dump and now its time to involve the debuggers /Integration team or the Development team to analyze the dump
Next session I will be concentrating on Hardware Exceptions and Troubleshooting techniques.