Browse by Tags


  • Blog Post: Great power. Great responsibility.

    When it comes to the registry, administrators are given great power to manually configure Windows to suit their needs, but even slight, seemingly innocuous changes to a particular key or value can have a drastic impact on basic operations of the system, even affecting its ability to boot properly.  ...
  • Blog Post: Determining the source of Bug Check 0x133 (DPC_WATCHDOG_VIOLATION) errors on Windows Server 2012

    What is a bug check 0x133? Starting in Windows Server 2012, a DPC watchdog timer is enabled which will bug check a system if too much time is spent in DPC routines. This bug check was added to help identify drivers that are deadlocked or misbehaving.  The bug check is of type "DPC_WATCHDOG_VIOLATION"...
  • Blog Post: How To Deadlock Yourself (Don’t Do This)

    Some APIs should come with a warning in big red letters saying “ DANGER! ”, or perhaps more subtly “ PROCEED WITH CAUTION ”.  One such API is ExSetResourceOwnerPointer . Although the documentation contains an explanation of what limited activity you can do with the resource after making this call...
  • Blog Post: What Did Storport Do With My I/O?

    In a previous article I showed how to track an I/O request from the filesystem, through the class driver, and to the storage driver.  In that article I concluded with " From this data we can usually assume that the request has been sent to the disk drive and we are waiting for the disk to respond"...
  • Blog Post: Debugging Backwards: Proving root cause

    Matt Burrough here again.   On rare occasions when debugging, we'll actually know (or strongly suspect) what the root cause of a problem is at the beginning of our analysis - but we still need to investigate to confirm our assertion.   The following is a case study for an issue I worked on...
  • Blog Post: What Is In A RHS Dump File Created By Windows Error Reporting

    Hello all, East here.   I wanted to give you a hint on how to use a RHS dump to find what thread was part of the Windows Server 2008 R2 cluster RHS recovery deadlock.   First let me start off with letting you know that Windows Server 2008 R2 will create two types of user-mode dumps: 1 - A heap...
  • Blog Post: CSI Debugging - Uncovering the cause of a Server Hang

    My name is Nischay Anikar from the Escalation Engineer team in Global Escalation Services. In today’s post I’ll present a weird problem I worked through with a client. When we started to work on the problem, we found the following: Ping to the box worked. Keyboard was responding. Shares on...
  • Blog Post: Debugging a Hang at “Applying Computer Settings”

    Hi Everyone - My name is Aman. I'm an Escalation Engineer on the Microsoft GES (Global Escalation Services) team. We recently came across a critical situation where-in the following issues were reported by the customer: 1. DC login hangs at “applying computer settings” regardless of RDP or local...
  • Blog Post: Red alert! My Server is hung - what do I do?

    So you have a dump from a hung server and you’re the first person on the scene. Your IT Manager is jumping up and down, the phone is ringing off the hook and people are hovering outside your cube. It’s game time and the pressure is on!!! Now what do you do? Well take a deep breath, get a cup of...
  • Blog Post: More dump forensics, understanding !locks, in this case a filter driver problem

    Written by Jeff Dailey: Hello NTDebuggers, one of the most important things to understand in kernel debugging hung servers is the output of !locks. There can be a lot of data and it’s not always clear what is going on. One of the things I like to do in order to better understand the output is to...
  • Blog Post: Closing the Loop: CPU Spike in Winlogon.exe

    We recently dealt with an interesting issue that I would like to share, hope you enjoy. - Jason Issue Summary Customer reports that within their Citrix server farm (running on Windows Server 2003), when a user logs into or out of a session (seems more pronounced on logoff), ALL users connected...
  • Blog Post: LPC CASE2 – When things are not rosy

    Hello, this is Roy again. In this case we will discuss a scenario where tracing a hung client thread is not possible through LPC data structures and extensions. We would rather use hints from the LPC message sent about the operation that was taking place and other heuristics to arrive at possible reason...
  • Blog Post: LPC part 2 Kernel Debugger Extensions

    Hello my name is Roy, I’m an EE on the Microsoft global escalation services / CPR team. This blog is a follow on to my first LPC blog. We will be discussing debugger extensions that allow you to look at LPC related issues. Disclaimer: The purpose of this blog is to illustrate debugging techniques...
  • Blog Post: LPC (Local procedure calls) Part 1 architecture

    Hello, my name is Roy. I’m an Escalation Engineer in the CPR platforms team. I’ll be doing a four part series on LPC over the coming month. You’re sure to find this interesting. That being said let’s get started. Disclaimer: The purpose of this blog is to illustrate debugging techniques with LPC...
  • Blog Post: Where the rubber meets the road, or in this case the hardware meets the probe.

    Hi my name is Bob, I’m an Escalation engineer with the Microsoft critical problem resolution team. We had one of our readers ask how much we deal with hardware. Well in response we recently worked on an interesting problem I thought I would share with you. In this case it was interesting because it demonstrated...
  • Blog Post: How Windows Starts Up (part 1 of 4)

    Hi folks, my name is David and I’m an Escalation Engineer for Microsoft. Since Bryan wrote about How Windows Shuts Down , I thought it would be a good idea to cover How Windows Starts Up. This information applies specifically to Windows 2000, Windows XP, and Windows Server 2003. I will blog separately...
  • Blog Post: Server Hangs with Event ID: 2021 and 2022

    Hi again! This is Tate from the CPR team and I’m going to show you how to debug a Server Service hang and the sometimes dreaded Event ID: 2021 and Event ID: 2022. There is much Voodoo about troubleshooting these two events but never fear, it’s possible to debug quickly given the right approach. ...
  • Blog Post: This button doesn’t do anything!

    Hello - Matthew here again. Today I'll be discussing in detail hang scenario #1 that Tate first mentioned a few blogs posts ago . From a debugging perspective, in an ideal world an application would always provide some kind of feedback when a failure occurs. The reality is that sometimes an application...
  • Blog Post: Hung Window?, No Source?, No Problem!! Part 2

    Written by Jeff Dailey Hello, my name is Jeff, I’m a escalation engineer on the Microsoft CPR (critical problem resolution) platforms team. This blog entry is part 2 of my Hung Window?, No source?, No problem!! Part 1 blog . In this lab we will be debugging a problem involving multi threaded applications...
  • Blog Post: Hung Window?, No source?, No problem!! Part 1

    Written by Jeff Dailey Hello, my name is Jeff, I’m a escalation engineer on the Microsoft CPR Platforms team. This blog entry is a follow on for how to detect a hung window . This process and training lab is right out of our CPR Training curriculum. In order to do the lab I have prepared for you...
  • Blog Post: How Windows Shuts Down

    Hi my name is Bryan, I'm a escalation engineer on the Microsoft CPR platforms team. A common problem scenario involves shutting down Windows. When troubleshooting problems during shut down we have to look at the Winlogon.exe process which can be tricky and must be done correctly. Troubleshooting...
  • Blog Post: Detecting and automatically dumping hung GUI based windows applications..

    Written by Jeff Dailey My name is Jeff, I’m an Escalation Engineer on CPR Platforms team. Following Tate’s blog on scoping hangs I’d like discus a common category of hangs and some creative ways to track them down. I will be providing a couple of labs to go with this post that you can run and debug...
  • Blog Post: Scoping and Troubleshooting Hangs of Various Causes

    Hi again! Today I want to bring to your attention an upcoming series of posts on troubleshooting hangs and this post as a primer for understanding hangs and how we scope these scenarios. Scoping is a practice we use in troubleshooting that helps us to quickly narrow down the domain or scope...
Page 1 of 1 (23 items)