[THIN] KB: CTX107717 - Using LiveKD to Save a Complete Memory Dump for Session or System Hangs - thin

[THIN] KB: CTX107717 - Using LiveKD to Save a Complete Memory Dump for Session or System Hangs

From: "Jim Kenzig http://ThinHelp.com" <jkenzig@xxxxxxxxx>
To: thin@xxxxxxxxxxxxx
Date: Thu, 22 Dec 2005 05:37:35 -0800 (PST)
CTX107717 - Using LiveKD to Save a Complete Memory Dump for Session or System 
Hangs 

This document was published at: http://support.citrix.com/article/CTX107717 
Document ID: CTX107717, Created on: Nov 2, 2005, Updated: Dec 20, 2005 
Products: Citrix MetaFrame XP 1.0 for Microsoft Windows 2000, Citrix MetaFrame 
XP 1.0 for Microsoft Windows 2003, Citrix Presentation Server 4.0 for Microsoft 
Windows 2000, Citrix Presentation Server 4.0 for Microsoft Windows 2003, Citrix 
MetaFrame Presentation Server 3.0 for Microsoft Windows 2000, Citrix MetaFrame 
Presentation Server 3.0 for Microsoft Windows 2003 
 
Symptoms
When terminal sessions hang or exhibit abnormal behavior, Citrix Technical 
Support may need a complete memory dump for analysis of the problem. However, 
this can be a problem for the customer if there are active user sessions 
because the traditional âCrashOnCtrlScrollâ (244139) method reboots the 
server.
Resolution
Use the latest version of the LiveKD tool to save a complete memory dump. Of 
course this requires an active terminal or console session to launch the 
utility. For complete system hangs use âCrashOnCtrlScrollâ method.
Use the following steps to successfully save the complete memory dump:
1. Install latest Debugging Tools for Windows to their default directory:
http://www.microsoft.com/whdc/devtools/debugging/default.mspx
2. Download LiveKD utility from:
http://www.sysinternals.com/Utilities/LiveKd.html
3. Go to the directory where you put LiveKD files and launch it:
C:\DL\LiveKd>livekd
LiveKd v3.0 - Execute i386kd/windbg/dumpchk on a live system
Sysinternals - www.sysinternals.com
Copyright (C) 2000-2005 Mark Russinovich
Symbols are not configured. Would you like LiveKd to set the _NT_SYMBOL_PATH
directory to reference the Microsoft symbol server so that symbols can be
obtained automatically? (y/n)
4. Answer y and press ENTER.
There might be a slight delay here because the symbols are being downloaded 
from Microsoft Internet Symbol Server.
Enter the folder to which symbols download (default is c:\symbols):
5. Press ENTER.
Launching C:\program files\Debugging Tools for Windows\kd.exe:
Microsoft (R) Windows Debugger Version 6.5.0003.7
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\system32\livekd.dmp]
Kernel Complete Dump File: Full address space is available
Comment: 'LiveKD live system view'
Symbol search path is: srv*c:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2003 Kernel Version 3790 UP Free x86 compatible
Product: Server, suite: Enterprise TerminalServer
Built by: 3790.srv03_rtm.030324-2048
Kernel base = 0x804de000 PsLoadedModuleList = 0x80568c08
Debug session time: Sun Feb 13 03:34:57.897 17420 (GMT+1)
System Uptime: 36 days 23:06:11.189
WARNING: Process directory table base 6A1D1000 doesn't match CR3 15324000
WARNING: Process directory table base 6A1D1000 doesn't match CR3 15324000
Loading Kernel Symbols
................................................................................
............................
Loading unloaded module list
..................................................
Loading User Symbols
..........
*** ERROR: Module load completed but symbols could not be loaded for LiveKdD.SYS
*******************************************************************************
*                                                                             *
*                         Bugcheck Analysis                                   *
*                                                                             *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 0, {0, 0, 0, 0}
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information. Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: pci!_FDO_EXTENSION                            ***
***                                                                   ***
*************************************************************************
Probably caused by : LiveKdD.SYS ( LiveKdD+12d1 )
Followup: MachineOwner
---------
kd>
6. Type the command .dump /f c:\dump.dmp.
Of course you can specify any location and file name. If you need to overwrite 
the dump use add /o switch.
kd> .dump /f c:\dump.dmp
Creating c:\dump.dmp - Full kernel dump
Percent written 0
Percent written 1
Percent written 2
Percent written 3
Percent written 4
Percent written 5
Percent written 6
Percent written 7
Percent written 8
Percent written 9
Percent written 10
Percent written 11
Percent written 12
Percent written 13
Percent written 14
Percent written 15
Percent written 16
Percent written 17
Percent written 18
Percent written 19
Percent written 20
Percent written 21
Percent written 22
Percent written 23
Percent written 24
Percent written 25
Percent written 26
Percent written 27
Percent written 28
Percent written 29
Percent written 30
Percent written 31
Percent written 32
Percent written 33
Percent written 34
Percent written 35
Percent written 36
Percent written 37
Percent written 38
Percent written 39
Percent written 40
Percent written 41
Percent written 42
Percent written 43
Percent written 44
Percent written 45
Percent written 46
Percent written 47
Percent written 48
Percent written 49
Percent written 50
Percent written 51
Percent written 52
Percent written 53
Percent written 54
Percent written 55
Percent written 56
Percent written 57
Percent written 58
Percent written 59
Percent written 60
Percent written 61
Percent written 62
Percent written 63
Percent written 64
Percent written 65
Percent written 66
Percent written 67
Percent written 68
Percent written 69
Percent written 70
Percent written 71
Percent written 72
Percent written 73
Percent written 74
Percent written 75
Percent written 76
Percent written 77
Percent written 78
Percent written 79
Percent written 80
Percent written 81
Percent written 82
Percent written 83
Percent written 84
Percent written 85
Percent written 86
Percent written 87
Percent written 88
Percent written 89
Percent written 90
Percent written 91
Percent written 92
Percent written 93
Percent written 94
Percent written 95
Percent written 96
Percent written 97
Percent written 98
Percent written 99
Dump successfully written
kd>
7. Quit LiveKD.
kd> q
quit:
Execute Kd again? (y/n) n
Exiting LiveKd.
C:\DL\LiveKd>
8. Collect the saved dump and send it.
[THIN] KB: CTX107717 - Using LiveKD to Save a Complete Memory Dump for Session or System Hangs

Other related posts:
