Solutions

How do I obtain a User Mode (Application or Service) Crash Dump for ProxyClient?

Solutions ID:    KB4887
Version:    2.0
Status:    Published
Published date:    01/24/2012
Updated:    05/07/2012
 

Problem Description

A ProxyClient process or the application itself has stopped responding.

It can stop responding (hang) for various reasons:
  • programming errors, resulting in deadlocks (multiple processes wait for each other to complete before resuming, resulting in no processes resuming)
  • problems in code injected into a process by security applications such as anti-virus tools
  • add-ons intended to extend the functionality of the application, but which end up causing issues/bugs instead
  • external factors such as delays or failures during attempts to access information on disks across the network 
Note: An application or process that is not responding to input is said to be hanging or frozen; an application or process that has stopped functioning correctly is said to have crashed. For troubleshooting a crash or Blue Screen of Death (BSOD),  see KB4882.

A hung or frozen application still exists in the list of running processes, but usually there is no way to restore functionality short of terminating and restarting that process. 

Resolution

First, determine which ProxyClient process has the problem by checking the Application or System event logs.
 
If logs indicate ProxyClientSvc.exe has the problem
 
ProxyClient Auto Dump Collection automatically captures and saves dumps for ProxyClientSvc.exe in the Blue Coat support folder. The folder's contents are collected by ProxyClient Data Collector (DC). For more information on the ProxyClient DC, see the ProxyClient Administration and Deployment Guide.
  1. In the Blue Coat support folder, locate the dump file.
    If there is no dump file in the support folder, verify Dr. Watson settings
  2. Upload the dump file to https://upload.bluecoat.com with your SR number. 
If logs indicate ProxyClientUI.exe has the problem
 
ProxyClient Auto Dump Collection does not automatically capture and save dumps for ProxyClientUI.exe. Use one of Blue Coat's recommended methods to collect dump files instead. 
 
Note: If ProxyClient seems to stop responding because of another application, see KB4337 to determine which component is causing the issue.

 


Collecting User Mode Dump Files 

Blue Coat recommends using the following tools to collect User Mode dump files; use the tool that applies to your operating system:
 
Using Dr. Watson (Microsoft Windows XP and Windows 2003)
 
Collect Dr. Watson dump files:
  1. In the Dr. Watson (drwtsn32.exe) folder, look for the following Dr. Watson files. They contain useful information for diagnosing the problem: 
    • The mini core dump, located in C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp    
    • The log file, located in C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log 
    If the files are there, go to step 3.
    If the files are not there, verify that Dr Watson is enabled.
  2. Reproduce the issue. 
  3. Upload user.dmp and drwtsn32.log to https://upload.bluecoat.com with your SR number. 
 
Verify Dr. Watson settings: 
  1. From the Run dialog box or a command prompt, run Dr. Watson (drwtsn32.exe).
    The Dr. Watson for Windows dialog displays.
  2. Note the paths set for the log files and dump files.
  3. For Crash Dump Type, select Mini.
  4. Click OK.
 Make Dr. Watson the default debugger: 
  1. From a command prompt, run drwtsn32 -i
  2. A message displays, indicating that Dr. Watson is the default debugger.
  3. Click OK

Set up Dr. Watson to collect full dumps (if necessary):

  1. From the Run dialog box or a command prompt, run Dr. Watson (drwtsn32.exe).
    The Dr. Watson for Windows dialog displays.
  2. For Crash Dump Type, select Full.
  3. In the Options section, select the following:
    • Dump Symbol Table
    • Dump All Thread Contexts
    • Append to Existing Log File
    • Visual Notification
    • Create Crash Dump File
  4. Click OK.
Note: Win32 server operating systems and Windows XP are set up for error reporting by default. Verify that error reporting is set up by right-clicking My Computer, and then going to Properties > Advanced Tab. Select Error Reporting. On the Error Reporting dialog, Enable error reporting, Windows operating system, and Programs should be selected. Click OK if you make any changes.
 
Using User Mode Process Dumper (Microsoft Windows XP and Windows 2003) 
 
If it is not installed already, download and install Userdump.exe:
  1. Download User Mode Process Dumper (Userdump.exe) from Microsoft Download Center: http://www.microsoft.com/en-us/download/.
  2. Unzip the folders.
  3. Go to C:\kktools\userdump8.1. 
  4. Open the folder for your processor.
  5. Run Setup.exe.
    Note: Unless you have a specific need for the feature, mark the Disable "Dump on Process Termination" option on the Terminate Mode dialog. 
    Setup.exe installs a kernel mode driver, installs the Userdump.sys file, and creates the Process Dump icon in Control Panel.
Create a dump (.dmp) file for a hanging process:
  1. Note the process ID (PID) of the hanging process.
    To obtain the PID, open Task Manager, and then click the Process tab. If the PID column is not visible, go to View > Select Columns and select PID.
  2. Open a command prompt.
  3. Navigate to the directory of Userdump.exe for your processor, such as c:\kktools\usedump8.1\x64>.
  4. Type the following command: userdump <PID>
    where <PID> is the PID you noted in step 1.
    When you run the  userdump <PID>   command, a .dmp file is generated. 
  5. Upload the dump file to https://upload.bluecoat.com with your SR number. 
Create a dump (.dmp) file for a process that shuts down with an exception:
  1. In Control Panel, double-click Process Dump.
  2. On the Exception Monitoring tab, click New, add the appropriate program name to the Monitor list, and then click OK.
    For example, add a program name such as Lsass.exe, Winlogon.exe, Mtx.exe, or Dllhost.exe.
  3. In the Monitor box, click the program name that you added in step 2, and then click Rules.
  4. Click to select Custom Rules, select the type of error that you want to trigger for the program that you added in step 2 in the Custom rules list, and then click OK.
     For example, select the Access violation (c0000005) error type.
    When the monitored program generates an access violation error message, the Userdump.exe tool starts, and then the tool creates a dump (.dmp) file in the %SystemRoot% folder.
  5. Upload the dump file to https://upload.bluecoat.com with your SR number. 
Using Task Manager (Windows Vista, Windows 2008, and Windows 7)
 
Use Windows Task Manager to create a user mode process dump file:
  1. Start Task Manager. Do one of the following:
    • Right-click an empty area of the task bar, and then click Task Manager. (In Windows 7, click Start Task Manager.)
    • Press CTRL+SHIFT+ESC.
  2. Click the Processes tab.
  3. Right-click the name of the process that you want, and then click Create Dump File.
    If you are prompted for an administrator password or confirmation, type your password or click Continue. A dump file for the process is created in C:\Users\<UserName>\AppData\Local\Temp.
    A message displays, stating that the dump file was successfully created.
  4.  Click OK. 
  5. Upload the dump file to https://upload.bluecoat.com with your SR number. 
Note: User mode and system service dump files are not located in the same place. See Collecting User-Mode Dumps: http://msdn.microsoft.com/en-us/library/bb787181%28VS.85%29.aspx.
 
Using Windows Error Reporting (Windows Vista, Windows 2008, and Windows 7)
 
Starting with Windows Server 2008 and Windows Vista with Service Pack 1 (SP1), you can configure Windows Error Reporting (WER) to collect full user-mode dumps and store them locally after a user-mode application crashes. WER does not support applications that do their own custom crash reporting, including .NET applications.
 
WER is not enabled by default; to enable it, you must have Administrator rights.
 
To enable and configure WER, use the following registry values under the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps key.
 
Value Description Type Default
Dumpfolder
The path where the dump files are to be stored. If you do not use the default path, then make sure that the folder contains ACLs that allow the crashing process to write data to the folder.
 
For service crashes, the dump is written to service specific profile folders depending on the service account used.
 
For example, the profile folder for System services is %WINDIR%\System32\Config\SystemProfile.
 
For Network and Local Services, the folder is %WINDIR%\ServiceProfiles.
REG_EXPAND_SZ %LOCALAPPDAT%/CrashDumps/
 DumpCount The maximum number of dump files in the folder. When the maximum value is exceeded, the oldest dump file in the folder will be replaced with the new dump file.  REG_DWORD 10
 DumpType
0: Custom dump
1: Mini dump
2: Full
 
REG_DWORD
 
 1
 CustomDumpFlags
Only matters if Dumptype is 0.
MINIDUMP_TYPE enumeration values.      
 
REG_DWORD
MiniDumpWithDataSegs
MiniDumpWithUnloadedModules
MiniDumpWithProcessThreadData
 
  
A Note on Global Settings and Application Settings
 
The registry values in the table above represent the global settings. You can also provide application settings that override the global settings.
 
To create an application setting, create a new key for your application under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps (for example, HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps\<MyApplication.exe>). Add your dump settings under the MyApplication.exe key. If your application crashes, WER reads the global settings first, and then overrides any of the settings with your application-specific settings.
 
After an application crashes and prior to its termination, the system checks the registry settings to determine whether a local dump is to be collected. After the dump collection is completed, the application is allowed to terminate normally. If the application supports recovery, the local dump is collected before the recovery callback is called.
 
These dumps are configured and controlled independently of the rest of the WER infrastructure. You can make use of the local dump collection even if WER is disabled or if the user cancels WER reporting. The local dump can be different from the dump sent to Microsoft.
 
Using MacOS Tools
 
To generate a plain-text crash report with a stack trace: 
  1. Open CrashReporterPrefs and set the level to Developer.
    When a service crashes, the crash reporter generates a report in /Library/Logs/DiagnosticsReport.
    When the UI crashes,  the crash reporter generates a report in <user-home>/Library/Logs/DiagnosticsReport
    (You can verify the path of the crash report in in /var/log/system.log.)
  2. Upload the report to https://upload.bluecoat.com with your SR number.  
To generate a complete core dump: 
  1. Create /cores/ if it does not exist already, and make it writable by root:wheel.
  2. Execute ulimit -c unlimited.
    A core dump file is generated in /cores/.
  3. Upload the dump file to https://upload.bluecoat.com with your SR number.  

 


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question