Iis – How to find core dumps mentioned in event log

dumpiiswindows-event-log

Event Log

When I search for the files the event log mentions they are not there. Well, the bottom one is there but there's no helpful information in that file. This event was created by the Windows Error Reporting mechanism. What do I need to do in order to get my hands on the dumps so I can look at them with windbg or something?

Also, this particular event was caused because of an AppPool crashing… so not sure if I would need to do anything with IIS to get these dumps to go somewhere that I can access them?

Best Answer

You can use the Registry Editor (regedit.exe) to configure the dumps generated by WER when an application crashes:

Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps

Create or modify the following Values:

  • DumpCount (DWORD)

The DumpCount value is the number of dumps WER will save and keep. Don't set this value too high if you are investigating for memory leaks and gather full dumps

  • DumpFolder (String)

The DumpFolder value is the path to the folder you want to store the memory dump in. Depending on the crash frequency and the size of the process working sets you are capturing, you might want to use an SSD volume or similar

  • DumpType (DWORD)

The DumpType value should be set to 1 for mini dumps, or 2 for full dumps

Related Topic