When I search for the files the event log mentions they are not there. Well, the bottom one is there but there's no helpful information in that file. This event was created by the Windows Error Reporting mechanism. What do I need to do in order to get my hands on the dumps so I can look at them with windbg or something?
Also, this particular event was caused because of an AppPool crashing… so not sure if I would need to do anything with IIS to get these dumps to go somewhere that I can access them?
Best Answer
You can use the Registry Editor (
regedit.exe
) to configure the dumps generated by WER when an application crashes:Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps
Create or modify the following Values:
The
DumpCount
value is the number of dumps WER will save and keep. Don't set this value too high if you are investigating for memory leaks and gather full dumpsThe
DumpFolder
value is the path to the folder you want to store the memory dump in. Depending on the crash frequency and the size of the process working sets you are capturing, you might want to use an SSD volume or similarThe
DumpType
value should be set to1
for mini dumps, or2
for full dumps